################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2026-07-02 10:42:19 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.198.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879278/; classtype:trojan-activity;sid:84742378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.135.141.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879277/; classtype:trojan-activity;sid:84742377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.163.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879276/; classtype:trojan-activity;sid:84742376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.104.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879275/; classtype:trojan-activity;sid:84742375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.188.159.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879274/; classtype:trojan-activity;sid:84742374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.104.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879273/; classtype:trojan-activity;sid:84742373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.228.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879272/; classtype:trojan-activity;sid:84742372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.119.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879271/; classtype:trojan-activity;sid:84742371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.184.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879270/; classtype:trojan-activity;sid:84742370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.234.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879269/; classtype:trojan-activity;sid:84742369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.232.128.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879268/; classtype:trojan-activity;sid:84742368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.185.93.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879267/; classtype:trojan-activity;sid:84742367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.188.159.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879266/; classtype:trojan-activity;sid:84742366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.228.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879265/; classtype:trojan-activity;sid:84742365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.148.191.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879264/; classtype:trojan-activity;sid:84742364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879263)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_1995db56460e1620.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879263/; classtype:trojan-activity;sid:84742363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.36.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879261/; classtype:trojan-activity;sid:84742361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.185.93.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879262/; classtype:trojan-activity;sid:84742362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.97.70.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879260/; classtype:trojan-activity;sid:84742360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.135.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879259/; classtype:trojan-activity;sid:84742359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.216.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879258/; classtype:trojan-activity;sid:84742358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.119.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879256/; classtype:trojan-activity;sid:84742356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.183.225.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879255/; classtype:trojan-activity;sid:84742355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.249.199.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879254/; classtype:trojan-activity;sid:84742354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.31.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879253/; classtype:trojan-activity;sid:84742353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.36.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879251/; classtype:trojan-activity;sid:84742351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.209.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879252/; classtype:trojan-activity;sid:84742352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.234.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879250/; classtype:trojan-activity;sid:84742350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.107.16.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879249/; classtype:trojan-activity;sid:84742349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.16.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879248/; classtype:trojan-activity;sid:84742348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.102.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879247/; classtype:trojan-activity;sid:84742347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.135.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879246/; classtype:trojan-activity;sid:84742346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.148.191.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879245/; classtype:trojan-activity;sid:84742345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.146.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879244/; classtype:trojan-activity;sid:84742344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.216.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879243/; classtype:trojan-activity;sid:84742343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.249.199.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879241/; classtype:trojan-activity;sid:84742341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879238)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_81f4790593aec5b4.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879238/; classtype:trojan-activity;sid:84742338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.164.115.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879237/; classtype:trojan-activity;sid:84742337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.178.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879236/; classtype:trojan-activity;sid:84742336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.24.110.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879234/; classtype:trojan-activity;sid:84742334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.163.134.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879233/; classtype:trojan-activity;sid:84742333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.163.134.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879232/; classtype:trojan-activity;sid:84742332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.232.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879231/; classtype:trojan-activity;sid:84742331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.53.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879229/; classtype:trojan-activity;sid:84742329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.51.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879230/; classtype:trojan-activity;sid:84742330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.178.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879228/; classtype:trojan-activity;sid:84742328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.232.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879227/; classtype:trojan-activity;sid:84742327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.24.110.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879226/; classtype:trojan-activity;sid:84742326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.164.115.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879225/; classtype:trojan-activity;sid:84742325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.255.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879224/; classtype:trojan-activity;sid:84742324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.38.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879223/; classtype:trojan-activity;sid:84742323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.46.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879222/; classtype:trojan-activity;sid:84742322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.100.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879221/; classtype:trojan-activity;sid:84742321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.201.226.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879220/; classtype:trojan-activity;sid:84742320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.255.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879219/; classtype:trojan-activity;sid:84742319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.100.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879217/; classtype:trojan-activity;sid:84742317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.31.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879216/; classtype:trojan-activity;sid:84742316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.144.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879215/; classtype:trojan-activity;sid:84742315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.236.74.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879214/; classtype:trojan-activity;sid:84742314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.69.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879213/; classtype:trojan-activity;sid:84742313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.143.167.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879212/; classtype:trojan-activity;sid:84742312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879209)"; flow:established,from_client; content:"GET"; http_method; content:"/m6db"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879209/; classtype:trojan-activity;sid:84742309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879204)"; flow:established,from_client; content:"GET"; http_method; content:"/xzpw"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879204/; classtype:trojan-activity;sid:84742304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879203)"; flow:established,from_client; content:"GET"; http_method; content:"/v9c9"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879203/; classtype:trojan-activity;sid:84742303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879198)"; flow:established,from_client; content:"GET"; http_method; content:"/lyv"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879198/; classtype:trojan-activity;sid:84742298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879199)"; flow:established,from_client; content:"GET"; http_method; content:"/dsi5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879199/; classtype:trojan-activity;sid:84742299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.143.167.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879189/; classtype:trojan-activity;sid:84742289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.252.87.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879187/; classtype:trojan-activity;sid:84742287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.29.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879172/; classtype:trojan-activity;sid:84742272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879173)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879173/; classtype:trojan-activity;sid:84742273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879174)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879174/; classtype:trojan-activity;sid:84742274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879170)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/root"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879170/; classtype:trojan-activity;sid:84742270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879171)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/yarn"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879171/; classtype:trojan-activity;sid:84742271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879165)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/zte"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879165/; classtype:trojan-activity;sid:84742265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879166)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879166/; classtype:trojan-activity;sid:84742266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879167)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/rtk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879167/; classtype:trojan-activity;sid:84742267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879168)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879168/; classtype:trojan-activity;sid:84742268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879169)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879169/; classtype:trojan-activity;sid:84742269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879162)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879162/; classtype:trojan-activity;sid:84742262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879163)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879163/; classtype:trojan-activity;sid:84742263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.35.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879164/; classtype:trojan-activity;sid:84742264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879161)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879161/; classtype:trojan-activity;sid:84742261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879160)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879160/; classtype:trojan-activity;sid:84742260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879158)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879158/; classtype:trojan-activity;sid:84742258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879159)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879159/; classtype:trojan-activity;sid:84742259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.38.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879156/; classtype:trojan-activity;sid:84742256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.86.128.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879155/; classtype:trojan-activity;sid:84742255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.11.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879151/; classtype:trojan-activity;sid:84742251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.128.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879150/; classtype:trojan-activity;sid:84742250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879148)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.11.88.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879148/; classtype:trojan-activity;sid:84742248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879147)"; flow:established,from_client; content:"GET"; http_method; content:"/mq.xml"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.88.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879147/; classtype:trojan-activity;sid:84742247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.188.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879138/; classtype:trojan-activity;sid:84742238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879135)"; flow:established,from_client; content:"GET"; http_method; content:"/data_mipsel-uclibc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.43.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879135/; classtype:trojan-activity;sid:84742235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879132)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"141.11.88.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879132/; classtype:trojan-activity;sid:84742232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879133)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"141.11.88.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879133/; classtype:trojan-activity;sid:84742233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879134)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.ppc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"141.11.88.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879134/; classtype:trojan-activity;sid:84742234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879131)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.mips"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"141.11.88.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879131/; classtype:trojan-activity;sid:84742231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879121)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"141.11.88.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879121/; classtype:trojan-activity;sid:84742221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879122)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.88.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879122/; classtype:trojan-activity;sid:84742222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879123)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.x86"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"141.11.88.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879123/; classtype:trojan-activity;sid:84742223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879124)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.11.88.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879124/; classtype:trojan-activity;sid:84742224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879125)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.11.88.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879125/; classtype:trojan-activity;sid:84742225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879126)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.spc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"141.11.88.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879126/; classtype:trojan-activity;sid:84742226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879127)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.sh4"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"141.11.88.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879127/; classtype:trojan-activity;sid:84742227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879128)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.m68k"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"141.11.88.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879128/; classtype:trojan-activity;sid:84742228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879129)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.mpsl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"141.11.88.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879129/; classtype:trojan-activity;sid:84742229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879130)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"141.11.88.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879130/; classtype:trojan-activity;sid:84742230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.105.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879119/; classtype:trojan-activity;sid:84742219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.29.223.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879118/; classtype:trojan-activity;sid:84742218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.29.223.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879117/; classtype:trojan-activity;sid:84742217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879116/; classtype:trojan-activity;sid:84742216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879111)"; flow:established,from_client; content:"GET"; http_method; content:"/ipmiv2.xml"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879111/; classtype:trojan-activity;sid:84742211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.188.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879110/; classtype:trojan-activity;sid:84742210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879109/; classtype:trojan-activity;sid:84742209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.93.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879106/; classtype:trojan-activity;sid:84742206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.97.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879105/; classtype:trojan-activity;sid:84742205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.242.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879104/; classtype:trojan-activity;sid:84742204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.93.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879103/; classtype:trojan-activity;sid:84742203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.174.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879102/; classtype:trojan-activity;sid:84742202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.242.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879101/; classtype:trojan-activity;sid:84742201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.236.148.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879100/; classtype:trojan-activity;sid:84742200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.36.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879099/; classtype:trojan-activity;sid:84742199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.148.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879097/; classtype:trojan-activity;sid:84742197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879096)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879096/; classtype:trojan-activity;sid:84742196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.136.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879094/; classtype:trojan-activity;sid:84742194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.136.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879093/; classtype:trojan-activity;sid:84742193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879083)"; flow:established,from_client; content:"GET"; http_method; content:"/data_powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.154.43.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879083/; classtype:trojan-activity;sid:84742183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879084)"; flow:established,from_client; content:"GET"; http_method; content:"/data_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879084/; classtype:trojan-activity;sid:84742184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879085)"; flow:established,from_client; content:"GET"; http_method; content:"/data_aarch64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.154.43.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879085/; classtype:trojan-activity;sid:84742185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879086)"; flow:established,from_client; content:"GET"; http_method; content:"/data_mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.154.43.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879086/; classtype:trojan-activity;sid:84742186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879087)"; flow:established,from_client; content:"GET"; http_method; content:"/data_arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879087/; classtype:trojan-activity;sid:84742187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879088)"; flow:established,from_client; content:"GET"; http_method; content:"/data_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879088/; classtype:trojan-activity;sid:84742188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879089)"; flow:established,from_client; content:"GET"; http_method; content:"/data_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879089/; classtype:trojan-activity;sid:84742189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879090)"; flow:established,from_client; content:"GET"; http_method; content:"/data_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879090/; classtype:trojan-activity;sid:84742190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879091)"; flow:established,from_client; content:"GET"; http_method; content:"/data_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.154.43.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879091/; classtype:trojan-activity;sid:84742191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879092)"; flow:established,from_client; content:"GET"; http_method; content:"/data_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.154.43.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879092/; classtype:trojan-activity;sid:84742192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.55.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879082/; classtype:trojan-activity;sid:84742182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.92.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879081/; classtype:trojan-activity;sid:84742181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.226.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879080/; classtype:trojan-activity;sid:84742180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879078)"; flow:established,from_client; content:"GET"; http_method; content:"//arm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.22.248.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879078/; classtype:trojan-activity;sid:84742178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879079)"; flow:established,from_client; content:"GET"; http_method; content:"/peler.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"165.22.248.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879079/; classtype:trojan-activity;sid:84742179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879076)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.22.248.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879076/; classtype:trojan-activity;sid:84742176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879077)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.22.248.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879077/; classtype:trojan-activity;sid:84742177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879075)"; flow:established,from_client; content:"GET"; http_method; content:"/peler.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"165.22.248.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879075/; classtype:trojan-activity;sid:84742175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.55.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879074/; classtype:trojan-activity;sid:84742174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879071)"; flow:established,from_client; content:"GET"; http_method; content:"/bbc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.154.43.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879071/; classtype:trojan-activity;sid:84742171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.67.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879068/; classtype:trojan-activity;sid:84742168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.201.118.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879066/; classtype:trojan-activity;sid:84742166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.118.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879065/; classtype:trojan-activity;sid:84742165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.118.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879062/; classtype:trojan-activity;sid:84742162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.189.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_02; reference:url, urlhaus.abuse.ch/url/3879060/; classtype:trojan-activity;sid:84742160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.223.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879057/; classtype:trojan-activity;sid:84742157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.93.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879056/; classtype:trojan-activity;sid:84742156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.137.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879054/; classtype:trojan-activity;sid:84742154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.42.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879055/; classtype:trojan-activity;sid:84742155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.168.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879053/; classtype:trojan-activity;sid:84742153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.168.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879052/; classtype:trojan-activity;sid:84742152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.189.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879051/; classtype:trojan-activity;sid:84742151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.221.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879050/; classtype:trojan-activity;sid:84742150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.221.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879049/; classtype:trojan-activity;sid:84742149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.170.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879048/; classtype:trojan-activity;sid:84742148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.208.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879047/; classtype:trojan-activity;sid:84742147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.144.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879046/; classtype:trojan-activity;sid:84742146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.42.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879045/; classtype:trojan-activity;sid:84742145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.208.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879044/; classtype:trojan-activity;sid:84742144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.93.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879043/; classtype:trojan-activity;sid:84742143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.184.182.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879042/; classtype:trojan-activity;sid:84742142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.145.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879041/; classtype:trojan-activity;sid:84742141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.38.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879040/; classtype:trojan-activity;sid:84742140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879039)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=2a59e2df-fdea-4f99-844f-e4b4a244d394"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"8pxyyjso.doobix.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879039/; classtype:trojan-activity;sid:84742139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879038)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b9b94899-24e9-44bb-aa25-a842760bd4a5"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"zthayuyp.1x303.casino"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879038/; classtype:trojan-activity;sid:84742138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.250.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879037/; classtype:trojan-activity;sid:84742137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.229.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879036/; classtype:trojan-activity;sid:84742136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879035)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=84186b88-51bf-4d6c-9eee-ad796fb31ecd"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"i0gxyl9q.betaffiliate.marketing"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879035/; classtype:trojan-activity;sid:84742135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.40.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879034/; classtype:trojan-activity;sid:84742134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.251.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879033/; classtype:trojan-activity;sid:84742133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879032)"; flow:established,from_client; content:"GET"; http_method; content:"/files/724846695/mgvloig.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879032/; classtype:trojan-activity;sid:84742132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.184.182.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879031/; classtype:trojan-activity;sid:84742131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.244.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879030/; classtype:trojan-activity;sid:84742130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879028)"; flow:established,from_client; content:"GET"; http_method; content:"/3ba097aa-2c3d-423f-b757-ac32580b80b2"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"phcbmap.vip1xbet.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879028/; classtype:trojan-activity;sid:84742128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879029)"; flow:established,from_client; content:"GET"; http_method; content:"/10129262-2452-481f-bb8f-392907e90f17"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"uamhqvjx.abresanishahri.store"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879029/; classtype:trojan-activity;sid:84742129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879027)"; flow:established,from_client; content:"GET"; http_method; content:"/460da77f-1d92-4cf2-b5d3-fe7fcca31370"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"lwflkiar.betsoor.live"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879027/; classtype:trojan-activity;sid:84742127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.248.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879026/; classtype:trojan-activity;sid:84742126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879025)"; flow:established,from_client; content:"GET"; http_method; content:"/887e4755-f7b8-4f69-9917-73976e7e3ea5"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"jpopdwg.vip1xbet.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879025/; classtype:trojan-activity;sid:84742125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.27.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879024/; classtype:trojan-activity;sid:84742124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.135.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879023/; classtype:trojan-activity;sid:84742123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.251.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879022/; classtype:trojan-activity;sid:84742122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.249.175.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879021/; classtype:trojan-activity;sid:84742121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.15.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879020/; classtype:trojan-activity;sid:84742120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.173.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879019/; classtype:trojan-activity;sid:84742119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.27.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879018/; classtype:trojan-activity;sid:84742118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.19.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879017/; classtype:trojan-activity;sid:84742117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.19.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879016/; classtype:trojan-activity;sid:84742116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879015)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=76959cda-9e5e-497a-9f75-e1b8f95ded46"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"7ipg23zj.bet808.poker"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879015/; classtype:trojan-activity;sid:84742115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.31.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879013/; classtype:trojan-activity;sid:84742113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.173.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879014/; classtype:trojan-activity;sid:84742114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.52.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879012/; classtype:trojan-activity;sid:84742112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.189.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879011/; classtype:trojan-activity;sid:84742111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.8.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879010/; classtype:trojan-activity;sid:84742110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.46.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879009/; classtype:trojan-activity;sid:84742109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.52.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879008/; classtype:trojan-activity;sid:84742108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879007)"; flow:established,from_client; content:"GET"; http_method; content:"/ftm0-40po-ao28-g98e/img_m9agri.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"blue-paper-f69f.acrypters.workers.dev"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879007/; classtype:trojan-activity;sid:84742107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879004)"; flow:established,from_client; content:"GET"; http_method; content:"/sso.esic.gov.inesicssoappliferaylogin.jspbmctx=7cad769bfa3451be21de1f73e125d2c4fa94907f3fe40a1dce0db069c1a208e4|7c|26|7c|password=secure_string|7c|26|7c|contexttypeop.php"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"107.173.143.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879004/; classtype:trojan-activity;sid:84742104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879005)"; flow:established,from_client; content:"GET"; http_method; content:"/ent3ac"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sh.classera.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879005/; classtype:trojan-activity;sid:84742105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879006)"; flow:established,from_client; content:"GET"; http_method; content:"/128/givemebesttimeforbetterplacescomingforme.hta|3f||7c|26|7c|%d0%9b%d0%9b%d0%9b%d0%9b%d0%9b%d0%9b%d0%9b%d0%9b%d0%9b%d0%9b%d0%9b%d0%9b%d0%9b%d0%9b%d0%9b%d0%9b%d0%9b%d0%9b"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"107.173.143.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879006/; classtype:trojan-activity;sid:84742106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.176.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879003/; classtype:trojan-activity;sid:84742103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879000)"; flow:established,from_client; content:"GET"; http_method; content:"/ewoocuconomictimes.indiatimes.com.php|3f|id=newsnew-updatesindia-set-to-get-first-private-gold-mine-today-all-about-andhra-pradeshs-swarnagiri-project-that-can-produces"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"147.124.213.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879000/; classtype:trojan-activity;sid:84742100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879001)"; flow:established,from_client; content:"GET"; http_method; content:"/swihseg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acessaurl.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879001/; classtype:trojan-activity;sid:84742101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3879002)"; flow:established,from_client; content:"GET"; http_method; content:"/46/goodforbestpeoplesaroundonmybestthigns.hta|3f||7c|26|7c|%f0%9f%9d%ac%f0%9f%9d%ac%f0%9f%9d%ac%f0%9f%9d%ac%f0%9f%9d%ac%f0%9f%9d%ac%f0%9f%9d%ac"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"147.124.213.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3879002/; classtype:trojan-activity;sid:84742102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.252.221.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878999/; classtype:trojan-activity;sid:84742099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.232.34.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878998/; classtype:trojan-activity;sid:84742098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878997)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.225.135.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878997/; classtype:trojan-activity;sid:84742097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.81.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878996/; classtype:trojan-activity;sid:84742096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.92.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878995/; classtype:trojan-activity;sid:84742095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878994)"; flow:established,from_client; content:"GET"; http_method; content:"/videopad-free-for-pc/.github/archive/refs/heads/main.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878994/; classtype:trojan-activity;sid:84742094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.81.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878993/; classtype:trojan-activity;sid:84742093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.34.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878992/; classtype:trojan-activity;sid:84742092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878991)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=56156c61-4a81-460f-8ef6-b2a8da140228"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"69x4o4j5.bet808.casino"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878991/; classtype:trojan-activity;sid:84742091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.144.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878990/; classtype:trojan-activity;sid:84742090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.172.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878989/; classtype:trojan-activity;sid:84742089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.243.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878988/; classtype:trojan-activity;sid:84742088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.243.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878986/; classtype:trojan-activity;sid:84742086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878987)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_4c436927d72aed3f.msi"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878987/; classtype:trojan-activity;sid:84742087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878985)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b3d51f5c-b226-4a07-b9a6-43a851fd6025"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"xwnfpj7t.betrein.pro"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878985/; classtype:trojan-activity;sid:84742085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.172.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878984/; classtype:trojan-activity;sid:84742084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.8.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878983/; classtype:trojan-activity;sid:84742083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.126.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878982/; classtype:trojan-activity;sid:84742082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.8.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878981/; classtype:trojan-activity;sid:84742081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878980)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=a571ff30-9c75-45c3-a2d3-babc9f0d9c52"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"esjvtzn6.aloo.bet"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878980/; classtype:trojan-activity;sid:84742080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.11.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878979/; classtype:trojan-activity;sid:84742079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.244.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878978/; classtype:trojan-activity;sid:84742078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.155.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878977/; classtype:trojan-activity;sid:84742077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.7.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878976/; classtype:trojan-activity;sid:84742076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.217.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878975/; classtype:trojan-activity;sid:84742075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.115.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878974/; classtype:trojan-activity;sid:84742074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.11.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878973/; classtype:trojan-activity;sid:84742073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.147.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878972/; classtype:trojan-activity;sid:84742072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.7.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878971/; classtype:trojan-activity;sid:84742071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878970)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=79226b16-10a2-475f-84d9-cb02e3f4a875"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"91vkuxv1.enf90.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878970/; classtype:trojan-activity;sid:84742070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.217.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878969/; classtype:trojan-activity;sid:84742069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.31.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878968/; classtype:trojan-activity;sid:84742068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.97.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878967/; classtype:trojan-activity;sid:84742067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.89.167.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878966/; classtype:trojan-activity;sid:84742066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.225.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878965/; classtype:trojan-activity;sid:84742065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.250.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878964/; classtype:trojan-activity;sid:84742064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.225.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878963/; classtype:trojan-activity;sid:84742063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.145.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878962/; classtype:trojan-activity;sid:84742062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.44.145.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878961/; classtype:trojan-activity;sid:84742061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878960)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_21dee3aac891056b.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878960/; classtype:trojan-activity;sid:84742060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878959)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_19de9fd9e2506f90.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878959/; classtype:trojan-activity;sid:84742059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.180.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878958/; classtype:trojan-activity;sid:84742058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.173.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878957/; classtype:trojan-activity;sid:84742057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.220.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878956/; classtype:trojan-activity;sid:84742056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.113.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878955/; classtype:trojan-activity;sid:84742055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.173.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878954/; classtype:trojan-activity;sid:84742054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.2.248"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878953/; classtype:trojan-activity;sid:84742053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.36.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878952/; classtype:trojan-activity;sid:84742052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878951)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=dfcf517a-cdd3-417a-bb05-575ff97ef085"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"j2rfzlmu.enf90.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878951/; classtype:trojan-activity;sid:84742051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.113.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878950/; classtype:trojan-activity;sid:84742050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.2.248"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878949/; classtype:trojan-activity;sid:84742049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.147.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878948/; classtype:trojan-activity;sid:84742048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878946)"; flow:established,from_client; content:"GET"; http_method; content:"/dx.zip"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"hol.villgrow.life"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878946/; classtype:trojan-activity;sid:84742046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878944)"; flow:established,from_client; content:"GET"; http_method; content:"/dg.mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.88.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878944/; classtype:trojan-activity;sid:84742044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878945)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xeno-v1.3.55.rar"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"xeno.help"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878945/; classtype:trojan-activity;sid:84742045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878943)"; flow:established,from_client; content:"GET"; http_method; content:"/install.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"setup-code.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878943/; classtype:trojan-activity;sid:84742043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.15.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878942/; classtype:trojan-activity;sid:84742042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.15.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878941/; classtype:trojan-activity;sid:84742041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.252.69.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878940/; classtype:trojan-activity;sid:84742040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.211.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878939/; classtype:trojan-activity;sid:84742039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878938)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_c0316791e95a0e3f.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878938/; classtype:trojan-activity;sid:84742038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.211.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878937/; classtype:trojan-activity;sid:84742037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.147.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878936/; classtype:trojan-activity;sid:84742036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.232.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878935/; classtype:trojan-activity;sid:84742035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.15.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878934/; classtype:trojan-activity;sid:84742034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.242.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878932/; classtype:trojan-activity;sid:84742032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.227.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878933/; classtype:trojan-activity;sid:84742033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"98.252.87.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878931/; classtype:trojan-activity;sid:84742031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.135.141.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878930/; classtype:trojan-activity;sid:84742030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.249.119.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878929/; classtype:trojan-activity;sid:84742029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.111.110.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878928/; classtype:trojan-activity;sid:84742028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.242.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878927/; classtype:trojan-activity;sid:84742027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.149.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878926/; classtype:trojan-activity;sid:84742026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.252.69.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878925/; classtype:trojan-activity;sid:84742025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.111.110.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878924/; classtype:trojan-activity;sid:84742024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.66.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878923/; classtype:trojan-activity;sid:84742023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.234.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878922/; classtype:trojan-activity;sid:84742022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878921)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d029f24c-bc86-44fd-91d6-e187d4d947b8"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"3gk1o3xg.betoshart.live"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878921/; classtype:trojan-activity;sid:84742021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.27.11.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878920/; classtype:trojan-activity;sid:84742020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878919)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=59c45c23-9aaf-4772-90c1-f447436f6c4e"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"4l988hfr.1fabet.live"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878919/; classtype:trojan-activity;sid:84742019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878918)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b535fd63-8659-44eb-a078-c9c9178f11ed"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bfhxci6n.dancebet.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878918/; classtype:trojan-activity;sid:84742018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878917)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=60e78355-38ee-40dc-b0c6-a0f8bc4af806"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"chhtni23.dancebet.app"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878917/; classtype:trojan-activity;sid:84742017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.140.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878916/; classtype:trojan-activity;sid:84742016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.238.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878914/; classtype:trojan-activity;sid:84742014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.114.231.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878915/; classtype:trojan-activity;sid:84742015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.42.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878913/; classtype:trojan-activity;sid:84742013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.114.231.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878912/; classtype:trojan-activity;sid:84742012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.42.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878911/; classtype:trojan-activity;sid:84742011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.146.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878910/; classtype:trojan-activity;sid:84742010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.89.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878909/; classtype:trojan-activity;sid:84742009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.244.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878908/; classtype:trojan-activity;sid:84742008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.235.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878907/; classtype:trojan-activity;sid:84742007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.89.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878906/; classtype:trojan-activity;sid:84742006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.168.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878905/; classtype:trojan-activity;sid:84742005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.88.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878904/; classtype:trojan-activity;sid:84742004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.92.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878903/; classtype:trojan-activity;sid:84742003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878902)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.88.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878902/; classtype:trojan-activity;sid:84742002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878900)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.11.88.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878900/; classtype:trojan-activity;sid:84742000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878901)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.11.88.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878901/; classtype:trojan-activity;sid:84742001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878894)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.11.88.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878894/; classtype:trojan-activity;sid:84741994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878895)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.11.88.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878895/; classtype:trojan-activity;sid:84741995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878896)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.11.88.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878896/; classtype:trojan-activity;sid:84741996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878897)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.11.88.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878897/; classtype:trojan-activity;sid:84741997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878898)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.88.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878898/; classtype:trojan-activity;sid:84741998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878899)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.11.88.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878899/; classtype:trojan-activity;sid:84741999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878885)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.11.88.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878885/; classtype:trojan-activity;sid:84741985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878886)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.11.88.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878886/; classtype:trojan-activity;sid:84741986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878887)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.11.88.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878887/; classtype:trojan-activity;sid:84741987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878888)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.11.88.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878888/; classtype:trojan-activity;sid:84741988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878889)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.11.88.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878889/; classtype:trojan-activity;sid:84741989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878890)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.11.88.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878890/; classtype:trojan-activity;sid:84741990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878891)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.11.88.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878891/; classtype:trojan-activity;sid:84741991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878892)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.11.88.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878892/; classtype:trojan-activity;sid:84741992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878893)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.11.88.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878893/; classtype:trojan-activity;sid:84741993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878884)"; flow:established,from_client; content:"GET"; http_method; content:"/biba/v%d0%belti%d1%85.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"voltix-net.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878884/; classtype:trojan-activity;sid:84741984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878883)"; flow:established,from_client; content:"GET"; http_method; content:"/b/djbpo"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jsonkeeper.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878883/; classtype:trojan-activity;sid:84741983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878882)"; flow:established,from_client; content:"GET"; http_method; content:"/file/latestzoombucket/zoom.msi"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"f005.backblazeb2.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878882/; classtype:trojan-activity;sid:84741982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878880)"; flow:established,from_client; content:"GET"; http_method; content:"/decrypt.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"162.55.1.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878880/; classtype:trojan-activity;sid:84741980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878881)"; flow:established,from_client; content:"GET"; http_method; content:"/extractor.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"162.55.1.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878881/; classtype:trojan-activity;sid:84741981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878879)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_aef09c52d2cfb0e8.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878879/; classtype:trojan-activity;sid:84741979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878873)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sativac2"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.204.125.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878873/; classtype:trojan-activity;sid:84741973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878874)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.sativac2"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"85.204.125.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878874/; classtype:trojan-activity;sid:84741974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878875)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sativac2"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.204.125.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878875/; classtype:trojan-activity;sid:84741975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878876)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.sativac2"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.204.125.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878876/; classtype:trojan-activity;sid:84741976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878877)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sativac2"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"85.204.125.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878877/; classtype:trojan-activity;sid:84741977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878878)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.sativac2"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"85.204.125.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878878/; classtype:trojan-activity;sid:84741978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.88.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878872/; classtype:trojan-activity;sid:84741972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878864)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sativac2"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.204.125.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878864/; classtype:trojan-activity;sid:84741964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878865)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.sativac2"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.204.125.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878865/; classtype:trojan-activity;sid:84741965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878866)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-8.sativac2"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.204.125.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878866/; classtype:trojan-activity;sid:84741966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878867)"; flow:established,from_client; content:"GET"; http_method; content:"/mnkk"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878867/; classtype:trojan-activity;sid:84741967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878868)"; flow:established,from_client; content:"GET"; http_method; content:"/hqhc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878868/; classtype:trojan-activity;sid:84741968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878869)"; flow:established,from_client; content:"GET"; http_method; content:"/82y"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878869/; classtype:trojan-activity;sid:84741969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878870)"; flow:established,from_client; content:"GET"; http_method; content:"/xzsj"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878870/; classtype:trojan-activity;sid:84741970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878871)"; flow:established,from_client; content:"GET"; http_method; content:"/tjtb"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878871/; classtype:trojan-activity;sid:84741971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878863)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sativac2"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"85.204.125.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878863/; classtype:trojan-activity;sid:84741963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.92.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878862/; classtype:trojan-activity;sid:84741962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878861)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=47f46462-82ff-49aa-975b-98b4c223451a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"jrfrggyb.crash.promo"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878861/; classtype:trojan-activity;sid:84741961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.107.92.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878860/; classtype:trojan-activity;sid:84741960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.35.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878859/; classtype:trojan-activity;sid:84741959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878858)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_9ed873a1d14ec6de.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878858/; classtype:trojan-activity;sid:84741958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.133.125.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878857/; classtype:trojan-activity;sid:84741957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878856)"; flow:established,from_client; content:"GET"; http_method; content:"/1212.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"royalcare-sy.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878856/; classtype:trojan-activity;sid:84741956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878852)"; flow:established,from_client; content:"GET"; http_method; content:"/cross.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"royalcare-sy.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878852/; classtype:trojan-activity;sid:84741952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878853)"; flow:established,from_client; content:"GET"; http_method; content:"/respamming.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"royalcare-sy.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878853/; classtype:trojan-activity;sid:84741953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878854)"; flow:established,from_client; content:"GET"; http_method; content:"/shockerzz.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"royalcare-sy.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878854/; classtype:trojan-activity;sid:84741954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878855)"; flow:established,from_client; content:"GET"; http_method; content:"/6565.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"royalcare-sy.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878855/; classtype:trojan-activity;sid:84741955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878851)"; flow:established,from_client; content:"GET"; http_method; content:"/cross.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"royalcare-sy.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878851/; classtype:trojan-activity;sid:84741951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.6.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878850/; classtype:trojan-activity;sid:84741950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.220.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878849/; classtype:trojan-activity;sid:84741949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.149.107.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878848/; classtype:trojan-activity;sid:84741948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.133.125.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878847/; classtype:trojan-activity;sid:84741947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.225.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878846/; classtype:trojan-activity;sid:84741946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.53.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878845/; classtype:trojan-activity;sid:84741945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878844)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/zoom_meeting/meeting%20invite%20html/downloads/windows/aboki/zoom%2016.vbs"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"jim-s.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878844/; classtype:trojan-activity;sid:84741944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878843)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/zoom_meeting/meeting%20invite%20html/downloads/windows/aboki/zoom%2011.vbs"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"jim-s.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878843/; classtype:trojan-activity;sid:84741943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878842)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/zoom_meeting/meeting%20invite%20html/downloads/windows/aboki/zoom%2023.vbs"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"jim-s.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878842/; classtype:trojan-activity;sid:84741942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878839)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/zoom_meeting/meeting%20invite%20html/downloads/windows/aboki/zoom%2010.vbs"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"jim-s.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878839/; classtype:trojan-activity;sid:84741939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878840)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/zoom_meeting/meeting%20invite%20html/downloads/windows/aboki/zoom%2020.vbs"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"jim-s.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878840/; classtype:trojan-activity;sid:84741940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878841)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/zoom_meeting/meeting%20invite%20html/downloads/windows/aboki/zoom%2025.vbs"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"jim-s.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878841/; classtype:trojan-activity;sid:84741941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878837)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/zoom_meeting/meeting%20invite%20html/downloads/windows/aboki/zoom%2015.vbs"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"jim-s.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878837/; classtype:trojan-activity;sid:84741937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878838)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/zoom_meeting/meeting%20invite%20html/downloads/windows/aboki/zoom%2018.vbs"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"jim-s.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878838/; classtype:trojan-activity;sid:84741938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878828)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/zoom_meeting/meeting%20invite%20html/downloads/windows/aboki/zoom%2021.vbs"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"jim-s.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878828/; classtype:trojan-activity;sid:84741928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878829)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/zoom_meeting/meeting%20invite%20html/downloads/windows/aboki/zoom%2024.vbs"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"jim-s.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878829/; classtype:trojan-activity;sid:84741929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878830)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/zoom_meeting/meeting%20invite%20html/downloads/windows/aboki/zoom%2019.vbs"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"jim-s.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878830/; classtype:trojan-activity;sid:84741930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878831)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/zoom_meeting/meeting%20invite%20html/downloads/windows/aboki/zoom%2012.vbs"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"jim-s.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878831/; classtype:trojan-activity;sid:84741931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878832)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/zoom_meeting/meeting%20invite%20html/downloads/windows/aboki/zoom%209.vbs"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"jim-s.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878832/; classtype:trojan-activity;sid:84741932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878833)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/zoom_meeting/meeting%20invite%20html/downloads/windows/aboki/zoom%2013.vbs"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"jim-s.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878833/; classtype:trojan-activity;sid:84741933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878834)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/zoom_meeting/meeting%20invite%20html/downloads/windows/aboki/zoom%2022.vbs"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"jim-s.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878834/; classtype:trojan-activity;sid:84741934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878835)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/zoom_meeting/meeting%20invite%20html/downloads/windows/aboki/zoom%2014.vbs"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"jim-s.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878835/; classtype:trojan-activity;sid:84741935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878836)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/zoom_meeting/meeting%20invite%20html/downloads/windows/aboki/zoom%2017.vbs"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"jim-s.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878836/; classtype:trojan-activity;sid:84741936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878826)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/zoom_meeting/meeting%20invite%20html/downloads/windows/aboki/zoom%203.vbs"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"jim-s.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878826/; classtype:trojan-activity;sid:84741926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878827)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/zoom_meeting/meeting%20invite%20html/downloads/windows/aboki/zoom%208.vbs"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"jim-s.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878827/; classtype:trojan-activity;sid:84741927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878825)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/zoom_meeting/meeting%20invite%20html/downloads/windows/aboki/zoom%205.vbs"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"jim-s.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878825/; classtype:trojan-activity;sid:84741925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878823)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/zoom_meeting/meeting%20invite%20html/downloads/windows/aboki/zoom%207.vbs"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"jim-s.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878823/; classtype:trojan-activity;sid:84741923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878824)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sativac2"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.204.125.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878824/; classtype:trojan-activity;sid:84741924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878819)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.204.125.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878819/; classtype:trojan-activity;sid:84741919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878820)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/zoom_meeting/meeting%20invite%20html/downloads/windows/aboki/zoom%204.vbs"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"jim-s.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878820/; classtype:trojan-activity;sid:84741920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878821)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/zoom_meeting/meeting%20invite%20html/downloads/windows/aboki/zoom%202.vbs"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"jim-s.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878821/; classtype:trojan-activity;sid:84741921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878822)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/zoom_meeting/meeting%20invite%20html/downloads/windows/aboki/zoom%206.vbs"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"jim-s.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878822/; classtype:trojan-activity;sid:84741922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878818)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_88c4af189a4c6c59.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878818/; classtype:trojan-activity;sid:84741918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.20.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878817/; classtype:trojan-activity;sid:84741917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878816)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=bf723810-216b-4253-949d-cd83a30499d4"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"mdftw8lo.btyek.website"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878816/; classtype:trojan-activity;sid:84741916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.20.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878815/; classtype:trojan-activity;sid:84741915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.9.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878814/; classtype:trojan-activity;sid:84741914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.58.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878813/; classtype:trojan-activity;sid:84741913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878812)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_ac12f1da1bdab1e0.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878812/; classtype:trojan-activity;sid:84741912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.9.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878811/; classtype:trojan-activity;sid:84741911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.27.10.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878810/; classtype:trojan-activity;sid:84741910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878809)"; flow:established,from_client; content:"GET"; http_method; content:"/2026/6/ce0a3ffe-dc52-470b-8686-99cd20029255/ns2h.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"easyfiles.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878809/; classtype:trojan-activity;sid:84741909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878808)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_f0193e939ef907b9.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878808/; classtype:trojan-activity;sid:84741908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.0.131.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878807/; classtype:trojan-activity;sid:84741907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878806)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=c4993d64-c456-4f4f-aca9-b1e039bcffb1"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"djaczx9h.btyek.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878806/; classtype:trojan-activity;sid:84741906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.47.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878805/; classtype:trojan-activity;sid:84741905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.71.205.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878804/; classtype:trojan-activity;sid:84741904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.133.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878803/; classtype:trojan-activity;sid:84741903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878802)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=3ad123de-3852-4784-9864-dc443665a2e0"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"squvbf6p.btyek.one"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878802/; classtype:trojan-activity;sid:84741902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.47.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878801/; classtype:trojan-activity;sid:84741901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878799)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/recavrylog/roandatech@1cc983d/rp_4"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878799/; classtype:trojan-activity;sid:84741899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878800)"; flow:established,from_client; content:"GET"; http_method; content:"/4e0d84da-c118-4423-83c4-2b0b4883f3ec"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"lvt.vip1xbet.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878800/; classtype:trojan-activity;sid:84741900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.0.131.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878798/; classtype:trojan-activity;sid:84741898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.71.205.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878797/; classtype:trojan-activity;sid:84741897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.101.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878796/; classtype:trojan-activity;sid:84741896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.48.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878795/; classtype:trojan-activity;sid:84741895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.48.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878794/; classtype:trojan-activity;sid:84741894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.220.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878793/; classtype:trojan-activity;sid:84741893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.147.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878792/; classtype:trojan-activity;sid:84741892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.144.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878791/; classtype:trojan-activity;sid:84741891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.225.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878790/; classtype:trojan-activity;sid:84741890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878789)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_6d0c17403af838eb.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878789/; classtype:trojan-activity;sid:84741889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878788)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=81f18dad-afb8-4fb1-abc7-9381f68fb08e"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"x4ii4c50.btyek.store"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878788/; classtype:trojan-activity;sid:84741888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.67.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878787/; classtype:trojan-activity;sid:84741887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.184.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878786/; classtype:trojan-activity;sid:84741886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.114.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878785/; classtype:trojan-activity;sid:84741885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.144.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878784/; classtype:trojan-activity;sid:84741884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878783)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_a8b257b458693ac9.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878783/; classtype:trojan-activity;sid:84741883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878777)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_d8a6fc7c698c10be.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878777/; classtype:trojan-activity;sid:84741877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878778)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_e12a927439ce439a.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878778/; classtype:trojan-activity;sid:84741878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878779)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_596150d50cadc054.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878779/; classtype:trojan-activity;sid:84741879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878780)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_1b5c78313d9215c2.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878780/; classtype:trojan-activity;sid:84741880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878781)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_aebf69379f99b182.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878781/; classtype:trojan-activity;sid:84741881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878782)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_49084d3b125cbd42.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878782/; classtype:trojan-activity;sid:84741882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.128.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878776/; classtype:trojan-activity;sid:84741876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.142.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878775/; classtype:trojan-activity;sid:84741875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.67.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878774/; classtype:trojan-activity;sid:84741874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.225.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878773/; classtype:trojan-activity;sid:84741873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.184.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878772/; classtype:trojan-activity;sid:84741872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.142.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878771/; classtype:trojan-activity;sid:84741871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.85.99.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878770/; classtype:trojan-activity;sid:84741870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.40.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878769/; classtype:trojan-activity;sid:84741869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.40.72.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878768/; classtype:trojan-activity;sid:84741868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.128.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878767/; classtype:trojan-activity;sid:84741867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.169.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878766/; classtype:trojan-activity;sid:84741866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.73.96.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878765/; classtype:trojan-activity;sid:84741865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.169.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878764/; classtype:trojan-activity;sid:84741864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.124.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878763/; classtype:trojan-activity;sid:84741863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.106.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878762/; classtype:trojan-activity;sid:84741862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.144.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878761/; classtype:trojan-activity;sid:84741861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.124.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878760/; classtype:trojan-activity;sid:84741860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.147.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878759/; classtype:trojan-activity;sid:84741859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.124.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878758/; classtype:trojan-activity;sid:84741858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.122.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878757/; classtype:trojan-activity;sid:84741857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.7.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878756/; classtype:trojan-activity;sid:84741856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.184.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878755/; classtype:trojan-activity;sid:84741855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.28.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878754/; classtype:trojan-activity;sid:84741854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.7.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878753/; classtype:trojan-activity;sid:84741853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.124.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878752/; classtype:trojan-activity;sid:84741852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.7.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878751/; classtype:trojan-activity;sid:84741851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.119.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878750/; classtype:trojan-activity;sid:84741850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.184.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878749/; classtype:trojan-activity;sid:84741849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.7.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878748/; classtype:trojan-activity;sid:84741848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.168.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878747/; classtype:trojan-activity;sid:84741847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.19.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878746/; classtype:trojan-activity;sid:84741846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.119.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878745/; classtype:trojan-activity;sid:84741845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878744)"; flow:established,from_client; content:"GET"; http_method; content:"/bbcl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.26.88.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878744/; classtype:trojan-activity;sid:84741844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878742)"; flow:established,from_client; content:"GET"; http_method; content:"/wwg"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.26.88.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878742/; classtype:trojan-activity;sid:84741842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878743)"; flow:established,from_client; content:"GET"; http_method; content:"/ccl"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.26.88.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878743/; classtype:trojan-activity;sid:84741843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.144.86.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878740/; classtype:trojan-activity;sid:84741840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878741)"; flow:established,from_client; content:"GET"; http_method; content:"/bwwg"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.26.88.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878741/; classtype:trojan-activity;sid:84741841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.73.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878739/; classtype:trojan-activity;sid:84741839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.234.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878738/; classtype:trojan-activity;sid:84741838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.19.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878737/; classtype:trojan-activity;sid:84741837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.237.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878736/; classtype:trojan-activity;sid:84741836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.167.39.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878735/; classtype:trojan-activity;sid:84741835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.86.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878734/; classtype:trojan-activity;sid:84741834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.147.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878732/; classtype:trojan-activity;sid:84741832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.6.91.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878733/; classtype:trojan-activity;sid:84741833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.144.86.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878731/; classtype:trojan-activity;sid:84741831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.65.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878730/; classtype:trojan-activity;sid:84741830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.65.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878729/; classtype:trojan-activity;sid:84741829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.73.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878728/; classtype:trojan-activity;sid:84741828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.237.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878727/; classtype:trojan-activity;sid:84741827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.254.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878726/; classtype:trojan-activity;sid:84741826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878725)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=0a20a0d5-4331-49e3-aff0-2fc0f9827e5f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"njb2hl8n.betobord.live"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878725/; classtype:trojan-activity;sid:84741825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.2.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878724/; classtype:trojan-activity;sid:84741824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.86.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878723/; classtype:trojan-activity;sid:84741823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878722)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=23ae640f-d58b-4c81-a403-2608361c9b8f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cxsbf6om.betmajickade.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878722/; classtype:trojan-activity;sid:84741822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.91.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878721/; classtype:trojan-activity;sid:84741821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.2.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878720/; classtype:trojan-activity;sid:84741820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878719)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=20a30d54-bb7c-4821-ba05-7a5b7ce3b8e2"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"q08rvd2u.btyek.bond"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878719/; classtype:trojan-activity;sid:84741819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.249.199.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878718/; classtype:trojan-activity;sid:84741818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.163.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878717/; classtype:trojan-activity;sid:84741817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.249.199.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878716/; classtype:trojan-activity;sid:84741816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.155.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878715/; classtype:trojan-activity;sid:84741815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.132.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878714/; classtype:trojan-activity;sid:84741814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.187.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878713/; classtype:trojan-activity;sid:84741813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.181.234.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878712/; classtype:trojan-activity;sid:84741812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878711)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8606001881/01zdjli.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878711/; classtype:trojan-activity;sid:84741811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.248.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878710/; classtype:trojan-activity;sid:84741810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.248.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878709/; classtype:trojan-activity;sid:84741809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.147.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878708/; classtype:trojan-activity;sid:84741808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.144.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878707/; classtype:trojan-activity;sid:84741807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.181.234.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878706/; classtype:trojan-activity;sid:84741806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.163.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878705/; classtype:trojan-activity;sid:84741805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.187.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878704/; classtype:trojan-activity;sid:84741804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.244.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878703/; classtype:trojan-activity;sid:84741803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878702)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=70c1a1c4-b1af-4d09-9b8f-13323c0520ea"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"x089w0f5.btyek.boats"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878702/; classtype:trojan-activity;sid:84741802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.131.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878701/; classtype:trojan-activity;sid:84741801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.208.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_07_01; reference:url, urlhaus.abuse.ch/url/3878700/; classtype:trojan-activity;sid:84741800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.29.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878699/; classtype:trojan-activity;sid:84741799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.64.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878698/; classtype:trojan-activity;sid:84741798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.79.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878697/; classtype:trojan-activity;sid:84741797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.104.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878696/; classtype:trojan-activity;sid:84741796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.115.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878695/; classtype:trojan-activity;sid:84741795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.115.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878694/; classtype:trojan-activity;sid:84741794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.29.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878693/; classtype:trojan-activity;sid:84741793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.64.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878692/; classtype:trojan-activity;sid:84741792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.79.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878691/; classtype:trojan-activity;sid:84741791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.5.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878690/; classtype:trojan-activity;sid:84741790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878689)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/roadvillnet/doh-dot-edge-ns@8550fa1/cluste"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878689/; classtype:trojan-activity;sid:84741789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.28.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878687/; classtype:trojan-activity;sid:84741787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.13.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878688/; classtype:trojan-activity;sid:84741788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.131.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878686/; classtype:trojan-activity;sid:84741786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.239.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878685/; classtype:trojan-activity;sid:84741785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.136.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878684/; classtype:trojan-activity;sid:84741784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.219.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878683/; classtype:trojan-activity;sid:84741783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.104.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878682/; classtype:trojan-activity;sid:84741782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.5.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878681/; classtype:trojan-activity;sid:84741781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.46.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878680/; classtype:trojan-activity;sid:84741780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.88.136.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878679/; classtype:trojan-activity;sid:84741779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.79.167.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878678/; classtype:trojan-activity;sid:84741778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.239.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878677/; classtype:trojan-activity;sid:84741777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878676)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=31d873f0-7010-4688-834b-f92e0ed39993"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"zi6uvzi9.btyek.beauty"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878676/; classtype:trojan-activity;sid:84741776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.79.167.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878675/; classtype:trojan-activity;sid:84741775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.151.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878674/; classtype:trojan-activity;sid:84741774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878673)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=7c4ce8f7-5081-4730-a783-030262ed3a24"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"0oj9pa7x.1xbetlogin.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878673/; classtype:trojan-activity;sid:84741773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.239.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878672/; classtype:trojan-activity;sid:84741772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878671)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=8062c589-4b7a-4c85-8c87-689b40d563f0"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"c28vzpro.bet808.app"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878671/; classtype:trojan-activity;sid:84741771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.66.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878670/; classtype:trojan-activity;sid:84741770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.35.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878669/; classtype:trojan-activity;sid:84741769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.51.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878668/; classtype:trojan-activity;sid:84741768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.229.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878667/; classtype:trojan-activity;sid:84741767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.202.66.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878666/; classtype:trojan-activity;sid:84741766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.151.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878665/; classtype:trojan-activity;sid:84741765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.112.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878664/; classtype:trojan-activity;sid:84741764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.51.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878663/; classtype:trojan-activity;sid:84741763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.229.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878662/; classtype:trojan-activity;sid:84741762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878661)"; flow:established,from_client; content:"GET"; http_method; content:"/b1ad7276-9078-4de0-9bf4-896dfffa2264"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cess.digishart.news"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878661/; classtype:trojan-activity;sid:84741761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878660)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/roody2643/pipeline-runner@d29c24b/com"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878660/; classtype:trojan-activity;sid:84741760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878659)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=09437f79-6180-46d7-9f17-a55540c48989"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"vxg18bmc.btyek.baby"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878659/; classtype:trojan-activity;sid:84741759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.87.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878658/; classtype:trojan-activity;sid:84741758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.49.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878657/; classtype:trojan-activity;sid:84741757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.146.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878656/; classtype:trojan-activity;sid:84741756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.146.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878655/; classtype:trojan-activity;sid:84741755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.179.240.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878654/; classtype:trojan-activity;sid:84741754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.146.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878653/; classtype:trojan-activity;sid:84741753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.215.23.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878652/; classtype:trojan-activity;sid:84741752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.92.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878651/; classtype:trojan-activity;sid:84741751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.147.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878650/; classtype:trojan-activity;sid:84741750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878648)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_41020e659f8c1c0c.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878648/; classtype:trojan-activity;sid:84741748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.224.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878647/; classtype:trojan-activity;sid:84741747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.215.23.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878646/; classtype:trojan-activity;sid:84741746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.151.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878645/; classtype:trojan-activity;sid:84741745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.179.240.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878644/; classtype:trojan-activity;sid:84741744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.147.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878643/; classtype:trojan-activity;sid:84741743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.57.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878642/; classtype:trojan-activity;sid:84741742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.151.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878641/; classtype:trojan-activity;sid:84741741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878640)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=9482a6f9-eb87-4122-a0b8-0b114fcaf4f1"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"fpqatzfu.btyek.autos"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878640/; classtype:trojan-activity;sid:84741740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.163.107.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878639/; classtype:trojan-activity;sid:84741739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.224.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878638/; classtype:trojan-activity;sid:84741738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.57.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878637/; classtype:trojan-activity;sid:84741737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.222.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878636/; classtype:trojan-activity;sid:84741736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.71.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878635/; classtype:trojan-activity;sid:84741735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.71.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878634/; classtype:trojan-activity;sid:84741734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.13.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878633/; classtype:trojan-activity;sid:84741733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.13.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878632/; classtype:trojan-activity;sid:84741732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.16.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878631/; classtype:trojan-activity;sid:84741731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.16.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878630/; classtype:trojan-activity;sid:84741730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878629)"; flow:established,from_client; content:"GET"; http_method; content:"/gg2"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.154.43.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878629/; classtype:trojan-activity;sid:84741729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.44.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878628/; classtype:trojan-activity;sid:84741728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.234.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878627/; classtype:trojan-activity;sid:84741727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878626)"; flow:established,from_client; content:"GET"; http_method; content:"/098729.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"sergiotrabuccocineasta.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878626/; classtype:trojan-activity;sid:84741726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878625)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_78bc6ad609e5b3ec.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878625/; classtype:trojan-activity;sid:84741725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878624)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=1d952190-a9a4-4f7f-9ca2-9622167aad6a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"1ozso11s.blackjackonlineplay83.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878624/; classtype:trojan-activity;sid:84741724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878623)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=bba1610e-9190-468e-87d6-db8679e1c0af"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"35iozqs1.bet1bonus.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878623/; classtype:trojan-activity;sid:84741723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.58.106.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878622/; classtype:trojan-activity;sid:84741722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.44.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878621/; classtype:trojan-activity;sid:84741721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.234.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878620/; classtype:trojan-activity;sid:84741720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.99.183.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878619/; classtype:trojan-activity;sid:84741719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878618)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=c68069ac-e965-4a12-b582-7a865b656c6a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"j1yidzep.boombasket.bet"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878618/; classtype:trojan-activity;sid:84741718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.193.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878617/; classtype:trojan-activity;sid:84741717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.114.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878616/; classtype:trojan-activity;sid:84741716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.126.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878615/; classtype:trojan-activity;sid:84741715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.8.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878614/; classtype:trojan-activity;sid:84741714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.58.106.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878613/; classtype:trojan-activity;sid:84741713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.65.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878612/; classtype:trojan-activity;sid:84741712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.8.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878611/; classtype:trojan-activity;sid:84741711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.185.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878610/; classtype:trojan-activity;sid:84741710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.248.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878609/; classtype:trojan-activity;sid:84741709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.65.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878608/; classtype:trojan-activity;sid:84741708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878606)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/roody2643/enterprise-identity-gateway@cbf22ee/protected"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878606/; classtype:trojan-activity;sid:84741706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878607)"; flow:established,from_client; content:"GET"; http_method; content:"/f599839a-06d8-4cd1-a1f9-e53d806052af"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"lancer.shartboro.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878607/; classtype:trojan-activity;sid:84741707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.75.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878605/; classtype:trojan-activity;sid:84741705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.131.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878604/; classtype:trojan-activity;sid:84741704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.5.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878603/; classtype:trojan-activity;sid:84741703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.75.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878602/; classtype:trojan-activity;sid:84741702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.186.231.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878601/; classtype:trojan-activity;sid:84741701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.27.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878599/; classtype:trojan-activity;sid:84741699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.48.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878600/; classtype:trojan-activity;sid:84741700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.208.111.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878598/; classtype:trojan-activity;sid:84741698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.95.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878597/; classtype:trojan-activity;sid:84741697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.131.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878596/; classtype:trojan-activity;sid:84741696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878595)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=cbdb21c8-e4d7-4519-b396-ae3ae8a8b34e"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wt51peii.boomball.bet"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878595/; classtype:trojan-activity;sid:84741695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.96.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878594/; classtype:trojan-activity;sid:84741694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.5.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878593/; classtype:trojan-activity;sid:84741693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.186.231.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878592/; classtype:trojan-activity;sid:84741692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.48.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878591/; classtype:trojan-activity;sid:84741691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.208.111.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878590/; classtype:trojan-activity;sid:84741690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878589)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_f62b9b46f8f064d5.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878589/; classtype:trojan-activity;sid:84741689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.27.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878588/; classtype:trojan-activity;sid:84741688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878586)"; flow:established,from_client; content:"GET"; http_method; content:"/222/chart.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"27.124.40.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878586/; classtype:trojan-activity;sid:84741686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878587)"; flow:established,from_client; content:"GET"; http_method; content:"/222/202958247.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"27.124.40.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878587/; classtype:trojan-activity;sid:84741687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.96.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878585/; classtype:trojan-activity;sid:84741685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.103.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878584/; classtype:trojan-activity;sid:84741684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.11.64.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878583/; classtype:trojan-activity;sid:84741683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878582)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/8b3lb136mwn27au0pve38/img00329_0032900-de0003-rechnung-r003020.vbs|3f|rlkey=k83z77ccrzfvqzd1xlg56vyrr|7c|26|7c|st=40o2hlu8|7c|26|7c|dl=1|7c|26|7c|_sm_nck=1"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878582/; classtype:trojan-activity;sid:84741682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878580)"; flow:established,from_client; content:"GET"; http_method; content:"/submissiveness/defaults/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mglawyers.com.co"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878580/; classtype:trojan-activity;sid:84741680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878581)"; flow:established,from_client; content:"GET"; http_method; content:"/public/subdeb/avow/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"desenv.foconohit.com.br"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878581/; classtype:trojan-activity;sid:84741681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878579)"; flow:established,from_client; content:"GET"; http_method; content:"/crazed/freshwater/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"nematfoods.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878579/; classtype:trojan-activity;sid:84741679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.103.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878577/; classtype:trojan-activity;sid:84741677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.86.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878578/; classtype:trojan-activity;sid:84741678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.161.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878576/; classtype:trojan-activity;sid:84741676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878575)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/kristalles/fadyrent/ubsr-1"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878575/; classtype:trojan-activity;sid:84741675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878574)"; flow:established,from_client; content:"GET"; http_method; content:"/bb6e4d02-362a-4198-b783-f3eb411018e6"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cvf.shart120x.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878574/; classtype:trojan-activity;sid:84741674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.0.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878573/; classtype:trojan-activity;sid:84741673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.201.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878572/; classtype:trojan-activity;sid:84741672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878571)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=1c427989-79e6-4627-b676-787b4a267cfa"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wk00z1ey.vip1xbet.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878571/; classtype:trojan-activity;sid:84741671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.201.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878570/; classtype:trojan-activity;sid:84741670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878569)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=98aa8eb7-239f-48b1-9380-92839278bf27"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"3fbkahzk.coinsgame.pro"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878569/; classtype:trojan-activity;sid:84741669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878568)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=ae0571af-a3ec-4cab-bea8-29dd8aa79774"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bjsiw6ik.casinoiran.pro"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878568/; classtype:trojan-activity;sid:84741668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.33.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878567/; classtype:trojan-activity;sid:84741667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878566)"; flow:established,from_client; content:"GET"; http_method; content:"/ftm0-40po-ao28-g98e/img_pg9uve.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"blue-paper-f69f.acrypters.workers.dev"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878566/; classtype:trojan-activity;sid:84741666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878565)"; flow:established,from_client; content:"GET"; http_method; content:"/fee/optimized_msi23.png"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bip.priestsw.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878565/; classtype:trojan-activity;sid:84741665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878564)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_aa85f097aed60931.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878564/; classtype:trojan-activity;sid:84741664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878562)"; flow:established,from_client; content:"GET"; http_method; content:"/tnnbbv.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pub-3bc1de741f8149f49bdbafa703067f24.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878562/; classtype:trojan-activity;sid:84741662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878563)"; flow:established,from_client; content:"GET"; http_method; content:"/fowap"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878563/; classtype:trojan-activity;sid:84741663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878557)"; flow:established,from_client; content:"GET"; http_method; content:"/swbui"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878557/; classtype:trojan-activity;sid:84741657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878558)"; flow:established,from_client; content:"GET"; http_method; content:"/qshdl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878558/; classtype:trojan-activity;sid:84741658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878559)"; flow:established,from_client; content:"GET"; http_method; content:"/xboek"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"shy-hall-9c09.cryptersandtoolsoficial.workers.dev"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878559/; classtype:trojan-activity;sid:84741659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878560)"; flow:established,from_client; content:"GET"; http_method; content:"/vpuqw"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"shy-hall-9c09.cryptersandtoolsoficial.workers.dev"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878560/; classtype:trojan-activity;sid:84741660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878561)"; flow:established,from_client; content:"GET"; http_method; content:"/kuwxx"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878561/; classtype:trojan-activity;sid:84741661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878556)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878556/; classtype:trojan-activity;sid:84741656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878555)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/wjjqoeisjztla2mrbb79g/gmail2.7z|3f|rlkey=wqkboglz4szexsjoncs9du291|7c|26|7c|st=6w"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878555/; classtype:trojan-activity;sid:84741655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878553)"; flow:established,from_client; content:"GET"; http_method; content:"/cfpm-sktm-j4p9-534r/img_zsc81m.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"blue-paper-f69f.acrypters.workers.dev"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878553/; classtype:trojan-activity;sid:84741653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878554)"; flow:established,from_client; content:"GET"; http_method; content:"/ajvea"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878554/; classtype:trojan-activity;sid:84741654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878548)"; flow:established,from_client; content:"GET"; http_method; content:"/zvuia"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878548/; classtype:trojan-activity;sid:84741648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878549)"; flow:established,from_client; content:"GET"; http_method; content:"/uwupr"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"shy-hall-9c09.cryptersandtoolsoficial.workers.dev"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878549/; classtype:trojan-activity;sid:84741649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878550)"; flow:established,from_client; content:"GET"; http_method; content:"/smmwc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"shy-hall-9c09.cryptersandtoolsoficial.workers.dev"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878550/; classtype:trojan-activity;sid:84741650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878551)"; flow:established,from_client; content:"GET"; http_method; content:"/onkiq"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nameless-moon-f4b5.anthony-gomes-oliveira2020.workers.dev"; http_host; depth:57; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878551/; classtype:trojan-activity;sid:84741651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878552)"; flow:established,from_client; content:"GET"; http_method; content:"/hidrosys/api/djmay.png"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"desentupidora.pro.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878552/; classtype:trojan-activity;sid:84741652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878538)"; flow:established,from_client; content:"GET"; http_method; content:"/bbl2/client.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"thebrighttable.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878538/; classtype:trojan-activity;sid:84741638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878539)"; flow:established,from_client; content:"GET"; http_method; content:"/ezcls"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878539/; classtype:trojan-activity;sid:84741639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878540)"; flow:established,from_client; content:"GET"; http_method; content:"/mtlac"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"shy-hall-9c09.cryptersandtoolsoficial.workers.dev"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878540/; classtype:trojan-activity;sid:84741640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878541)"; flow:established,from_client; content:"GET"; http_method; content:"/riaryh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878541/; classtype:trojan-activity;sid:84741641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878542)"; flow:established,from_client; content:"GET"; http_method; content:"/htmlweb/common/rumped.png"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"fileza.xyz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878542/; classtype:trojan-activity;sid:84741642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878543)"; flow:established,from_client; content:"GET"; http_method; content:"/ftm0-40po-ao28-g98e/img_9bgy53.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"blue-paper-f69f.acrypters.workers.dev"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878543/; classtype:trojan-activity;sid:84741643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878544)"; flow:established,from_client; content:"GET"; http_method; content:"/qxijp/2c20https3a/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878544/; classtype:trojan-activity;sid:84741644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878545)"; flow:established,from_client; content:"GET"; http_method; content:"/d/dstq.dat"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"anakort32ew.site"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878545/; classtype:trojan-activity;sid:84741645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878546)"; flow:established,from_client; content:"GET"; http_method; content:"/vpuqwxu"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"shy-hall-9c09.cryptersandtoolsoficial.workers.dev"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878546/; classtype:trojan-activity;sid:84741646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878547)"; flow:established,from_client; content:"GET"; http_method; content:"/hjbmu"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878547/; classtype:trojan-activity;sid:84741647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878537)"; flow:established,from_client; content:"GET"; http_method; content:"/wyihx"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878537/; classtype:trojan-activity;sid:84741637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878536)"; flow:established,from_client; content:"GET"; http_method; content:"/iswc-mfix-criy-cjgw/img_4drkah.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"blue-paper-f69f.acrypters.workers.dev"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878536/; classtype:trojan-activity;sid:84741636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878535)"; flow:established,from_client; content:"GET"; http_method; content:"/ncxco"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"shy-hall-9c09.cryptersandtoolsoficial.workers.dev"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878535/; classtype:trojan-activity;sid:84741635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878532)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.175.189.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878532/; classtype:trojan-activity;sid:84741632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878533)"; flow:established,from_client; content:"GET"; http_method; content:"/yyhgl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878533/; classtype:trojan-activity;sid:84741633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878534)"; flow:established,from_client; content:"GET"; http_method; content:"/phbeq"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878534/; classtype:trojan-activity;sid:84741634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878529)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"shy-hall-9c09.cryptersandtoolsoficial.workers.dev"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878529/; classtype:trojan-activity;sid:84741629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878530)"; flow:established,from_client; content:"GET"; http_method; content:"/xuoyo"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"shy-hall-9c09.cryptersandtoolsoficial.workers.dev"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878530/; classtype:trojan-activity;sid:84741630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878531)"; flow:established,from_client; content:"GET"; http_method; content:"/cldnu"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"shy-hall-9c09.cryptersandtoolsoficial.workers.dev"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878531/; classtype:trojan-activity;sid:84741631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878528)"; flow:established,from_client; content:"GET"; http_method; content:"/ftm0-40po-ao28-g98e/img_pngmzh.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"blue-paper-f69f.acrypters.workers.dev"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878528/; classtype:trojan-activity;sid:84741628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878526)"; flow:established,from_client; content:"GET"; http_method; content:"/qmwyx"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"shy-hall-9c09.cryptersandtoolsoficial.workers.dev"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878526/; classtype:trojan-activity;sid:84741626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878527)"; flow:established,from_client; content:"GET"; http_method; content:"/git3a80/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878527/; classtype:trojan-activity;sid:84741627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878523)"; flow:established,from_client; content:"GET"; http_method; content:"/djmay.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"crescentegramas.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878523/; classtype:trojan-activity;sid:84741623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878524)"; flow:established,from_client; content:"GET"; http_method; content:"/ftm0-40po-ao28-g98e/img_4gsuz4.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"blue-paper-f69f.acrypters.workers.dev"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878524/; classtype:trojan-activity;sid:84741624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878525)"; flow:established,from_client; content:"GET"; http_method; content:"/ddevucd.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pub-1fac92604a6b47c39d25db77f6ef4632.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878525/; classtype:trojan-activity;sid:84741625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878520)"; flow:established,from_client; content:"GET"; http_method; content:"/xuoyo"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"shy-hall-9c09.cryptersandtoolsoficial.workers.dev"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878520/; classtype:trojan-activity;sid:84741620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878521)"; flow:established,from_client; content:"GET"; http_method; content:"/itthy"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878521/; classtype:trojan-activity;sid:84741621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878522)"; flow:established,from_client; content:"GET"; http_method; content:"/sass/optimized_foryujune.png"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"brenmayasociados.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878522/; classtype:trojan-activity;sid:84741622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878519)"; flow:established,from_client; content:"GET"; http_method; content:"/mcigr"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878519/; classtype:trojan-activity;sid:84741619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878518)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"pub-2a0f07b24978463ca23e2f8948678f42.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878518/; classtype:trojan-activity;sid:84741618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878516)"; flow:established,from_client; content:"GET"; http_method; content:"/xadprmazdtpkunrup109.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"109.248.151.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878516/; classtype:trojan-activity;sid:84741616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878517)"; flow:established,from_client; content:"GET"; http_method; content:"/opted_msi.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pub-2a0f07b24978463ca23e2f8948678f42.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878517/; classtype:trojan-activity;sid:84741617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878513)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_5e89b03b1eca3e2a.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878513/; classtype:trojan-activity;sid:84741613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878514)"; flow:established,from_client; content:"GET"; http_method; content:"/sphinx/cayman/"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"daprojektbau.webfaqe-ks.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878514/; classtype:trojan-activity;sid:84741614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878515)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_c114ce5878bba5f0.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878515/; classtype:trojan-activity;sid:84741615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878510)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_28393fb395b3db60.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878510/; classtype:trojan-activity;sid:84741610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878511)"; flow:established,from_client; content:"GET"; http_method; content:"/crazed/certifier"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"nematfoods.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878511/; classtype:trojan-activity;sid:84741611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878512)"; flow:established,from_client; content:"GET"; http_method; content:"/storey/symposia"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"travelwithhassan.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878512/; classtype:trojan-activity;sid:84741612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.197.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878509/; classtype:trojan-activity;sid:84741609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878508)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=0e1fd0e7-ed76-4f2c-88ea-05030cf4c8b2"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"6oekxs4k.vip1xbet.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878508/; classtype:trojan-activity;sid:84741608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.109.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878507/; classtype:trojan-activity;sid:84741607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.66.102.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878506/; classtype:trojan-activity;sid:84741606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878505)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=5e7e1b14-be83-493d-98a1-2dbe9fc39b27"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"fxdcbd24.vip1xbet.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878505/; classtype:trojan-activity;sid:84741605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.33.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878504/; classtype:trojan-activity;sid:84741604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.197.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878503/; classtype:trojan-activity;sid:84741603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.109.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878502/; classtype:trojan-activity;sid:84741602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.135.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878501/; classtype:trojan-activity;sid:84741601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.155.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878500/; classtype:trojan-activity;sid:84741600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.67.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878499/; classtype:trojan-activity;sid:84741599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.225.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878498/; classtype:trojan-activity;sid:84741598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.170.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878497/; classtype:trojan-activity;sid:84741597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.102.37.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878496/; classtype:trojan-activity;sid:84741596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.127.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878495/; classtype:trojan-activity;sid:84741595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.82.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878494/; classtype:trojan-activity;sid:84741594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.31.201.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878493/; classtype:trojan-activity;sid:84741593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.131.163.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878492/; classtype:trojan-activity;sid:84741592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.102.37.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878491/; classtype:trojan-activity;sid:84741591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.158.180.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878490/; classtype:trojan-activity;sid:84741590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.131.163.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878489/; classtype:trojan-activity;sid:84741589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.42.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878488/; classtype:trojan-activity;sid:84741588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.82.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878487/; classtype:trojan-activity;sid:84741587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.8.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878486/; classtype:trojan-activity;sid:84741586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.69.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878485/; classtype:trojan-activity;sid:84741585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.127.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878484/; classtype:trojan-activity;sid:84741584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.121.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878483/; classtype:trojan-activity;sid:84741583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878482)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/belova-bb071/fdshub-j5/pirs-7"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878482/; classtype:trojan-activity;sid:84741582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878481)"; flow:established,from_client; content:"GET"; http_method; content:"/828d0bd4-5a79-4c2e-b0cb-9442f513c675"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"kdf.betbacklink.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878481/; classtype:trojan-activity;sid:84741581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.121.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878480/; classtype:trojan-activity;sid:84741580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.15.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878479/; classtype:trojan-activity;sid:84741579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.69.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878478/; classtype:trojan-activity;sid:84741578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.94.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878477/; classtype:trojan-activity;sid:84741577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.161.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878476/; classtype:trojan-activity;sid:84741576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.53.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878475/; classtype:trojan-activity;sid:84741575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.53.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878474/; classtype:trojan-activity;sid:84741574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.187.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878473/; classtype:trojan-activity;sid:84741573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.69.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878472/; classtype:trojan-activity;sid:84741572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.15.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878471/; classtype:trojan-activity;sid:84741571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878470)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=54315a32-d171-4251-b21d-53a500e1a785"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ry7ddj68.1x303.casino"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878470/; classtype:trojan-activity;sid:84741570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.90.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878469/; classtype:trojan-activity;sid:84741569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.94.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878468/; classtype:trojan-activity;sid:84741568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.45.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878467/; classtype:trojan-activity;sid:84741567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.164.32.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878466/; classtype:trojan-activity;sid:84741566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.172.186.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878465/; classtype:trojan-activity;sid:84741565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.187.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878464/; classtype:trojan-activity;sid:84741564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.243.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878463/; classtype:trojan-activity;sid:84741563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.22.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878462/; classtype:trojan-activity;sid:84741562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.45.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878461/; classtype:trojan-activity;sid:84741561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.172.186.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878460/; classtype:trojan-activity;sid:84741560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"77.83.39.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878459/; classtype:trojan-activity;sid:84741559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"77.83.39.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878458/; classtype:trojan-activity;sid:84741558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.33.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878457/; classtype:trojan-activity;sid:84741557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.187.248.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878456/; classtype:trojan-activity;sid:84741556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878455)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/tbk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.248.100.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878455/; classtype:trojan-activity;sid:84741555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878454)"; flow:established,from_client; content:"GET"; http_method; content:"/barm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.198.224.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878454/; classtype:trojan-activity;sid:84741554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878451)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.198.224.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878451/; classtype:trojan-activity;sid:84741551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878452)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.198.224.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878452/; classtype:trojan-activity;sid:84741552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"192.109.200.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878453/; classtype:trojan-activity;sid:84741553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.109.200.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878450/; classtype:trojan-activity;sid:84741550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.17.91.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878449/; classtype:trojan-activity;sid:84741549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878447)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=6c8dd409-c881-4f41-afb1-e58bb7ad1526"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"i54qzo8r.btyek.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878447/; classtype:trojan-activity;sid:84741547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878448)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=dbf0f122-b823-4560-ac48-ae7df8ab1233"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"6j9kkd0s.chillbazi.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878448/; classtype:trojan-activity;sid:84741548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.146.92.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878446/; classtype:trojan-activity;sid:84741546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878445)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.11.167.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878445/; classtype:trojan-activity;sid:84741545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878444)"; flow:established,from_client; content:"GET"; http_method; content:"/main.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.11.167.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878444/; classtype:trojan-activity;sid:84741544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.11.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878443/; classtype:trojan-activity;sid:84741543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.17.91.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878442/; classtype:trojan-activity;sid:84741542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.221.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878441/; classtype:trojan-activity;sid:84741541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.112.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878440/; classtype:trojan-activity;sid:84741540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.112.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878439/; classtype:trojan-activity;sid:84741539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878438)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878438/; classtype:trojan-activity;sid:84741538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878436)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878436/; classtype:trojan-activity;sid:84741536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878437)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878437/; classtype:trojan-activity;sid:84741537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878435)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878435/; classtype:trojan-activity;sid:84741535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878433)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878433/; classtype:trojan-activity;sid:84741533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878434)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878434/; classtype:trojan-activity;sid:84741534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878432)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=301c4188-62c1-4bf7-8470-c8b6aa4a5eb4"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"i5sofk6r.xbetone.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878432/; classtype:trojan-activity;sid:84741532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878428)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878428/; classtype:trojan-activity;sid:84741528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878429)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878429/; classtype:trojan-activity;sid:84741529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878430)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878430/; classtype:trojan-activity;sid:84741530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878431)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878431/; classtype:trojan-activity;sid:84741531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878405)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878405/; classtype:trojan-activity;sid:84741505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878406)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878406/; classtype:trojan-activity;sid:84741506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878407)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878407/; classtype:trojan-activity;sid:84741507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878408)"; flow:established,from_client; content:"GET"; http_method; content:"/arm64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878408/; classtype:trojan-activity;sid:84741508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878409)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878409/; classtype:trojan-activity;sid:84741509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878410)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878410/; classtype:trojan-activity;sid:84741510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878411)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878411/; classtype:trojan-activity;sid:84741511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878412)"; flow:established,from_client; content:"GET"; http_method; content:"/adbpersist.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878412/; classtype:trojan-activity;sid:84741512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878413)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878413/; classtype:trojan-activity;sid:84741513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878414)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878414/; classtype:trojan-activity;sid:84741514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878415)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878415/; classtype:trojan-activity;sid:84741515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878416)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878416/; classtype:trojan-activity;sid:84741516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878417)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878417/; classtype:trojan-activity;sid:84741517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878418)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878418/; classtype:trojan-activity;sid:84741518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878419)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878419/; classtype:trojan-activity;sid:84741519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878420)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878420/; classtype:trojan-activity;sid:84741520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878421)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878421/; classtype:trojan-activity;sid:84741521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878422)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878422/; classtype:trojan-activity;sid:84741522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878423)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878423/; classtype:trojan-activity;sid:84741523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878424)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878424/; classtype:trojan-activity;sid:84741524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878425)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878425/; classtype:trojan-activity;sid:84741525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878426)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878426/; classtype:trojan-activity;sid:84741526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878427)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878427/; classtype:trojan-activity;sid:84741527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878400)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878400/; classtype:trojan-activity;sid:84741500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878401)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878401/; classtype:trojan-activity;sid:84741501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878402)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878402/; classtype:trojan-activity;sid:84741502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878403)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878403/; classtype:trojan-activity;sid:84741503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878404)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.198.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878404/; classtype:trojan-activity;sid:84741504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878398)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxni386xnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"45.198.224.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878398/; classtype:trojan-activity;sid:84741498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878399)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmicroblazexnxn"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"45.198.224.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878399/; classtype:trojan-activity;sid:84741499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878396)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnaarch64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"45.198.224.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878396/; classtype:trojan-activity;sid:84741496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878397)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv32xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"45.198.224.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878397/; classtype:trojan-activity;sid:84741497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878386)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmipsxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"45.198.224.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878386/; classtype:trojan-activity;sid:84741486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878387)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.198.224.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878387/; classtype:trojan-activity;sid:84741487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878388)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnm68kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"45.198.224.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878388/; classtype:trojan-activity;sid:84741488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878389)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnpowerpcxnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"45.198.224.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878389/; classtype:trojan-activity;sid:84741489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878390)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnloongarch64xnxn"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"45.198.224.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878390/; classtype:trojan-activity;sid:84741490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878391)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnor1kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"45.198.224.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878391/; classtype:trojan-activity;sid:84741491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878392)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"45.198.224.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878392/; classtype:trojan-activity;sid:84741492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878393)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnx86_64xnxn"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"45.198.224.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878393/; classtype:trojan-activity;sid:84741493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878394)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh2xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.198.224.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878394/; classtype:trojan-activity;sid:84741494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878395)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.198.224.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878395/; classtype:trojan-activity;sid:84741495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.146.92.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878385/; classtype:trojan-activity;sid:84741485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878384)"; flow:established,from_client; content:"GET"; http_method; content:"/gg2"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2.26.124.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878384/; classtype:trojan-activity;sid:84741484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.194.234.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878383/; classtype:trojan-activity;sid:84741483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.230.141.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878382/; classtype:trojan-activity;sid:84741482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.7.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878381/; classtype:trojan-activity;sid:84741481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.221.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878380/; classtype:trojan-activity;sid:84741480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.234.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878379/; classtype:trojan-activity;sid:84741479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878378)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.154.43.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878378/; classtype:trojan-activity;sid:84741478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878375)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kla.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.154.43.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878375/; classtype:trojan-activity;sid:84741475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878376)"; flow:established,from_client; content:"GET"; http_method; content:"/lkzmnxeqfe/x521"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"69.169.99.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878376/; classtype:trojan-activity;sid:84741476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878373)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_f7772a0134a3aa58.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878373/; classtype:trojan-activity;sid:84741473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878374)"; flow:established,from_client; content:"GET"; http_method; content:"/$arch"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"85.121.177.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878374/; classtype:trojan-activity;sid:84741474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878370)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_a86f94b0515604f0.ps1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878370/; classtype:trojan-activity;sid:84741470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878371)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_c33ca95ee7858051.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878371/; classtype:trojan-activity;sid:84741471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878372)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_22876292da8a0d01.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878372/; classtype:trojan-activity;sid:84741472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.186.208.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878369/; classtype:trojan-activity;sid:84741469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878364)"; flow:established,from_client; content:"GET"; http_method; content:"/settings/package"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.code-beautify.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878364/; classtype:trojan-activity;sid:84741464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878365)"; flow:established,from_client; content:"GET"; http_method; content:"/settings/mac|3f|flag=6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.code-beautify.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878365/; classtype:trojan-activity;sid:84741465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878366)"; flow:established,from_client; content:"GET"; http_method; content:"/wmpbvdf1qa/tcrond"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"69.169.99.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878366/; classtype:trojan-activity;sid:84741466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878367)"; flow:established,from_client; content:"GET"; http_method; content:"/5/kaekbee.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"216.9.224.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878367/; classtype:trojan-activity;sid:84741467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878368)"; flow:established,from_client; content:"GET"; http_method; content:"/image0958960.txt.jpg"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"216.250.252.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878368/; classtype:trojan-activity;sid:84741468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878361)"; flow:established,from_client; content:"GET"; http_method; content:"/why7rovj4r/x640"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"69.169.99.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878361/; classtype:trojan-activity;sid:84741461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878362)"; flow:established,from_client; content:"GET"; http_method; content:"/wtoga9ctxs/x522"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"69.169.99.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878362/; classtype:trojan-activity;sid:84741462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878363)"; flow:established,from_client; content:"GET"; http_method; content:"/settings/env|3f|flag=6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.code-beautify.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878363/; classtype:trojan-activity;sid:84741463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878360)"; flow:established,from_client; content:"GET"; http_method; content:"/catalog"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"penumbra-extension.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878360/; classtype:trojan-activity;sid:84741460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878357)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_dfb13a4e691f7750.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878357/; classtype:trojan-activity;sid:84741457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878358)"; flow:established,from_client; content:"GET"; http_method; content:"/73fe9118-7db1-4755-947a-f286b3b4e7b4/dep.goog"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"ttt.falsafekonkour.site"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878358/; classtype:trojan-activity;sid:84741458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878359)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_427c1c24c949bd09.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878359/; classtype:trojan-activity;sid:84741459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878354)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878354/; classtype:trojan-activity;sid:84741454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878355)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878355/; classtype:trojan-activity;sid:84741455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878356)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878356/; classtype:trojan-activity;sid:84741456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.39.181.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878349/; classtype:trojan-activity;sid:84741449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878350)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878350/; classtype:trojan-activity;sid:84741450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878351)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878351/; classtype:trojan-activity;sid:84741451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878352)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878352/; classtype:trojan-activity;sid:84741452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878353)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878353/; classtype:trojan-activity;sid:84741453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878345)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878345/; classtype:trojan-activity;sid:84741445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878346)"; flow:established,from_client; content:"GET"; http_method; content:"/17h"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878346/; classtype:trojan-activity;sid:84741446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878347)"; flow:established,from_client; content:"GET"; http_method; content:"/4y6a"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878347/; classtype:trojan-activity;sid:84741447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878348)"; flow:established,from_client; content:"GET"; http_method; content:"/vuu"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878348/; classtype:trojan-activity;sid:84741448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878344)"; flow:established,from_client; content:"GET"; http_method; content:"/softwaretech"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"64.89.163.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878344/; classtype:trojan-activity;sid:84741444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878341)"; flow:established,from_client; content:"GET"; http_method; content:"/okqj"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878341/; classtype:trojan-activity;sid:84741441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878342)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878342/; classtype:trojan-activity;sid:84741442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878343)"; flow:established,from_client; content:"GET"; http_method; content:"/d7q"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878343/; classtype:trojan-activity;sid:84741443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878335)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.i468"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878335/; classtype:trojan-activity;sid:84741435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878336)"; flow:established,from_client; content:"GET"; http_method; content:"/oryd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878336/; classtype:trojan-activity;sid:84741436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878337)"; flow:established,from_client; content:"GET"; http_method; content:"/gpvi"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878337/; classtype:trojan-activity;sid:84741437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878338)"; flow:established,from_client; content:"GET"; http_method; content:"/btv"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878338/; classtype:trojan-activity;sid:84741438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878339)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i468"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878339/; classtype:trojan-activity;sid:84741439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878340)"; flow:established,from_client; content:"GET"; http_method; content:"/5js"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878340/; classtype:trojan-activity;sid:84741440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878330)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.i468"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878330/; classtype:trojan-activity;sid:84741430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878331)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i468"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878331/; classtype:trojan-activity;sid:84741431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878332)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.i468"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.135.194.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878332/; classtype:trojan-activity;sid:84741432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878333)"; flow:established,from_client; content:"GET"; http_method; content:"/yyp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878333/; classtype:trojan-activity;sid:84741433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878334)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878334/; classtype:trojan-activity;sid:84741434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.159.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878329/; classtype:trojan-activity;sid:84741429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.214.149.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878328/; classtype:trojan-activity;sid:84741428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.232.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878327/; classtype:trojan-activity;sid:84741427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.176.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878326/; classtype:trojan-activity;sid:84741426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.39.181.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878325/; classtype:trojan-activity;sid:84741425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.111.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878324/; classtype:trojan-activity;sid:84741424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.130.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878323/; classtype:trojan-activity;sid:84741423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.176.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878322/; classtype:trojan-activity;sid:84741422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.236.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878321/; classtype:trojan-activity;sid:84741421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.214.149.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878320/; classtype:trojan-activity;sid:84741420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.134.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878319/; classtype:trojan-activity;sid:84741419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.232.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878318/; classtype:trojan-activity;sid:84741418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.236.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878317/; classtype:trojan-activity;sid:84741417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878316)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=00c81124-bbe9-4d78-ad15-6a21ab87aa93"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"xxkqx6kn.vip1xbet.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878316/; classtype:trojan-activity;sid:84741416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.111.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878315/; classtype:trojan-activity;sid:84741415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.27.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878314/; classtype:trojan-activity;sid:84741414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.211.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878313/; classtype:trojan-activity;sid:84741413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.104.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878312/; classtype:trojan-activity;sid:84741412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.86.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878311/; classtype:trojan-activity;sid:84741411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.114.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878310/; classtype:trojan-activity;sid:84741410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.73.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878309/; classtype:trojan-activity;sid:84741409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.211.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878308/; classtype:trojan-activity;sid:84741408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.104.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878307/; classtype:trojan-activity;sid:84741407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.27.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878306/; classtype:trojan-activity;sid:84741406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.148.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878305/; classtype:trojan-activity;sid:84741405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.224.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878304/; classtype:trojan-activity;sid:84741404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.59.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878303/; classtype:trojan-activity;sid:84741403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.222.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878301/; classtype:trojan-activity;sid:84741401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.7.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878302/; classtype:trojan-activity;sid:84741402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.229.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878300/; classtype:trojan-activity;sid:84741400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.222.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878299/; classtype:trojan-activity;sid:84741399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.44.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878298/; classtype:trojan-activity;sid:84741398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.188.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878297/; classtype:trojan-activity;sid:84741397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.148.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878296/; classtype:trojan-activity;sid:84741396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.188.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878295/; classtype:trojan-activity;sid:84741395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.224.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878294/; classtype:trojan-activity;sid:84741394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878293)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_a3402a55abdee979.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878293/; classtype:trojan-activity;sid:84741393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878292)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=8b459ed8-90fe-411c-9a9e-c2ce877a2f1f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"46imdg6k.blackjackonlineplay83.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878292/; classtype:trojan-activity;sid:84741392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.93.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878291/; classtype:trojan-activity;sid:84741391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.200.237.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878290/; classtype:trojan-activity;sid:84741390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.24.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878289/; classtype:trojan-activity;sid:84741389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.24.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878288/; classtype:trojan-activity;sid:84741388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.6.168.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878287/; classtype:trojan-activity;sid:84741387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878286)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=de9c22d3-9522-4ddc-831e-2f9462340b85"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"328bpzpg.313betapk.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878286/; classtype:trojan-activity;sid:84741386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.185.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878285/; classtype:trojan-activity;sid:84741385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.93.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878284/; classtype:trojan-activity;sid:84741384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878283)"; flow:established,from_client; content:"GET"; http_method; content:"/shell/rev.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"scanbot.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878283/; classtype:trojan-activity;sid:84741383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878282)"; flow:established,from_client; content:"GET"; http_method; content:"/scanbot.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"scanbot.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878282/; classtype:trojan-activity;sid:84741382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.6.168.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878281/; classtype:trojan-activity;sid:84741381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.200.237.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878280/; classtype:trojan-activity;sid:84741380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.35.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878279/; classtype:trojan-activity;sid:84741379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.156.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878278/; classtype:trojan-activity;sid:84741378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878277)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/o.xml"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878277/; classtype:trojan-activity;sid:84741377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.240.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878276/; classtype:trojan-activity;sid:84741376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.35.50.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878275/; classtype:trojan-activity;sid:84741375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.115.102.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878274/; classtype:trojan-activity;sid:84741374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878273)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=1ce5150f-8088-455a-af66-9a7b7b9c9849"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dshm5yet.betbuf.live"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878273/; classtype:trojan-activity;sid:84741373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878272)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=cc7a6cb8-fc2a-4603-93fe-e32be899893a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"a70tlkg4.1xboropartners.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878272/; classtype:trojan-activity;sid:84741372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.156.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_30; reference:url, urlhaus.abuse.ch/url/3878271/; classtype:trojan-activity;sid:84741371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.240.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878270/; classtype:trojan-activity;sid:84741370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.82.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878269/; classtype:trojan-activity;sid:84741369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.35.50.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878268/; classtype:trojan-activity;sid:84741368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.194.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878267/; classtype:trojan-activity;sid:84741367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.82.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878266/; classtype:trojan-activity;sid:84741366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.57.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878265/; classtype:trojan-activity;sid:84741365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878264)"; flow:established,from_client; content:"GET"; http_method; content:"/o.xml"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878264/; classtype:trojan-activity;sid:84741364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878256)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878256/; classtype:trojan-activity;sid:84741356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878257)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878257/; classtype:trojan-activity;sid:84741357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878258)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878258/; classtype:trojan-activity;sid:84741358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878259)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878259/; classtype:trojan-activity;sid:84741359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878260)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878260/; classtype:trojan-activity;sid:84741360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878261)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878261/; classtype:trojan-activity;sid:84741361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878262)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878262/; classtype:trojan-activity;sid:84741362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878263)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878263/; classtype:trojan-activity;sid:84741363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878254)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878254/; classtype:trojan-activity;sid:84741354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878255)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878255/; classtype:trojan-activity;sid:84741355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.194.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878253/; classtype:trojan-activity;sid:84741353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878247)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878247/; classtype:trojan-activity;sid:84741347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878248)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878248/; classtype:trojan-activity;sid:84741348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878249)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878249/; classtype:trojan-activity;sid:84741349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878250)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878250/; classtype:trojan-activity;sid:84741350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878251)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/o.xml"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878251/; classtype:trojan-activity;sid:84741351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878252)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878252/; classtype:trojan-activity;sid:84741352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878246)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878246/; classtype:trojan-activity;sid:84741346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878245)"; flow:established,from_client; content:"GET"; http_method; content:"/gg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.26.124.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878245/; classtype:trojan-activity;sid:84741345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878244)"; flow:established,from_client; content:"GET"; http_method; content:"/.bash_history"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"2.26.124.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878244/; classtype:trojan-activity;sid:84741344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.32.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878243/; classtype:trojan-activity;sid:84741343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.127.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878242/; classtype:trojan-activity;sid:84741342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.57.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878241/; classtype:trojan-activity;sid:84741341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.46.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878240/; classtype:trojan-activity;sid:84741340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.173.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878239/; classtype:trojan-activity;sid:84741339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878237)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.11.88.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878237/; classtype:trojan-activity;sid:84741337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878238)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"141.11.88.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878238/; classtype:trojan-activity;sid:84741338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878236)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"141.11.88.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878236/; classtype:trojan-activity;sid:84741336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878235)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"141.11.88.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878235/; classtype:trojan-activity;sid:84741335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878233)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pspc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.11.88.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878233/; classtype:trojan-activity;sid:84741333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878234)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.11.88.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878234/; classtype:trojan-activity;sid:84741334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878229)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"141.11.88.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878229/; classtype:trojan-activity;sid:84741329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878230)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"141.11.88.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878230/; classtype:trojan-activity;sid:84741330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878231)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"141.11.88.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878231/; classtype:trojan-activity;sid:84741331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878232)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"141.11.88.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878232/; classtype:trojan-activity;sid:84741332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878228)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.11.88.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878228/; classtype:trojan-activity;sid:84741328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878227)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_661a3ef950b7329f.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878227/; classtype:trojan-activity;sid:84741327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878226)"; flow:established,from_client; content:"GET"; http_method; content:"/chunky/bin.i486"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"141.11.88.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878226/; classtype:trojan-activity;sid:84741326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878225)"; flow:established,from_client; content:"GET"; http_method; content:"/chunky/bin.armv4l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.11.88.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878225/; classtype:trojan-activity;sid:84741325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878209)"; flow:established,from_client; content:"GET"; http_method; content:"/chunky/bin.armv7l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.11.88.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878209/; classtype:trojan-activity;sid:84741309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878210)"; flow:established,from_client; content:"GET"; http_method; content:"/chunky/bin.i586"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"141.11.88.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878210/; classtype:trojan-activity;sid:84741310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878211)"; flow:established,from_client; content:"GET"; http_method; content:"/chunky/bin.powerpc-440fp"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"141.11.88.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878211/; classtype:trojan-activity;sid:84741311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878212)"; flow:established,from_client; content:"GET"; http_method; content:"/chunky/bin.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.11.88.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878212/; classtype:trojan-activity;sid:84741312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878213)"; flow:established,from_client; content:"GET"; http_method; content:"/chunky/bin.mips64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.11.88.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878213/; classtype:trojan-activity;sid:84741313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878214)"; flow:established,from_client; content:"GET"; http_method; content:"/chunky/bin.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"141.11.88.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878214/; classtype:trojan-activity;sid:84741314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878215)"; flow:established,from_client; content:"GET"; http_method; content:"/chunky/bin.armv6l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.11.88.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878215/; classtype:trojan-activity;sid:84741315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878216)"; flow:established,from_client; content:"GET"; http_method; content:"/chunky/bin.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"141.11.88.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878216/; classtype:trojan-activity;sid:84741316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878217)"; flow:established,from_client; content:"GET"; http_method; content:"/chunky/bin.powerpc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"141.11.88.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878217/; classtype:trojan-activity;sid:84741317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878218)"; flow:established,from_client; content:"GET"; http_method; content:"/chunky/bin.armv5l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.11.88.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878218/; classtype:trojan-activity;sid:84741318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878219)"; flow:established,from_client; content:"GET"; http_method; content:"/chunky/bin.mipsel"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.11.88.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878219/; classtype:trojan-activity;sid:84741319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878220)"; flow:established,from_client; content:"GET"; http_method; content:"/chunky/bins.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"141.11.88.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878220/; classtype:trojan-activity;sid:84741320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878221)"; flow:established,from_client; content:"GET"; http_method; content:"/chunky/bin.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"141.11.88.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878221/; classtype:trojan-activity;sid:84741321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878222)"; flow:established,from_client; content:"GET"; http_method; content:"/chunky/bin.armv4eb"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"141.11.88.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878222/; classtype:trojan-activity;sid:84741322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878223)"; flow:established,from_client; content:"GET"; http_method; content:"/chunky/bin.armv4tl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"141.11.88.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878223/; classtype:trojan-activity;sid:84741323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878224)"; flow:established,from_client; content:"GET"; http_method; content:"/chunky/bin.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"141.11.88.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878224/; classtype:trojan-activity;sid:84741324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.90.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878208/; classtype:trojan-activity;sid:84741308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.119.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878207/; classtype:trojan-activity;sid:84741307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.86.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878206/; classtype:trojan-activity;sid:84741306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878205)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=e41dbddb-2b3a-4529-b0e4-997faf377e81"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"0dahrppq.taktikbet.bio"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878205/; classtype:trojan-activity;sid:84741305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.88.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878204/; classtype:trojan-activity;sid:84741304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878203)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nerv.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878203/; classtype:trojan-activity;sid:84741303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.90.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878202/; classtype:trojan-activity;sid:84741302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878198)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nerv.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878198/; classtype:trojan-activity;sid:84741298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878199)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nerv.arm4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878199/; classtype:trojan-activity;sid:84741299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878200)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nerv.x86_32"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878200/; classtype:trojan-activity;sid:84741300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878201)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nerv.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878201/; classtype:trojan-activity;sid:84741301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878191)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nerv.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878191/; classtype:trojan-activity;sid:84741291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878192)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nerv.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878192/; classtype:trojan-activity;sid:84741292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878193)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nerv.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878193/; classtype:trojan-activity;sid:84741293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878194)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nerv.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878194/; classtype:trojan-activity;sid:84741294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878195)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nerv.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878195/; classtype:trojan-activity;sid:84741295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878196)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nerv.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878196/; classtype:trojan-activity;sid:84741296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878197)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nerv.sparc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878197/; classtype:trojan-activity;sid:84741297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.59.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878190/; classtype:trojan-activity;sid:84741290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.86.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878189/; classtype:trojan-activity;sid:84741289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878187)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878187/; classtype:trojan-activity;sid:84741287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878188)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878188/; classtype:trojan-activity;sid:84741288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878175)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878175/; classtype:trojan-activity;sid:84741275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878176)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878176/; classtype:trojan-activity;sid:84741276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878177)"; flow:established,from_client; content:"GET"; http_method; content:"/nz.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878177/; classtype:trojan-activity;sid:84741277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878178)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878178/; classtype:trojan-activity;sid:84741278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878179)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878179/; classtype:trojan-activity;sid:84741279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878180)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878180/; classtype:trojan-activity;sid:84741280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878181)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878181/; classtype:trojan-activity;sid:84741281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878182)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878182/; classtype:trojan-activity;sid:84741282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878183)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878183/; classtype:trojan-activity;sid:84741283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878184)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878184/; classtype:trojan-activity;sid:84741284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878185)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878185/; classtype:trojan-activity;sid:84741285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878186)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/debug"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878186/; classtype:trojan-activity;sid:84741286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878173)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878173/; classtype:trojan-activity;sid:84741273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878174)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"41.216.189.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878174/; classtype:trojan-activity;sid:84741274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.44.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878172/; classtype:trojan-activity;sid:84741272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.106.241.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878171/; classtype:trojan-activity;sid:84741271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.106.241.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878170/; classtype:trojan-activity;sid:84741270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878169)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_ad2429816444a42e.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878169/; classtype:trojan-activity;sid:84741269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.183.55.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878168/; classtype:trojan-activity;sid:84741268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.219.96.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878167/; classtype:trojan-activity;sid:84741267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"38.54.104.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878166/; classtype:trojan-activity;sid:84741266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"38.60.163.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878165/; classtype:trojan-activity;sid:84741265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.32.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878164/; classtype:trojan-activity;sid:84741264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.203.133.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878163/; classtype:trojan-activity;sid:84741263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878162)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv4eb"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.242.3.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878162/; classtype:trojan-activity;sid:84741262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"31.57.184.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878161/; classtype:trojan-activity;sid:84741261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878159)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv4tl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.242.3.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878159/; classtype:trojan-activity;sid:84741259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878160)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.242.3.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878160/; classtype:trojan-activity;sid:84741260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878144)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.242.3.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878144/; classtype:trojan-activity;sid:84741244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878145)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.242.3.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878145/; classtype:trojan-activity;sid:84741245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878146)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.powerpc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.242.3.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878146/; classtype:trojan-activity;sid:84741246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878147)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.powerpc-440fp"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.242.3.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878147/; classtype:trojan-activity;sid:84741247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878148)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv7l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.242.3.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878148/; classtype:trojan-activity;sid:84741248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878149)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv4l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.242.3.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878149/; classtype:trojan-activity;sid:84741249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878150)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.mips64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.242.3.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878150/; classtype:trojan-activity;sid:84741250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878151)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv6l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.242.3.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878151/; classtype:trojan-activity;sid:84741251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878152)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.242.3.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878152/; classtype:trojan-activity;sid:84741252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878153)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.i586"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.242.3.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878153/; classtype:trojan-activity;sid:84741253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878154)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.mipsel"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.242.3.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878154/; classtype:trojan-activity;sid:84741254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878155)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv5l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.242.3.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878155/; classtype:trojan-activity;sid:84741255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878156)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.242.3.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878156/; classtype:trojan-activity;sid:84741256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878157)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.i486"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.242.3.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878157/; classtype:trojan-activity;sid:84741257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878158)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.242.3.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878158/; classtype:trojan-activity;sid:84741258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878142)"; flow:established,from_client; content:"GET"; http_method; content:"/d.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.89.163.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878142/; classtype:trojan-activity;sid:84741242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878143)"; flow:established,from_client; content:"GET"; http_method; content:"/check.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.89.163.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878143/; classtype:trojan-activity;sid:84741243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.189.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878141/; classtype:trojan-activity;sid:84741241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878138)"; flow:established,from_client; content:"GET"; http_method; content:"/7.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"64.89.163.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878138/; classtype:trojan-activity;sid:84741238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878139)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"64.89.163.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878139/; classtype:trojan-activity;sid:84741239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878140)"; flow:established,from_client; content:"GET"; http_method; content:"/8.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"64.89.163.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878140/; classtype:trojan-activity;sid:84741240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878136/; classtype:trojan-activity;sid:84741236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"178.16.54.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878137/; classtype:trojan-activity;sid:84741237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.187.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878135/; classtype:trojan-activity;sid:84741235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878132)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.148.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878132/; classtype:trojan-activity;sid:84741232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878133)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.148.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878133/; classtype:trojan-activity;sid:84741233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878134)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.148.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878134/; classtype:trojan-activity;sid:84741234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878131)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.148.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878131/; classtype:trojan-activity;sid:84741231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878130)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.65.148.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878130/; classtype:trojan-activity;sid:84741230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878129)"; flow:established,from_client; content:"GET"; http_method; content:"/ok"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.65.148.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878129/; classtype:trojan-activity;sid:84741229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.189.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878128/; classtype:trojan-activity;sid:84741228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878125)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.148.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878125/; classtype:trojan-activity;sid:84741225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878126)"; flow:established,from_client; content:"GET"; http_method; content:"/mips64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.148.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878126/; classtype:trojan-activity;sid:84741226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878127)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.148.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878127/; classtype:trojan-activity;sid:84741227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878123)"; flow:established,from_client; content:"GET"; http_method; content:"/mips64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.148.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878123/; classtype:trojan-activity;sid:84741223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878124)"; flow:established,from_client; content:"GET"; http_method; content:"/adb.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.148.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878124/; classtype:trojan-activity;sid:84741224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.187.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878122/; classtype:trojan-activity;sid:84741222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878121)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.135.194.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878121/; classtype:trojan-activity;sid:84741221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878120)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.135.194.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878120/; classtype:trojan-activity;sid:84741220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878112)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.135.194.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878112/; classtype:trojan-activity;sid:84741212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878113)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/debug"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.135.194.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878113/; classtype:trojan-activity;sid:84741213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878114)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.135.194.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878114/; classtype:trojan-activity;sid:84741214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878115)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.135.194.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878115/; classtype:trojan-activity;sid:84741215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878116)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.135.194.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878116/; classtype:trojan-activity;sid:84741216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878117)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.135.194.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878117/; classtype:trojan-activity;sid:84741217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878118)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.135.194.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878118/; classtype:trojan-activity;sid:84741218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878119)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.135.194.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878119/; classtype:trojan-activity;sid:84741219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878110)"; flow:established,from_client; content:"GET"; http_method; content:"/nz.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.135.194.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878110/; classtype:trojan-activity;sid:84741210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878111)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.135.194.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878111/; classtype:trojan-activity;sid:84741211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878109)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.135.194.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878109/; classtype:trojan-activity;sid:84741209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878108)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.135.194.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878108/; classtype:trojan-activity;sid:84741208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878106)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.135.194.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878106/; classtype:trojan-activity;sid:84741206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878107)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.135.194.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878107/; classtype:trojan-activity;sid:84741207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.99.186.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878104/; classtype:trojan-activity;sid:84741204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.186.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878105/; classtype:trojan-activity;sid:84741205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878103)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=fe3a1023-d0e3-4e5d-a8b0-09770aa4aaa2"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"6r6t7wot.blackjackonlineplay83.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878103/; classtype:trojan-activity;sid:84741203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878102)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=22b73f0a-4b25-4c0e-882b-1c46c5423c8e"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"3mjtqxj3.1xsignupbet.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878102/; classtype:trojan-activity;sid:84741202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.190.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878101/; classtype:trojan-activity;sid:84741201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.11.56.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878100/; classtype:trojan-activity;sid:84741200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.11.56.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878099/; classtype:trojan-activity;sid:84741199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.219.96.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878098/; classtype:trojan-activity;sid:84741198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878097)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"209.99.190.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878097/; classtype:trojan-activity;sid:84741197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878095)"; flow:established,from_client; content:"GET"; http_method; content:"/i.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878095/; classtype:trojan-activity;sid:84741195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878096)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_armv6l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"217.60.195.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878096/; classtype:trojan-activity;sid:84741196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878094)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_armv5l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"217.60.195.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878094/; classtype:trojan-activity;sid:84741194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.198.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878093/; classtype:trojan-activity;sid:84741193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.73.202.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878091/; classtype:trojan-activity;sid:84741191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878092)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"31.56.209.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878092/; classtype:trojan-activity;sid:84741192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878090)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.56.209.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878090/; classtype:trojan-activity;sid:84741190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878089)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.56.209.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878089/; classtype:trojan-activity;sid:84741189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878088)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878088/; classtype:trojan-activity;sid:84741188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878077)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878077/; classtype:trojan-activity;sid:84741177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878078)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878078/; classtype:trojan-activity;sid:84741178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878079)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878079/; classtype:trojan-activity;sid:84741179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878080)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878080/; classtype:trojan-activity;sid:84741180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878081)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878081/; classtype:trojan-activity;sid:84741181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878082)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878082/; classtype:trojan-activity;sid:84741182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878083)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878083/; classtype:trojan-activity;sid:84741183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878084)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878084/; classtype:trojan-activity;sid:84741184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878085)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878085/; classtype:trojan-activity;sid:84741185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878086)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878086/; classtype:trojan-activity;sid:84741186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878087)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878087/; classtype:trojan-activity;sid:84741187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878076)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878076/; classtype:trojan-activity;sid:84741176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878074)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878074/; classtype:trojan-activity;sid:84741174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878075)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878075/; classtype:trojan-activity;sid:84741175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878073)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878073/; classtype:trojan-activity;sid:84741173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.225.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878072/; classtype:trojan-activity;sid:84741172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878068)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"217.60.195.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878068/; classtype:trojan-activity;sid:84741168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878069)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.x86_64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"217.60.195.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878069/; classtype:trojan-activity;sid:84741169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878070)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"217.60.195.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878070/; classtype:trojan-activity;sid:84741170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878071)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.arm8"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"217.60.195.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878071/; classtype:trojan-activity;sid:84741171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878067)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"217.60.195.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878067/; classtype:trojan-activity;sid:84741167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878065)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"217.60.195.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878065/; classtype:trojan-activity;sid:84741165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878066)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"217.60.195.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878066/; classtype:trojan-activity;sid:84741166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878064)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=ddcbd2d9-804e-48e2-bea3-ef43f193e6fb"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"r32rtlhu.1xbetpartnersiran.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878064/; classtype:trojan-activity;sid:84741164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878062)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"217.60.195.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878062/; classtype:trojan-activity;sid:84741162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878063)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"217.60.195.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878063/; classtype:trojan-activity;sid:84741163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.82.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878060/; classtype:trojan-activity;sid:84741160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.73.202.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878061/; classtype:trojan-activity;sid:84741161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.133.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878059/; classtype:trojan-activity;sid:84741159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.203.247.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878058/; classtype:trojan-activity;sid:84741158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.195.28.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878057/; classtype:trojan-activity;sid:84741157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.199.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878056/; classtype:trojan-activity;sid:84741156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.82.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878055/; classtype:trojan-activity;sid:84741155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878054)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878054/; classtype:trojan-activity;sid:84741154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878040)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878040/; classtype:trojan-activity;sid:84741140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878041)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878041/; classtype:trojan-activity;sid:84741141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878042)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878042/; classtype:trojan-activity;sid:84741142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878043)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878043/; classtype:trojan-activity;sid:84741143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878044)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878044/; classtype:trojan-activity;sid:84741144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878045)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878045/; classtype:trojan-activity;sid:84741145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878046)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878046/; classtype:trojan-activity;sid:84741146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878047)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878047/; classtype:trojan-activity;sid:84741147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878048)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878048/; classtype:trojan-activity;sid:84741148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878049)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878049/; classtype:trojan-activity;sid:84741149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878050)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878050/; classtype:trojan-activity;sid:84741150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878051)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878051/; classtype:trojan-activity;sid:84741151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878052)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/debug"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878052/; classtype:trojan-activity;sid:84741152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878053)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878053/; classtype:trojan-activity;sid:84741153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878039)"; flow:established,from_client; content:"GET"; http_method; content:"/nz.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.154.43.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878039/; classtype:trojan-activity;sid:84741139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878038)"; flow:established,from_client; content:"GET"; http_method; content:"/gg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"168.222.254.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878038/; classtype:trojan-activity;sid:84741138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878037)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=58f8833b-c096-40e8-8f26-ec17586699e9"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"r4zhwkgz.betbuf.live"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878037/; classtype:trojan-activity;sid:84741137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.129.163.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878036/; classtype:trojan-activity;sid:84741136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.203.247.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878035/; classtype:trojan-activity;sid:84741135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.195.28.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878034/; classtype:trojan-activity;sid:84741134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.129.163.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878033/; classtype:trojan-activity;sid:84741133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.173.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878032/; classtype:trojan-activity;sid:84741132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.10.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878031/; classtype:trojan-activity;sid:84741131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.222.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878030/; classtype:trojan-activity;sid:84741130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878028)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.154.43.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878028/; classtype:trojan-activity;sid:84741128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878029)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.154.43.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878029/; classtype:trojan-activity;sid:84741129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878027)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_48eaba086fa8f176.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878027/; classtype:trojan-activity;sid:84741127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878026)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.154.43.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878026/; classtype:trojan-activity;sid:84741126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878025)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.154.43.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878025/; classtype:trojan-activity;sid:84741125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878023)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.154.43.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878023/; classtype:trojan-activity;sid:84741123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878024)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.154.43.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878024/; classtype:trojan-activity;sid:84741124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878022)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.154.43.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878022/; classtype:trojan-activity;sid:84741122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878020)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.154.43.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878020/; classtype:trojan-activity;sid:84741120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878021)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.154.43.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878021/; classtype:trojan-activity;sid:84741121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.46.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878017/; classtype:trojan-activity;sid:84741117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.34.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878018/; classtype:trojan-activity;sid:84741118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.232.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878019/; classtype:trojan-activity;sid:84741119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.10.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878016/; classtype:trojan-activity;sid:84741116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878015)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.154.43.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878015/; classtype:trojan-activity;sid:84741115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.65.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878014/; classtype:trojan-activity;sid:84741114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.65.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878013/; classtype:trojan-activity;sid:84741113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.143.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878011/; classtype:trojan-activity;sid:84741111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.210.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878012/; classtype:trojan-activity;sid:84741112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.106.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878010/; classtype:trojan-activity;sid:84741110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.210.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878009/; classtype:trojan-activity;sid:84741109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.206.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878008/; classtype:trojan-activity;sid:84741108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.120.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878007/; classtype:trojan-activity;sid:84741107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878006)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=a952d55e-6205-40a5-be2d-d328d2c02824"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"eotm8liv.xbetone.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878006/; classtype:trojan-activity;sid:84741106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.166.248.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878005/; classtype:trojan-activity;sid:84741105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.120.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878004/; classtype:trojan-activity;sid:84741104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.222.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878003/; classtype:trojan-activity;sid:84741103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.38.206.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878002/; classtype:trojan-activity;sid:84741102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.46.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878001/; classtype:trojan-activity;sid:84741101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3878000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.208.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3878000/; classtype:trojan-activity;sid:84741100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.84.134.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877999/; classtype:trojan-activity;sid:84741099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.206.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877998/; classtype:trojan-activity;sid:84741098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.86.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877997/; classtype:trojan-activity;sid:84741097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877996)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=40c12bd0-9870-4e44-80cd-f1464ffef50b"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"hi4ztw3j.vip1xbet.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877996/; classtype:trojan-activity;sid:84741096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.86.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877995/; classtype:trojan-activity;sid:84741095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.46.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877994/; classtype:trojan-activity;sid:84741094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.208.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877993/; classtype:trojan-activity;sid:84741093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.84.134.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877992/; classtype:trojan-activity;sid:84741092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.218.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877991/; classtype:trojan-activity;sid:84741091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.201.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877990/; classtype:trojan-activity;sid:84741090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877989)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_314324949baa48e0.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877989/; classtype:trojan-activity;sid:84741089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877988)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_403b16f0b4098b52.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877988/; classtype:trojan-activity;sid:84741088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.246.140.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877987/; classtype:trojan-activity;sid:84741087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.218.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877986/; classtype:trojan-activity;sid:84741086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.70.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877985/; classtype:trojan-activity;sid:84741085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.70.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877984/; classtype:trojan-activity;sid:84741084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.88.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877983/; classtype:trojan-activity;sid:84741083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877976)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l.ghost"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.154.43.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877976/; classtype:trojan-activity;sid:84741076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877977)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.ghost"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.154.43.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877977/; classtype:trojan-activity;sid:84741077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877978)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.ghost"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.154.43.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877978/; classtype:trojan-activity;sid:84741078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877979)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.ghost"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877979/; classtype:trojan-activity;sid:84741079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877980)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.ghost"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877980/; classtype:trojan-activity;sid:84741080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877981)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64.ghost"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.154.43.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877981/; classtype:trojan-activity;sid:84741081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877982)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.ghost"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877982/; classtype:trojan-activity;sid:84741082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877973)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l.ghost"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.154.43.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877973/; classtype:trojan-activity;sid:84741073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877974)"; flow:established,from_client; content:"GET"; http_method; content:"/i686.ghost"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877974/; classtype:trojan-activity;sid:84741074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877975)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.ghost"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.154.43.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877975/; classtype:trojan-activity;sid:84741075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877972)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_6cb3b276a0296ce2.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877972/; classtype:trojan-activity;sid:84741072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877971)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_36a19412dec7dc07.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877971/; classtype:trojan-activity;sid:84741071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.238.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877970/; classtype:trojan-activity;sid:84741070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877969)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=9a6a0b56-ebc0-4625-9d77-a985083c4e5f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"uhaita1o.1x303.casino"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877969/; classtype:trojan-activity;sid:84741069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877968)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=94c17de8-08b9-47a6-96f8-05801ac73450"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"7ay17187.vip1xbet.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877968/; classtype:trojan-activity;sid:84741068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.83.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877967/; classtype:trojan-activity;sid:84741067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.173.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877966/; classtype:trojan-activity;sid:84741066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877964)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877964/; classtype:trojan-activity;sid:84741064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877965)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877965/; classtype:trojan-activity;sid:84741065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877956)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877956/; classtype:trojan-activity;sid:84741056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877957)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877957/; classtype:trojan-activity;sid:84741057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877958)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877958/; classtype:trojan-activity;sid:84741058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877959)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877959/; classtype:trojan-activity;sid:84741059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877960)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877960/; classtype:trojan-activity;sid:84741060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877961)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.154.43.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877961/; classtype:trojan-activity;sid:84741061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877962)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877962/; classtype:trojan-activity;sid:84741062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877963)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877963/; classtype:trojan-activity;sid:84741063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877955)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.i468"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877955/; classtype:trojan-activity;sid:84741055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877954)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877954/; classtype:trojan-activity;sid:84741054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.83.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877953/; classtype:trojan-activity;sid:84741053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.83.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877952/; classtype:trojan-activity;sid:84741052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.235.98.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877951/; classtype:trojan-activity;sid:84741051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.190.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877950/; classtype:trojan-activity;sid:84741050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877949)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877949/; classtype:trojan-activity;sid:84741049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877948)"; flow:established,from_client; content:"GET"; http_method; content:"/share.google|3f|q=ho6vl9qivbnsnkmug"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"www.google.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877948/; classtype:trojan-activity;sid:84741048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877946)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.154.43.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877946/; classtype:trojan-activity;sid:84741046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877947)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877947/; classtype:trojan-activity;sid:84741047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877940)"; flow:established,from_client; content:"GET"; http_method; content:"/share.google|3f|q=tkkeiojo9obazgaja"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"www.google.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877940/; classtype:trojan-activity;sid:84741040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877941)"; flow:established,from_client; content:"GET"; http_method; content:"/1uqarmdffn5fcxi7x"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"share.google"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877941/; classtype:trojan-activity;sid:84741041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877942)"; flow:established,from_client; content:"GET"; http_method; content:"/photo295825092412.zip|3f|_r=4bbf3239"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"digital-magicians.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877942/; classtype:trojan-activity;sid:84741042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877943)"; flow:established,from_client; content:"GET"; http_method; content:"/photo295825092412.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"digital-magicians.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877943/; classtype:trojan-activity;sid:84741043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877944)"; flow:established,from_client; content:"GET"; http_method; content:"/djh8mb9gjkbeol52p"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"share.google"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877944/; classtype:trojan-activity;sid:84741044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877945)"; flow:established,from_client; content:"GET"; http_method; content:"/photo295825092412.zip|3f|_r=599004b6"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"digital-magicians.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877945/; classtype:trojan-activity;sid:84741045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877934)"; flow:established,from_client; content:"GET"; http_method; content:"/tkkeiojo9obazgaja"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"share.google"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877934/; classtype:trojan-activity;sid:84741034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877935)"; flow:established,from_client; content:"GET"; http_method; content:"/0g5qgzn5jig09ms3n"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"share.google"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877935/; classtype:trojan-activity;sid:84741035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877936)"; flow:established,from_client; content:"GET"; http_method; content:"/9erj2fawggupq7kph"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"share.google"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877936/; classtype:trojan-activity;sid:84741036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877937)"; flow:established,from_client; content:"GET"; http_method; content:"/c4mgrw5rn1rqcf7xt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"share.google"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877937/; classtype:trojan-activity;sid:84741037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877938)"; flow:established,from_client; content:"GET"; http_method; content:"/vt3apzolgodrmbhfv"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"share.google"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877938/; classtype:trojan-activity;sid:84741038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877939)"; flow:established,from_client; content:"GET"; http_method; content:"/share.google|3f|q=vt3apzolgodrmbhfv"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"www.google.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877939/; classtype:trojan-activity;sid:84741039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877933)"; flow:established,from_client; content:"GET"; http_method; content:"/ho6vl9qivbnsnkmug"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"share.google"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877933/; classtype:trojan-activity;sid:84741033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.90.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877932/; classtype:trojan-activity;sid:84741032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.83.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877931/; classtype:trojan-activity;sid:84741031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.190.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877930/; classtype:trojan-activity;sid:84741030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.90.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877929/; classtype:trojan-activity;sid:84741029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877928)"; flow:established,from_client; content:"GET"; http_method; content:"/dkkutimhhvcor241.bin"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.29.9.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877928/; classtype:trojan-activity;sid:84741028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877925)"; flow:established,from_client; content:"GET"; http_method; content:"/benztalon.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pashka-5qrk.vercel.app"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877925/; classtype:trojan-activity;sid:84741025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877926)"; flow:established,from_client; content:"GET"; http_method; content:"/0xsdhzilqodizkahsqh/ozekqjsdhua/refs/heads/main/injection.js"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877926/; classtype:trojan-activity;sid:84741026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877927)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dtpvideo52.vercel.app"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877927/; classtype:trojan-activity;sid:84741027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877923)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_ea6405f1d45f8421.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877923/; classtype:trojan-activity;sid:84741023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877924)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_f02e27b4dc22e353.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877924/; classtype:trojan-activity;sid:84741024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.249.57.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877922/; classtype:trojan-activity;sid:84741022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.65.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877921/; classtype:trojan-activity;sid:84741021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.46.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877920/; classtype:trojan-activity;sid:84741020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.65.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877919/; classtype:trojan-activity;sid:84741019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877918)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=05f579ce-ec56-4f50-af7b-5601f2335bb7"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"depdoej0.taktikbet.bio"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877918/; classtype:trojan-activity;sid:84741018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.1.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877917/; classtype:trojan-activity;sid:84741017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.76.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877916/; classtype:trojan-activity;sid:84741016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.72.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877915/; classtype:trojan-activity;sid:84741015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"174.27.8.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877914/; classtype:trojan-activity;sid:84741014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.216.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877913/; classtype:trojan-activity;sid:84741013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.76.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877912/; classtype:trojan-activity;sid:84741012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877909)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.11.167.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877909/; classtype:trojan-activity;sid:84741009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877910)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.11.167.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877910/; classtype:trojan-activity;sid:84741010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877911)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.i468"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.11.167.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877911/; classtype:trojan-activity;sid:84741011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877904)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.11.167.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877904/; classtype:trojan-activity;sid:84741004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877905)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.11.167.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877905/; classtype:trojan-activity;sid:84741005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877906)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.11.167.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877906/; classtype:trojan-activity;sid:84741006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877907)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.11.167.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877907/; classtype:trojan-activity;sid:84741007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877908)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.11.167.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877908/; classtype:trojan-activity;sid:84741008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877900)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.11.167.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877900/; classtype:trojan-activity;sid:84741000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877901)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"85.11.167.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877901/; classtype:trojan-activity;sid:84741001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877902)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.11.167.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877902/; classtype:trojan-activity;sid:84741002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877903)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.11.167.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877903/; classtype:trojan-activity;sid:84741003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877899)"; flow:established,from_client; content:"GET"; http_method; content:"/9er"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877899/; classtype:trojan-activity;sid:84740999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877895)"; flow:established,from_client; content:"GET"; http_method; content:"/cx36"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877895/; classtype:trojan-activity;sid:84740995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877896)"; flow:established,from_client; content:"GET"; http_method; content:"/uaga"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877896/; classtype:trojan-activity;sid:84740996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877897)"; flow:established,from_client; content:"GET"; http_method; content:"/nhl"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877897/; classtype:trojan-activity;sid:84740997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877898)"; flow:established,from_client; content:"GET"; http_method; content:"/yvp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877898/; classtype:trojan-activity;sid:84740998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.168.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877893/; classtype:trojan-activity;sid:84740993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.194.50.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877892/; classtype:trojan-activity;sid:84740992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.21.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877891/; classtype:trojan-activity;sid:84740991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877890)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=aec9e769-eb3a-4f2c-b43e-a59bc857ba59"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"39p49guo.mokatebatedari.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877890/; classtype:trojan-activity;sid:84740990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.44.144.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877889/; classtype:trojan-activity;sid:84740989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877888)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=1f7d1d52-c5f9-4339-bccd-f55fda1c63a2"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"w0l83hua.1xsignupbet.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877888/; classtype:trojan-activity;sid:84740988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.21.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877887/; classtype:trojan-activity;sid:84740987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.48.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877886/; classtype:trojan-activity;sid:84740986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.252.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877885/; classtype:trojan-activity;sid:84740985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.101.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877884/; classtype:trojan-activity;sid:84740984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877883)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/robiboart/extraktlive/zetrix09"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877883/; classtype:trojan-activity;sid:84740983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877882)"; flow:established,from_client; content:"GET"; http_method; content:"/85a9b236-1e40-4fe1-a884-e1dbdce11510"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"dsr.bet1forward.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877882/; classtype:trojan-activity;sid:84740982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.11.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877881/; classtype:trojan-activity;sid:84740981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.102.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877880/; classtype:trojan-activity;sid:84740980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.160.139.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877879/; classtype:trojan-activity;sid:84740979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.167.189.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877878/; classtype:trojan-activity;sid:84740978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.167.189.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877877/; classtype:trojan-activity;sid:84740977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.11.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877876/; classtype:trojan-activity;sid:84740976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.48.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877875/; classtype:trojan-activity;sid:84740975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.46.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877874/; classtype:trojan-activity;sid:84740974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.75.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877873/; classtype:trojan-activity;sid:84740973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.188.135.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877872/; classtype:trojan-activity;sid:84740972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.121.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877871/; classtype:trojan-activity;sid:84740971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.37.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877870/; classtype:trojan-activity;sid:84740970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.1.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877869/; classtype:trojan-activity;sid:84740969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.46.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877868/; classtype:trojan-activity;sid:84740968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877867)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=a68dd97e-0383-4bb4-8a0e-417de3872ca4"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"4wvw2ekl.jarayemaleyhamval.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877867/; classtype:trojan-activity;sid:84740967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877866)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.11.167.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877866/; classtype:trojan-activity;sid:84740966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877864)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.11.167.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877864/; classtype:trojan-activity;sid:84740964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877865)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.11.167.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877865/; classtype:trojan-activity;sid:84740965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.237.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877863/; classtype:trojan-activity;sid:84740963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.57.51.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877862/; classtype:trojan-activity;sid:84740962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.135.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877861/; classtype:trojan-activity;sid:84740961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.237.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877860/; classtype:trojan-activity;sid:84740960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877859)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=5e4cad7e-e822-425d-9f6b-dc057f064a70"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"1j4lxwuu.1xboropartners.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877859/; classtype:trojan-activity;sid:84740959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.37.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877858/; classtype:trojan-activity;sid:84740958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.255.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877857/; classtype:trojan-activity;sid:84740957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.80.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877856/; classtype:trojan-activity;sid:84740956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.140.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877855/; classtype:trojan-activity;sid:84740955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877854)"; flow:established,from_client; content:"GET"; http_method; content:"/ghost.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.154.43.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877854/; classtype:trojan-activity;sid:84740954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877853)"; flow:established,from_client; content:"GET"; http_method; content:"/ugd/09c1d5_f29a3b493ad342199c678fc221f44af7.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"09c1d5c3-1a6e-4c05-8e4e-eff75c6b5dd6.filesusr.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877853/; classtype:trojan-activity;sid:84740953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877852)"; flow:established,from_client; content:"GET"; http_method; content:"/digital-magicians.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"digital-magicians.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877852/; classtype:trojan-activity;sid:84740952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877850)"; flow:established,from_client; content:"GET"; http_method; content:"//nilapila.docx.psd.pdf.in.sys.nilapila.docx.psd.pdf.in.sys"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"mineiicancry25june2026.blogspot.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877850/; classtype:trojan-activity;sid:84740950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877851)"; flow:established,from_client; content:"GET"; http_method; content:"/atom.xml"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mineiicancry25june2026.blogspot.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877851/; classtype:trojan-activity;sid:84740951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.12.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877849/; classtype:trojan-activity;sid:84740949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.220.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877848/; classtype:trojan-activity;sid:84740948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.12.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877847/; classtype:trojan-activity;sid:84740947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.80.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877846/; classtype:trojan-activity;sid:84740946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.234.188.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877845/; classtype:trojan-activity;sid:84740945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.9.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877844/; classtype:trojan-activity;sid:84740944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877839)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"143.20.185.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877839/; classtype:trojan-activity;sid:84740939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877840)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"143.20.185.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877840/; classtype:trojan-activity;sid:84740940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877841)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"143.20.185.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877841/; classtype:trojan-activity;sid:84740941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877842)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"143.20.185.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877842/; classtype:trojan-activity;sid:84740942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877843)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"143.20.185.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877843/; classtype:trojan-activity;sid:84740943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877833)"; flow:established,from_client; content:"GET"; http_method; content:"/ohpp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877833/; classtype:trojan-activity;sid:84740933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877834)"; flow:established,from_client; content:"GET"; http_method; content:"/ka3l"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877834/; classtype:trojan-activity;sid:84740934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877835)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"143.20.185.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877835/; classtype:trojan-activity;sid:84740935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877836)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"143.20.185.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877836/; classtype:trojan-activity;sid:84740936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877837)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pi686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"143.20.185.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877837/; classtype:trojan-activity;sid:84740937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877838)"; flow:established,from_client; content:"GET"; http_method; content:"/dsxk"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877838/; classtype:trojan-activity;sid:84740938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877831)"; flow:established,from_client; content:"GET"; http_method; content:"/ikp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877831/; classtype:trojan-activity;sid:84740931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877832)"; flow:established,from_client; content:"GET"; http_method; content:"/e2i0"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877832/; classtype:trojan-activity;sid:84740932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877830)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"143.20.185.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877830/; classtype:trojan-activity;sid:84740930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877825)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"143.20.185.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877825/; classtype:trojan-activity;sid:84740925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877826)"; flow:established,from_client; content:"GET"; http_method; content:"/ogw"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877826/; classtype:trojan-activity;sid:84740926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877827)"; flow:established,from_client; content:"GET"; http_method; content:"/ymub"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877827/; classtype:trojan-activity;sid:84740927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877828)"; flow:established,from_client; content:"GET"; http_method; content:"/h53"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877828/; classtype:trojan-activity;sid:84740928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877829)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.192.97.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877829/; classtype:trojan-activity;sid:84740929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877823)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pspc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"143.20.185.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877823/; classtype:trojan-activity;sid:84740923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877824)"; flow:established,from_client; content:"GET"; http_method; content:"/calp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877824/; classtype:trojan-activity;sid:84740924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877822)"; flow:established,from_client; content:"GET"; http_method; content:"/rbmt"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877822/; classtype:trojan-activity;sid:84740922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877820)"; flow:established,from_client; content:"GET"; http_method; content:"/arm64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.92.42.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877820/; classtype:trojan-activity;sid:84740920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877821)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.42.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877821/; classtype:trojan-activity;sid:84740921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877816)"; flow:established,from_client; content:"GET"; http_method; content:"/i386"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.42.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877816/; classtype:trojan-activity;sid:84740916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877817)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.92.42.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877817/; classtype:trojan-activity;sid:84740917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877818)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.42.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877818/; classtype:trojan-activity;sid:84740918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877819)"; flow:established,from_client; content:"GET"; http_method; content:"/android_arm64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.42.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877819/; classtype:trojan-activity;sid:84740919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877815)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.42.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877815/; classtype:trojan-activity;sid:84740915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877812)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.42.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877812/; classtype:trojan-activity;sid:84740912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877813)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsle"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.42.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877813/; classtype:trojan-activity;sid:84740913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877814)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.42.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877814/; classtype:trojan-activity;sid:84740914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877810)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.42.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877810/; classtype:trojan-activity;sid:84740910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877811)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.42.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877811/; classtype:trojan-activity;sid:84740911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877809)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.42.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877809/; classtype:trojan-activity;sid:84740909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.239.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877808/; classtype:trojan-activity;sid:84740908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877807)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_c75f64504b4e352a.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877807/; classtype:trojan-activity;sid:84740907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877806)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_95b15a86a95538ac.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877806/; classtype:trojan-activity;sid:84740906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877804)"; flow:established,from_client; content:"GET"; http_method; content:"/tharsky/thary.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.124.98.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877804/; classtype:trojan-activity;sid:84740904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877805)"; flow:established,from_client; content:"GET"; http_method; content:"/tharsky/tharswag.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"91.124.98.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877805/; classtype:trojan-activity;sid:84740905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877801)"; flow:established,from_client; content:"GET"; http_method; content:"/tharsky/rev.bat"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"91.124.98.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877801/; classtype:trojan-activity;sid:84740901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877802)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/meow_telnet.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"143.20.185.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877802/; classtype:trojan-activity;sid:84740902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877803)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"143.20.185.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877803/; classtype:trojan-activity;sid:84740903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877799)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"143.20.185.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877799/; classtype:trojan-activity;sid:84740899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877800)"; flow:established,from_client; content:"GET"; http_method; content:"/tharsky/thary.bat"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.124.98.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877800/; classtype:trojan-activity;sid:84740900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877798)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"143.20.185.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877798/; classtype:trojan-activity;sid:84740898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877797)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_6a92a8549aa34b51.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877797/; classtype:trojan-activity;sid:84740897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877794)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_bee60de1bbb4b7ab.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877794/; classtype:trojan-activity;sid:84740894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877795)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_03c843c1895def49.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877795/; classtype:trojan-activity;sid:84740895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877796)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_693c5dc771ac90cb.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877796/; classtype:trojan-activity;sid:84740896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877793)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=058a1476-c4de-47fd-9f5e-ead5ac6e07fe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"4cfyhd61.fagaheestedlali.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877793/; classtype:trojan-activity;sid:84740893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.111.150.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877792/; classtype:trojan-activity;sid:84740892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.9.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877791/; classtype:trojan-activity;sid:84740891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.234.188.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877790/; classtype:trojan-activity;sid:84740890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.239.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877789/; classtype:trojan-activity;sid:84740889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.201.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877788/; classtype:trojan-activity;sid:84740888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.131.92.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877787/; classtype:trojan-activity;sid:84740887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.245.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877786/; classtype:trojan-activity;sid:84740886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.176.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877784/; classtype:trojan-activity;sid:84740884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.94.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877785/; classtype:trojan-activity;sid:84740885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.245.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877783/; classtype:trojan-activity;sid:84740883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.81.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877782/; classtype:trojan-activity;sid:84740882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877781)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=1036b41a-d93d-4992-8e29-932df1c72ed5"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"6xbjz1e7.1xfa.bio"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877781/; classtype:trojan-activity;sid:84740881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.107.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877780/; classtype:trojan-activity;sid:84740880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.107.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877779/; classtype:trojan-activity;sid:84740879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.107.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877778/; classtype:trojan-activity;sid:84740878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.128.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877777/; classtype:trojan-activity;sid:84740877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.81.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877776/; classtype:trojan-activity;sid:84740876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.96.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877775/; classtype:trojan-activity;sid:84740875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.109.134.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877774/; classtype:trojan-activity;sid:84740874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877773)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_31672aaa7b76bc5a.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877773/; classtype:trojan-activity;sid:84740873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.176.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877772/; classtype:trojan-activity;sid:84740872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.220.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877771/; classtype:trojan-activity;sid:84740871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.119.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877770/; classtype:trojan-activity;sid:84740870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.128.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877769/; classtype:trojan-activity;sid:84740869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877768)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d1bb1d2c-2890-4bd1-b197-cc07646f28ec"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bp8ahtdg.blackjackonlineplay83.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877768/; classtype:trojan-activity;sid:84740868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.253.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877767/; classtype:trojan-activity;sid:84740867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.247.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877766/; classtype:trojan-activity;sid:84740866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.247.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877765/; classtype:trojan-activity;sid:84740865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877764)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=0facc4d1-f3c2-44d9-9cfd-38c548f3e74b"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"pyi9pmd8.1xbetpartnersiran.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877764/; classtype:trojan-activity;sid:84740864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.38.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877763/; classtype:trojan-activity;sid:84740863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.254.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877762/; classtype:trojan-activity;sid:84740862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877761)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=e68af1fa-4e19-4ecc-baff-979d88c49533"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"9lw19l8l.betbuf.live"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877761/; classtype:trojan-activity;sid:84740861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.254.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877760/; classtype:trojan-activity;sid:84740860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.107.92.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877758/; classtype:trojan-activity;sid:84740858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.8.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877759/; classtype:trojan-activity;sid:84740859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.118.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877757/; classtype:trojan-activity;sid:84740857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877756)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_d0fcf96895b96f6f.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877756/; classtype:trojan-activity;sid:84740856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.8.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877755/; classtype:trojan-activity;sid:84740855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.107.92.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877754/; classtype:trojan-activity;sid:84740854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.54.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877753/; classtype:trojan-activity;sid:84740853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.54.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877752/; classtype:trojan-activity;sid:84740852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.118.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877751/; classtype:trojan-activity;sid:84740851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.239.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877750/; classtype:trojan-activity;sid:84740850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.159.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877749/; classtype:trojan-activity;sid:84740849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.154.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877748/; classtype:trojan-activity;sid:84740848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.77.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877747/; classtype:trojan-activity;sid:84740847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.159.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877746/; classtype:trojan-activity;sid:84740846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.45.56.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877745/; classtype:trojan-activity;sid:84740845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.70.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_29; reference:url, urlhaus.abuse.ch/url/3877744/; classtype:trojan-activity;sid:84740844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877743)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=8395836d-84d5-4b75-bfb4-532961a83e31"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"gmyaxgk8.yekshart.app"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877743/; classtype:trojan-activity;sid:84740843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877742)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=8c8d4693-f245-4a0b-9c04-e9c88c6627aa"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"zyzghess.313betapk.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877742/; classtype:trojan-activity;sid:84740842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.45.56.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877741/; classtype:trojan-activity;sid:84740841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.235.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877740/; classtype:trojan-activity;sid:84740840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.126.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877739/; classtype:trojan-activity;sid:84740839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.173.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877738/; classtype:trojan-activity;sid:84740838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.235.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877737/; classtype:trojan-activity;sid:84740837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.9.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877736/; classtype:trojan-activity;sid:84740836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.85.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877735/; classtype:trojan-activity;sid:84740835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.77.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877734/; classtype:trojan-activity;sid:84740834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.85.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877733/; classtype:trojan-activity;sid:84740833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877732)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/proxy.armv5l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"72.56.52.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877732/; classtype:trojan-activity;sid:84740832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877729)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/proxy.mipsel"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"72.56.52.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877729/; classtype:trojan-activity;sid:84740829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877730)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.56.52.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877730/; classtype:trojan-activity;sid:84740830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877731)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/proxy.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"72.56.52.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877731/; classtype:trojan-activity;sid:84740831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877728)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_c56fe58aebd99210.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877728/; classtype:trojan-activity;sid:84740828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.203.133.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877727/; classtype:trojan-activity;sid:84740827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.134.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877726/; classtype:trojan-activity;sid:84740826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.140.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877725/; classtype:trojan-activity;sid:84740825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.140.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877724/; classtype:trojan-activity;sid:84740824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.185.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877723/; classtype:trojan-activity;sid:84740823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.146.92.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877722/; classtype:trojan-activity;sid:84740822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877721)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_114ae27f0f233125.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877721/; classtype:trojan-activity;sid:84740821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877719)"; flow:established,from_client; content:"GET"; http_method; content:"/main_aarch64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.154.43.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877719/; classtype:trojan-activity;sid:84740819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877720)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877720/; classtype:trojan-activity;sid:84740820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877718)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877718/; classtype:trojan-activity;sid:84740818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877717)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.154.43.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877717/; classtype:trojan-activity;sid:84740817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877716)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877716/; classtype:trojan-activity;sid:84740816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877715)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.154.43.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877715/; classtype:trojan-activity;sid:84740815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877711)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.154.43.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877711/; classtype:trojan-activity;sid:84740811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877712)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877712/; classtype:trojan-activity;sid:84740812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877713)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.154.43.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877713/; classtype:trojan-activity;sid:84740813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877714)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877714/; classtype:trojan-activity;sid:84740814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877710)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.154.43.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877710/; classtype:trojan-activity;sid:84740810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877709)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.154.43.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877709/; classtype:trojan-activity;sid:84740809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877708)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=9cdfeca6-12c8-4d7c-8465-88e1f2af1a60"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"8zdusrwn.xbetone.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877708/; classtype:trojan-activity;sid:84740808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.120.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877707/; classtype:trojan-activity;sid:84740807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877706)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.43.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877706/; classtype:trojan-activity;sid:84740806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877705)"; flow:established,from_client; content:"GET"; http_method; content:"/95460196-1102-499d-9e6e-cd30b5a0cd4f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"dows.sabad724.bio"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877705/; classtype:trojan-activity;sid:84740805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877704)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/tedy324/federation-host@aa596d3/strict"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877704/; classtype:trojan-activity;sid:84740804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877703)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=126bfe76-429c-44e9-af64-07a521331b01"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"htfll3q5.1x303.casino"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877703/; classtype:trojan-activity;sid:84740803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877702)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/x86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.248.100.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877702/; classtype:trojan-activity;sid:84740802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877701)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv6l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.248.100.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877701/; classtype:trojan-activity;sid:84740801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877699)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv7l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.248.100.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877699/; classtype:trojan-activity;sid:84740799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877700)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv5l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.248.100.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877700/; classtype:trojan-activity;sid:84740800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877692)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/aarch64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"162.248.100.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877692/; classtype:trojan-activity;sid:84740792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877693)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv4l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.248.100.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877693/; classtype:trojan-activity;sid:84740793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877694)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/m68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"162.248.100.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877694/; classtype:trojan-activity;sid:84740794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877695)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/x86_64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.248.100.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877695/; classtype:trojan-activity;sid:84740795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877696)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.248.100.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877696/; classtype:trojan-activity;sid:84740796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877697)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/ppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.248.100.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877697/; classtype:trojan-activity;sid:84740797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877698)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mips64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.248.100.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877698/; classtype:trojan-activity;sid:84740798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.51.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877691/; classtype:trojan-activity;sid:84740791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877690)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"162.248.100.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877690/; classtype:trojan-activity;sid:84740790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877688)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"162.248.100.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877688/; classtype:trojan-activity;sid:84740788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877689)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/lterouter"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"162.248.100.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877689/; classtype:trojan-activity;sid:84740789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.160.186.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877687/; classtype:trojan-activity;sid:84740787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.51.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877686/; classtype:trojan-activity;sid:84740786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.120.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877685/; classtype:trojan-activity;sid:84740785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.33.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877684/; classtype:trojan-activity;sid:84740784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877683)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_27872a5c0fad9cef.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877683/; classtype:trojan-activity;sid:84740783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877682)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7411337060/mkdxmr7.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877682/; classtype:trojan-activity;sid:84740782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.132.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877680/; classtype:trojan-activity;sid:84740780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.250.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877679/; classtype:trojan-activity;sid:84740779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.33.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877678/; classtype:trojan-activity;sid:84740778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877677)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mossad.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877677/; classtype:trojan-activity;sid:84740777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/sora.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877676/; classtype:trojan-activity;sid:84740776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877675)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/nerv.x86"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877675/; classtype:trojan-activity;sid:84740775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877674)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/main.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877674/; classtype:trojan-activity;sid:84740774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.132.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877673/; classtype:trojan-activity;sid:84740773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877672)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877672/; classtype:trojan-activity;sid:84740772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877671)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877671/; classtype:trojan-activity;sid:84740771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.203.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877670/; classtype:trojan-activity;sid:84740770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/nerv.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877669/; classtype:trojan-activity;sid:84740769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/bot.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877668/; classtype:trojan-activity;sid:84740768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877667)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nerv.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877667/; classtype:trojan-activity;sid:84740767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877665)"; flow:established,from_client; content:"GET"; http_method; content:"/kia.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877665/; classtype:trojan-activity;sid:84740765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877664)"; flow:established,from_client; content:"GET"; http_method; content:"/kimwolf.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877664/; classtype:trojan-activity;sid:84740764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877663)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/ducky.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877663/; classtype:trojan-activity;sid:84740763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877662)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/aisuru.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877662/; classtype:trojan-activity;sid:84740762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.250.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877661/; classtype:trojan-activity;sid:84740761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/main.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877660/; classtype:trojan-activity;sid:84740760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877659)"; flow:established,from_client; content:"GET"; http_method; content:"/ducky.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877659/; classtype:trojan-activity;sid:84740759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.151.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877658/; classtype:trojan-activity;sid:84740758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877657)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mossad.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877657/; classtype:trojan-activity;sid:84740757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877656)"; flow:established,from_client; content:"GET"; http_method; content:"/kia.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877656/; classtype:trojan-activity;sid:84740756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877655)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877655/; classtype:trojan-activity;sid:84740755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877654)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=a5eef300-c272-4fec-9464-9dbba9c9887c"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"o2rfpbnw.vip1xbet.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877654/; classtype:trojan-activity;sid:84740754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877653)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/aisuru.x86_64"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877653/; classtype:trojan-activity;sid:84740753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.29.223.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877652/; classtype:trojan-activity;sid:84740752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877651)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877651/; classtype:trojan-activity;sid:84740751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877650)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/kia.x86_64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877650/; classtype:trojan-activity;sid:84740750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/mossad.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877649/; classtype:trojan-activity;sid:84740749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877648)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sorrow.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877648/; classtype:trojan-activity;sid:84740748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.216.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877647/; classtype:trojan-activity;sid:84740747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.29.223.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877646/; classtype:trojan-activity;sid:84740746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/kia.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877645/; classtype:trojan-activity;sid:84740745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877644)"; flow:established,from_client; content:"GET"; http_method; content:"/tadashi.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877644/; classtype:trojan-activity;sid:84740744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.188.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877643/; classtype:trojan-activity;sid:84740743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.80.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877642/; classtype:trojan-activity;sid:84740742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.240.161.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877641/; classtype:trojan-activity;sid:84740741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877640)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877640/; classtype:trojan-activity;sid:84740740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.151.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877639/; classtype:trojan-activity;sid:84740739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877638)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/x86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877638/; classtype:trojan-activity;sid:84740738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877637/; classtype:trojan-activity;sid:84740737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877636)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/aisuru.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877636/; classtype:trojan-activity;sid:84740736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.111.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877635/; classtype:trojan-activity;sid:84740735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877634)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/kimwolf.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877634/; classtype:trojan-activity;sid:84740734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877633)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/kimwolf.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877633/; classtype:trojan-activity;sid:84740733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.214.181.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877632/; classtype:trojan-activity;sid:84740732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877631)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/main.x86"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877631/; classtype:trojan-activity;sid:84740731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877630)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tadashi.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877630/; classtype:trojan-activity;sid:84740730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877629)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nerv.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877629/; classtype:trojan-activity;sid:84740729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/tuxbot.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877628/; classtype:trojan-activity;sid:84740728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877627)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/ducky.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877627/; classtype:trojan-activity;sid:84740727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/kia.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877626/; classtype:trojan-activity;sid:84740726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.209.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877625/; classtype:trojan-activity;sid:84740725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/boatnet.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877624/; classtype:trojan-activity;sid:84740724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/tadashi.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877623/; classtype:trojan-activity;sid:84740723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877622)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/kimwolf.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877622/; classtype:trojan-activity;sid:84740722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877621)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/untouchable.x86_64"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877621/; classtype:trojan-activity;sid:84740721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.176.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877620/; classtype:trojan-activity;sid:84740720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.111.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877619/; classtype:trojan-activity;sid:84740719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877618)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/ducky.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877618/; classtype:trojan-activity;sid:84740718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.33.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877617/; classtype:trojan-activity;sid:84740717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877616)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=f5616877-43ea-44a0-af3e-9fee4d808652"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"fjy9zygx.1xsignupbet.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877616/; classtype:trojan-activity;sid:84740716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.214.181.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877615/; classtype:trojan-activity;sid:84740715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.209.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877614/; classtype:trojan-activity;sid:84740714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.38.65.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877613/; classtype:trojan-activity;sid:84740713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.70.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877612/; classtype:trojan-activity;sid:84740712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.80.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877611/; classtype:trojan-activity;sid:84740711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.68.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877610/; classtype:trojan-activity;sid:84740710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877602)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.148.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877602/; classtype:trojan-activity;sid:84740702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877603)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.148.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877603/; classtype:trojan-activity;sid:84740703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877604)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.148.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877604/; classtype:trojan-activity;sid:84740704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877605)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.148.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877605/; classtype:trojan-activity;sid:84740705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877606)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.148.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877606/; classtype:trojan-activity;sid:84740706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877607)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.148.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877607/; classtype:trojan-activity;sid:84740707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877608)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.148.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877608/; classtype:trojan-activity;sid:84740708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877609)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.148.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877609/; classtype:trojan-activity;sid:84740709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877601)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877601/; classtype:trojan-activity;sid:84740701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877600)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877600/; classtype:trojan-activity;sid:84740700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877596)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.148.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877596/; classtype:trojan-activity;sid:84740696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877597)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.148.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877597/; classtype:trojan-activity;sid:84740697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877598)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.148.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877598/; classtype:trojan-activity;sid:84740698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877599)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.148.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877599/; classtype:trojan-activity;sid:84740699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.158.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877595/; classtype:trojan-activity;sid:84740695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.65.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877594/; classtype:trojan-activity;sid:84740694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.180.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877593/; classtype:trojan-activity;sid:84740693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877592)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=af0d06a2-5a16-4cae-806e-0287433b22f8"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"huz6wkqi.mokatebatedari.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877592/; classtype:trojan-activity;sid:84740692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.120.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877591/; classtype:trojan-activity;sid:84740691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.92.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877590/; classtype:trojan-activity;sid:84740690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.146.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877589/; classtype:trojan-activity;sid:84740689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.146.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877588/; classtype:trojan-activity;sid:84740688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.203.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877587/; classtype:trojan-activity;sid:84740687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.13.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877586/; classtype:trojan-activity;sid:84740686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.92.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877585/; classtype:trojan-activity;sid:84740685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.54.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877584/; classtype:trojan-activity;sid:84740684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.131.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877583/; classtype:trojan-activity;sid:84740683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"140.237.48.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877582/; classtype:trojan-activity;sid:84740682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.68.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877581/; classtype:trojan-activity;sid:84740681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877580)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=ac8f87a6-f517-4bf1-95ae-c31b080c5189"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bf4nlm15.1xboropartners.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877580/; classtype:trojan-activity;sid:84740680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.247.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877579/; classtype:trojan-activity;sid:84740679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.166.248.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877578/; classtype:trojan-activity;sid:84740678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.188.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877577/; classtype:trojan-activity;sid:84740677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.93.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877576/; classtype:trojan-activity;sid:84740676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877575)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d4cf1129-cffc-4675-acd4-e90adb7640b0"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ss70wuy0.jarayemaleyhamval.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877575/; classtype:trojan-activity;sid:84740675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"140.237.48.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877574/; classtype:trojan-activity;sid:84740674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"193.202.84.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877573/; classtype:trojan-activity;sid:84740673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"193.202.84.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877572/; classtype:trojan-activity;sid:84740672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"64.89.161.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877571/; classtype:trojan-activity;sid:84740671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.9.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877570/; classtype:trojan-activity;sid:84740670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877569)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.192.97.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877569/; classtype:trojan-activity;sid:84740669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.221.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877568/; classtype:trojan-activity;sid:84740668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.6.169.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877567/; classtype:trojan-activity;sid:84740667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877566)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_4572f734680cd610.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877566/; classtype:trojan-activity;sid:84740666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877565)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nightmare-cheats.pw"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877565/; classtype:trojan-activity;sid:84740665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877563)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_b51c36e8b987a353.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877563/; classtype:trojan-activity;sid:84740663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877564)"; flow:established,from_client; content:"GET"; http_method; content:"/troubleshoot.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"199.217.98.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877564/; classtype:trojan-activity;sid:84740664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877561)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_05de27fb2e5e386e.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877561/; classtype:trojan-activity;sid:84740661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877562)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_d47a28124e19d797.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877562/; classtype:trojan-activity;sid:84740662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877560)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_63220d65d215e423.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877560/; classtype:trojan-activity;sid:84740660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.173.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877554/; classtype:trojan-activity;sid:84740654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.30.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877547/; classtype:trojan-activity;sid:84740647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.30.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877546/; classtype:trojan-activity;sid:84740646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.70.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877541/; classtype:trojan-activity;sid:84740641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.157.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877528/; classtype:trojan-activity;sid:84740628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.171.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877525/; classtype:trojan-activity;sid:84740625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877521)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=cc1b2274-b0ce-4534-99ea-cfbe5ce7f7c0"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"2lhhe5ae.1xfa.bio"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877521/; classtype:trojan-activity;sid:84740621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.67.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877520/; classtype:trojan-activity;sid:84740620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877519)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=0c697aa4-c1d5-4ca2-ab87-dc440611668d"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"nqxr9m1i.iranfitness.top"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877519/; classtype:trojan-activity;sid:84740619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.202.190.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877495/; classtype:trojan-activity;sid:84740595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.157.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877494/; classtype:trojan-activity;sid:84740594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.42.89.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877486/; classtype:trojan-activity;sid:84740586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.42.89.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877484/; classtype:trojan-activity;sid:84740584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.202.190.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877469/; classtype:trojan-activity;sid:84740569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.233.193.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877463/; classtype:trojan-activity;sid:84740563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.14.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877462/; classtype:trojan-activity;sid:84740562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.14.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877461/; classtype:trojan-activity;sid:84740561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.122.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877460/; classtype:trojan-activity;sid:84740560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.158.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877459/; classtype:trojan-activity;sid:84740559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.38.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877458/; classtype:trojan-activity;sid:84740558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.132.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877457/; classtype:trojan-activity;sid:84740557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.89.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877456/; classtype:trojan-activity;sid:84740556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.187.27.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877455/; classtype:trojan-activity;sid:84740555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.252.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877454/; classtype:trojan-activity;sid:84740554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.120.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877453/; classtype:trojan-activity;sid:84740553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.132.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877452/; classtype:trojan-activity;sid:84740552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.37.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877451/; classtype:trojan-activity;sid:84740551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.199.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877450/; classtype:trojan-activity;sid:84740550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877449)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=86c131bf-7487-4aa9-92e3-ef36a70661a0"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"obzs81jf.fagaheestedlali.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877449/; classtype:trojan-activity;sid:84740549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877448)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=3f3832a4-be67-437c-802a-1b46455b042b"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"1bmaiu5y.1xbetpartnersiran.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877448/; classtype:trojan-activity;sid:84740548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.38.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877447/; classtype:trojan-activity;sid:84740547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.248.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877446/; classtype:trojan-activity;sid:84740546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.188.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877445/; classtype:trojan-activity;sid:84740545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.89.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877444/; classtype:trojan-activity;sid:84740544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.89.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877443/; classtype:trojan-activity;sid:84740543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877442)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.119.53.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877442/; classtype:trojan-activity;sid:84740542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.227.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877441/; classtype:trojan-activity;sid:84740541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.36.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877440/; classtype:trojan-activity;sid:84740540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.253.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877439/; classtype:trojan-activity;sid:84740539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.36.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877438/; classtype:trojan-activity;sid:84740538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877437)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"2.26.123.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877437/; classtype:trojan-activity;sid:84740537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.23.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877436/; classtype:trojan-activity;sid:84740536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877435)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=eeb673e7-c88d-40c6-bdee-59feb3a40aa8"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"1v6qcobc.betbuf.live"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877435/; classtype:trojan-activity;sid:84740535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.227.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877434/; classtype:trojan-activity;sid:84740534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.64.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877433/; classtype:trojan-activity;sid:84740533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.230.240.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877432/; classtype:trojan-activity;sid:84740532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.120.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877431/; classtype:trojan-activity;sid:84740531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.239.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877430/; classtype:trojan-activity;sid:84740530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877429)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=82a8bad5-e835-4eea-9903-dca086c8c34f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"rjjgfvu6.vip1xbet.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877429/; classtype:trojan-activity;sid:84740529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.1.26.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877428/; classtype:trojan-activity;sid:84740528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.1.26.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877427/; classtype:trojan-activity;sid:84740527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.142.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877425/; classtype:trojan-activity;sid:84740525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.152.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877426/; classtype:trojan-activity;sid:84740526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.93.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877424/; classtype:trojan-activity;sid:84740524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.88.7.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877423/; classtype:trojan-activity;sid:84740523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877420)"; flow:established,from_client; content:"GET"; http_method; content:"/b16"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877420/; classtype:trojan-activity;sid:84740520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877421)"; flow:established,from_client; content:"GET"; http_method; content:"/6f8"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877421/; classtype:trojan-activity;sid:84740521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877422)"; flow:established,from_client; content:"GET"; http_method; content:"/eqa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877422/; classtype:trojan-activity;sid:84740522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877412)"; flow:established,from_client; content:"GET"; http_method; content:"/aptl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877412/; classtype:trojan-activity;sid:84740512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877413)"; flow:established,from_client; content:"GET"; http_method; content:"/c3a"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877413/; classtype:trojan-activity;sid:84740513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877414)"; flow:established,from_client; content:"GET"; http_method; content:"/x5b"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877414/; classtype:trojan-activity;sid:84740514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877415)"; flow:established,from_client; content:"GET"; http_method; content:"/1q8s"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877415/; classtype:trojan-activity;sid:84740515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877416)"; flow:established,from_client; content:"GET"; http_method; content:"/pmkq"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877416/; classtype:trojan-activity;sid:84740516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877417)"; flow:established,from_client; content:"GET"; http_method; content:"/5e1"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877417/; classtype:trojan-activity;sid:84740517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877418)"; flow:established,from_client; content:"GET"; http_method; content:"/r0vi"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877418/; classtype:trojan-activity;sid:84740518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877419)"; flow:established,from_client; content:"GET"; http_method; content:"/1zah"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877419/; classtype:trojan-activity;sid:84740519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877411)"; flow:established,from_client; content:"GET"; http_method; content:"/android_arm64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.42.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877411/; classtype:trojan-activity;sid:84740511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877409)"; flow:established,from_client; content:"GET"; http_method; content:"/bww"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877409/; classtype:trojan-activity;sid:84740509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877410)"; flow:established,from_client; content:"GET"; http_method; content:"/pc33"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877410/; classtype:trojan-activity;sid:84740510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877407)"; flow:established,from_client; content:"GET"; http_method; content:"/sxr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877407/; classtype:trojan-activity;sid:84740507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877408)"; flow:established,from_client; content:"GET"; http_method; content:"/8xx"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877408/; classtype:trojan-activity;sid:84740508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877394/; classtype:trojan-activity;sid:84740494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877309)"; flow:established,from_client; content:"GET"; http_method; content:"/kimwolf.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877309/; classtype:trojan-activity;sid:84740409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877300/; classtype:trojan-activity;sid:84740400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877301)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mossad.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"85.11.167.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877301/; classtype:trojan-activity;sid:84740401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877254)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_4b52551724e14b53.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877254/; classtype:trojan-activity;sid:84740354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877245)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_3922586d68ff0b99.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877245/; classtype:trojan-activity;sid:84740345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877246)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_953a0cc5e541d8cb.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877246/; classtype:trojan-activity;sid:84740346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877240)"; flow:established,from_client; content:"GET"; http_method; content:"/arm64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"falhuhna.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877240/; classtype:trojan-activity;sid:84740340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877241)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsle"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"falhuhna.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877241/; classtype:trojan-activity;sid:84740341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877242)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"falhuhna.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877242/; classtype:trojan-activity;sid:84740342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877243)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"falhuhna.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877243/; classtype:trojan-activity;sid:84740343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877244)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"falhuhna.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877244/; classtype:trojan-activity;sid:84740344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877239)"; flow:established,from_client; content:"GET"; http_method; content:"/figural_1.3.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"figural.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877239/; classtype:trojan-activity;sid:84740339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877238)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"falhuhna.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877238/; classtype:trojan-activity;sid:84740338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877232)"; flow:established,from_client; content:"GET"; http_method; content:"/i386"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"falhuhna.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877232/; classtype:trojan-activity;sid:84740332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877233)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"falhuhna.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877233/; classtype:trojan-activity;sid:84740333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877234)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"falhuhna.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877234/; classtype:trojan-activity;sid:84740334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877235)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"falhuhna.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877235/; classtype:trojan-activity;sid:84740335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877236)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"falhuhna.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877236/; classtype:trojan-activity;sid:84740336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877237)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"falhuhna.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877237/; classtype:trojan-activity;sid:84740337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877231)"; flow:established,from_client; content:"GET"; http_method; content:"/bonavol_2.3.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"moshatech.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877231/; classtype:trojan-activity;sid:84740331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877228)"; flow:established,from_client; content:"GET"; http_method; content:"/.ssa-auth-connect/scn/reff/screenconnect.clientsetup.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"encalabrino.life"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877228/; classtype:trojan-activity;sid:84740328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877229)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.109.200.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877229/; classtype:trojan-activity;sid:84740329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877230)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.109.200.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877230/; classtype:trojan-activity;sid:84740330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877227)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"werknova.co"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877227/; classtype:trojan-activity;sid:84740327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877226)"; flow:established,from_client; content:"GET"; http_method; content:"/snh5ye.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"202604157.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877226/; classtype:trojan-activity;sid:84740326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877222)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_39e00d6f9516aa4f.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877222/; classtype:trojan-activity;sid:84740322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877223)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_046d722173c8d9e4.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877223/; classtype:trojan-activity;sid:84740323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877224)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_6b79ab0a9691dd23.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877224/; classtype:trojan-activity;sid:84740324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877225)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_ae76c4af6a3c828a.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877225/; classtype:trojan-activity;sid:84740325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.142.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877220/; classtype:trojan-activity;sid:84740320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.239.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877221/; classtype:trojan-activity;sid:84740321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.152.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877219/; classtype:trojan-activity;sid:84740319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877218)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=4c125cff-6650-4bff-8a19-c384ecf6b1d3"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wcg4ao7n.taktikbet.bio"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877218/; classtype:trojan-activity;sid:84740318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.75.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877217/; classtype:trojan-activity;sid:84740317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.60.122.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877216/; classtype:trojan-activity;sid:84740316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.220.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877215/; classtype:trojan-activity;sid:84740315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.128.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877214/; classtype:trojan-activity;sid:84740314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.101.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877213/; classtype:trojan-activity;sid:84740313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.35.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877212/; classtype:trojan-activity;sid:84740312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.136.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877211/; classtype:trojan-activity;sid:84740311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.220.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877210/; classtype:trojan-activity;sid:84740310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.60.122.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877209/; classtype:trojan-activity;sid:84740309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.10.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877208/; classtype:trojan-activity;sid:84740308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877207)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d4eba9a3-6cd6-4f69-b6b0-b0e9b86a044f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"fom7mdmz.1x303.casino"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877207/; classtype:trojan-activity;sid:84740307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.133.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877206/; classtype:trojan-activity;sid:84740306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"198.2.108.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877205/; classtype:trojan-activity;sid:84740305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"68.185.152.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877204/; classtype:trojan-activity;sid:84740304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.101.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877203/; classtype:trojan-activity;sid:84740303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.2.185.103"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877202/; classtype:trojan-activity;sid:84740302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.133.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877201/; classtype:trojan-activity;sid:84740301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"68.185.152.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877200/; classtype:trojan-activity;sid:84740300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.10.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877199/; classtype:trojan-activity;sid:84740299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.62.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877198/; classtype:trojan-activity;sid:84740298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877197)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=2d28c619-d9f9-4566-a5d1-1113477c05f9"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"c0yc77zn.blackjackonlineplay83.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877197/; classtype:trojan-activity;sid:84740297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.187.27.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877196/; classtype:trojan-activity;sid:84740296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.233.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877195/; classtype:trojan-activity;sid:84740295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.161.116.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877194/; classtype:trojan-activity;sid:84740294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.233.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877193/; classtype:trojan-activity;sid:84740293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.204.157.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877191/; classtype:trojan-activity;sid:84740291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.62.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877192/; classtype:trojan-activity;sid:84740292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.234.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877190/; classtype:trojan-activity;sid:84740290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.161.116.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877189/; classtype:trojan-activity;sid:84740289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.229.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877188/; classtype:trojan-activity;sid:84740288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.229.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877187/; classtype:trojan-activity;sid:84740287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.180.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877186/; classtype:trojan-activity;sid:84740286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.199.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877185/; classtype:trojan-activity;sid:84740285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.199.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877184/; classtype:trojan-activity;sid:84740284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.169.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877183/; classtype:trojan-activity;sid:84740283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.250.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877182/; classtype:trojan-activity;sid:84740282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.67.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877181/; classtype:trojan-activity;sid:84740281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.157.80.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877180/; classtype:trojan-activity;sid:84740280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.250.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877179/; classtype:trojan-activity;sid:84740279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877178)"; flow:established,from_client; content:"GET"; http_method; content:"/flutter.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"141.11.88.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877178/; classtype:trojan-activity;sid:84740278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877175)"; flow:established,from_client; content:"GET"; http_method; content:"/flutter.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"141.11.88.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877175/; classtype:trojan-activity;sid:84740275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877176)"; flow:established,from_client; content:"GET"; http_method; content:"/flutter.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"141.11.88.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877176/; classtype:trojan-activity;sid:84740276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877177)"; flow:established,from_client; content:"GET"; http_method; content:"/flutter.mipsel"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"141.11.88.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877177/; classtype:trojan-activity;sid:84740277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877173)"; flow:established,from_client; content:"GET"; http_method; content:"/flutter.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"141.11.88.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877173/; classtype:trojan-activity;sid:84740273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877174)"; flow:established,from_client; content:"GET"; http_method; content:"/flutter.arm8"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"141.11.88.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877174/; classtype:trojan-activity;sid:84740274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877170)"; flow:established,from_client; content:"GET"; http_method; content:"/flutter.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"141.11.88.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877170/; classtype:trojan-activity;sid:84740270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877171)"; flow:established,from_client; content:"GET"; http_method; content:"/flutter.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"141.11.88.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877171/; classtype:trojan-activity;sid:84740271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877172)"; flow:established,from_client; content:"GET"; http_method; content:"/flutter.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"141.11.88.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877172/; classtype:trojan-activity;sid:84740272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877169)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=e271fa88-8f8f-4884-91d9-a86bebfa000e"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"24vrv9o2.yekshart.app"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877169/; classtype:trojan-activity;sid:84740269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877168)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=3fa9f39e-3575-4945-8e2a-f78843d419f8"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"d30ld0sk.313betapk.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877168/; classtype:trojan-activity;sid:84740268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.234.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877167/; classtype:trojan-activity;sid:84740267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877165)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.192.97.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877165/; classtype:trojan-activity;sid:84740265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.234.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877166/; classtype:trojan-activity;sid:84740266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877163)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877163/; classtype:trojan-activity;sid:84740263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877164)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.192.97.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877164/; classtype:trojan-activity;sid:84740264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.157.80.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877162/; classtype:trojan-activity;sid:84740262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877161)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.40.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877161/; classtype:trojan-activity;sid:84740261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877157)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.40.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877157/; classtype:trojan-activity;sid:84740257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877158)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsle"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.40.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877158/; classtype:trojan-activity;sid:84740258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877159)"; flow:established,from_client; content:"GET"; http_method; content:"/android_arm64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.40.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877159/; classtype:trojan-activity;sid:84740259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877160)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.40.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877160/; classtype:trojan-activity;sid:84740260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877151)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.40.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877151/; classtype:trojan-activity;sid:84740251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877152)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.92.40.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877152/; classtype:trojan-activity;sid:84740252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877153)"; flow:established,from_client; content:"GET"; http_method; content:"/i386"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.40.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877153/; classtype:trojan-activity;sid:84740253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877154)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.40.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877154/; classtype:trojan-activity;sid:84740254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877155)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.40.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877155/; classtype:trojan-activity;sid:84740255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877156)"; flow:established,from_client; content:"GET"; http_method; content:"/arm64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.92.40.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877156/; classtype:trojan-activity;sid:84740256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877149)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.40.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877149/; classtype:trojan-activity;sid:84740249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877150)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.40.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877150/; classtype:trojan-activity;sid:84740250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.128.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877148/; classtype:trojan-activity;sid:84740248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.241.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877147/; classtype:trojan-activity;sid:84740247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.187.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877146/; classtype:trojan-activity;sid:84740246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.144.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877145/; classtype:trojan-activity;sid:84740245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.144.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877144/; classtype:trojan-activity;sid:84740244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.169.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877143/; classtype:trojan-activity;sid:84740243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.7.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877142/; classtype:trojan-activity;sid:84740242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.240.161.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877141/; classtype:trojan-activity;sid:84740241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.6.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877140/; classtype:trojan-activity;sid:84740240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.120.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877139/; classtype:trojan-activity;sid:84740239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877138)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=fb4b2001-5387-48a2-9bdc-f88e3166fbe5"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"2ffuyto6.taktikbet.bio"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877138/; classtype:trojan-activity;sid:84740238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877137)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=cc61e0d3-2457-4c56-8f75-52508e386a92"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cd5p7l7t.xbetone.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877137/; classtype:trojan-activity;sid:84740237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.91.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877136/; classtype:trojan-activity;sid:84740236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877135)"; flow:established,from_client; content:"GET"; http_method; content:"/flutter.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"141.11.88.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877135/; classtype:trojan-activity;sid:84740235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877134)"; flow:established,from_client; content:"GET"; http_method; content:"/flutter.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"141.11.88.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877134/; classtype:trojan-activity;sid:84740234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.71.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877133/; classtype:trojan-activity;sid:84740233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.255.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877132/; classtype:trojan-activity;sid:84740232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.188.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877131/; classtype:trojan-activity;sid:84740231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.235.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877130/; classtype:trojan-activity;sid:84740230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.20.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877129/; classtype:trojan-activity;sid:84740229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.51.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877128/; classtype:trojan-activity;sid:84740228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.235.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877127/; classtype:trojan-activity;sid:84740227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877126)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=840a3f93-4b37-4b28-ba95-f500c82d58be"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"vfu1w9au.honarrang.online"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877126/; classtype:trojan-activity;sid:84740226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.239.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877125/; classtype:trojan-activity;sid:84740225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.240.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877124/; classtype:trojan-activity;sid:84740224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.239.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877123/; classtype:trojan-activity;sid:84740223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.51.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877122/; classtype:trojan-activity;sid:84740222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.57.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877121/; classtype:trojan-activity;sid:84740221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.244.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877120/; classtype:trojan-activity;sid:84740220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.85.111.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877119/; classtype:trojan-activity;sid:84740219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.240.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877118/; classtype:trojan-activity;sid:84740218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.142.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877117/; classtype:trojan-activity;sid:84740217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877116)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=03e4c7d0-10b4-4f77-b0c3-7e9c498dd7dd"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"t71awqhc.1xsignupbet.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877116/; classtype:trojan-activity;sid:84740216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.2.185.103"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877115/; classtype:trojan-activity;sid:84740215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.112.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877114/; classtype:trojan-activity;sid:84740214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.43.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877113/; classtype:trojan-activity;sid:84740213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.142.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877112/; classtype:trojan-activity;sid:84740212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.43.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877111/; classtype:trojan-activity;sid:84740211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.133.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877110/; classtype:trojan-activity;sid:84740210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.215.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877109/; classtype:trojan-activity;sid:84740209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.200.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877108/; classtype:trojan-activity;sid:84740208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.147.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877107/; classtype:trojan-activity;sid:84740207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.158.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877106/; classtype:trojan-activity;sid:84740206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.158.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877105/; classtype:trojan-activity;sid:84740205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.76.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877104/; classtype:trojan-activity;sid:84740204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877103)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=86f4898b-831b-4b0f-b5f4-307712647850"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"1e2sdyr4.honardartarikh.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877103/; classtype:trojan-activity;sid:84740203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.89.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877102/; classtype:trojan-activity;sid:84740202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.85.111.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877101/; classtype:trojan-activity;sid:84740201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.31.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877100/; classtype:trojan-activity;sid:84740200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.204.196.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877099/; classtype:trojan-activity;sid:84740199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.48.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877098/; classtype:trojan-activity;sid:84740198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.89.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877097/; classtype:trojan-activity;sid:84740197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.204.196.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877096/; classtype:trojan-activity;sid:84740196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.76.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877095/; classtype:trojan-activity;sid:84740195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.158.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877092/; classtype:trojan-activity;sid:84740192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.148.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877093/; classtype:trojan-activity;sid:84740193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.148.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877094/; classtype:trojan-activity;sid:84740194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.133.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877091/; classtype:trojan-activity;sid:84740191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.120.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877090/; classtype:trojan-activity;sid:84740190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.48.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877089/; classtype:trojan-activity;sid:84740189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.133.100.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877088/; classtype:trojan-activity;sid:84740188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.137.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877087/; classtype:trojan-activity;sid:84740187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.133.100.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877086/; classtype:trojan-activity;sid:84740186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877085)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=40b7ccb1-d991-404b-93ce-e32c30e1fd85"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"h663gbdv.ahkam.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877085/; classtype:trojan-activity;sid:84740185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.197.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877084/; classtype:trojan-activity;sid:84740184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877083)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.141.92.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877083/; classtype:trojan-activity;sid:84740183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877082)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.192.97.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877082/; classtype:trojan-activity;sid:84740182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.157.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877081/; classtype:trojan-activity;sid:84740181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.44.147.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877080/; classtype:trojan-activity;sid:84740180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877079)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_be0b30035e9107d3.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877079/; classtype:trojan-activity;sid:84740179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.31.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877078/; classtype:trojan-activity;sid:84740178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877077)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d37d9229-1d44-4fee-af0c-9278a83b9b74"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"6901jz2b.hesabdarishabahang.xyz"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877077/; classtype:trojan-activity;sid:84740177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877076)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_5713466f4e745bae.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877076/; classtype:trojan-activity;sid:84740176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.186.237.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877075/; classtype:trojan-activity;sid:84740175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.33.54.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877074/; classtype:trojan-activity;sid:84740174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.196.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877073/; classtype:trojan-activity;sid:84740173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.157.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877072/; classtype:trojan-activity;sid:84740172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.86.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877070/; classtype:trojan-activity;sid:84740170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.115.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877071/; classtype:trojan-activity;sid:84740171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.170.216.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877069/; classtype:trojan-activity;sid:84740169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.253.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877068/; classtype:trojan-activity;sid:84740168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.199.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877067/; classtype:trojan-activity;sid:84740167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.170.216.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877066/; classtype:trojan-activity;sid:84740166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.253.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877065/; classtype:trojan-activity;sid:84740165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.173.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877064/; classtype:trojan-activity;sid:84740164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"153.117.15.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877063/; classtype:trojan-activity;sid:84740163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.50.1.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877062/; classtype:trojan-activity;sid:84740162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877059)"; flow:established,from_client; content:"GET"; http_method; content:"/b93c69"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877059/; classtype:trojan-activity;sid:84740159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877060)"; flow:established,from_client; content:"GET"; http_method; content:"/05ac2c"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877060/; classtype:trojan-activity;sid:84740160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.103.100.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877061/; classtype:trojan-activity;sid:84740161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877055)"; flow:established,from_client; content:"GET"; http_method; content:"/9afedb"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877055/; classtype:trojan-activity;sid:84740155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877056)"; flow:established,from_client; content:"GET"; http_method; content:"/175a46"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877056/; classtype:trojan-activity;sid:84740156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877057)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"153.117.6.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877057/; classtype:trojan-activity;sid:84740157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.244.187.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877058/; classtype:trojan-activity;sid:84740158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877027)"; flow:established,from_client; content:"GET"; http_method; content:"/7c04e1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877027/; classtype:trojan-activity;sid:84740127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877028)"; flow:established,from_client; content:"GET"; http_method; content:"/a8d594"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877028/; classtype:trojan-activity;sid:84740128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877029)"; flow:established,from_client; content:"GET"; http_method; content:"/3c3692"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877029/; classtype:trojan-activity;sid:84740129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877030)"; flow:established,from_client; content:"GET"; http_method; content:"/356b99"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877030/; classtype:trojan-activity;sid:84740130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877031)"; flow:established,from_client; content:"GET"; http_method; content:"/c73cfc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877031/; classtype:trojan-activity;sid:84740131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877032)"; flow:established,from_client; content:"GET"; http_method; content:"/ea7e55"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877032/; classtype:trojan-activity;sid:84740132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877033)"; flow:established,from_client; content:"GET"; http_method; content:"/95f600"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877033/; classtype:trojan-activity;sid:84740133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877034)"; flow:established,from_client; content:"GET"; http_method; content:"/713432"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877034/; classtype:trojan-activity;sid:84740134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877035)"; flow:established,from_client; content:"GET"; http_method; content:"/87224c"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877035/; classtype:trojan-activity;sid:84740135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877036)"; flow:established,from_client; content:"GET"; http_method; content:"/8f5774"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877036/; classtype:trojan-activity;sid:84740136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877037)"; flow:established,from_client; content:"GET"; http_method; content:"/ea4400"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877037/; classtype:trojan-activity;sid:84740137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877038)"; flow:established,from_client; content:"GET"; http_method; content:"/afe55a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877038/; classtype:trojan-activity;sid:84740138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877039)"; flow:established,from_client; content:"GET"; http_method; content:"/95b834"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877039/; classtype:trojan-activity;sid:84740139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.61.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877040/; classtype:trojan-activity;sid:84740140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877041)"; flow:established,from_client; content:"GET"; http_method; content:"/3c0ca4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877041/; classtype:trojan-activity;sid:84740141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877042)"; flow:established,from_client; content:"GET"; http_method; content:"/cda25b"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877042/; classtype:trojan-activity;sid:84740142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877043)"; flow:established,from_client; content:"GET"; http_method; content:"/8ee8c6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877043/; classtype:trojan-activity;sid:84740143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877044)"; flow:established,from_client; content:"GET"; http_method; content:"/b6b030"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877044/; classtype:trojan-activity;sid:84740144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877045)"; flow:established,from_client; content:"GET"; http_method; content:"/45f688"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877045/; classtype:trojan-activity;sid:84740145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877046)"; flow:established,from_client; content:"GET"; http_method; content:"/d6c859"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877046/; classtype:trojan-activity;sid:84740146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877047)"; flow:established,from_client; content:"GET"; http_method; content:"/850383"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877047/; classtype:trojan-activity;sid:84740147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877048)"; flow:established,from_client; content:"GET"; http_method; content:"/014d15"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877048/; classtype:trojan-activity;sid:84740148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877049)"; flow:established,from_client; content:"GET"; http_method; content:"/2d594b"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877049/; classtype:trojan-activity;sid:84740149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877050)"; flow:established,from_client; content:"GET"; http_method; content:"/ef8be5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877050/; classtype:trojan-activity;sid:84740150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877051)"; flow:established,from_client; content:"GET"; http_method; content:"/5e2d3b"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877051/; classtype:trojan-activity;sid:84740151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877052)"; flow:established,from_client; content:"GET"; http_method; content:"/c067db"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877052/; classtype:trojan-activity;sid:84740152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877053)"; flow:established,from_client; content:"GET"; http_method; content:"/e158e2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877053/; classtype:trojan-activity;sid:84740153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877054)"; flow:established,from_client; content:"GET"; http_method; content:"/94fcb0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877054/; classtype:trojan-activity;sid:84740154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877022)"; flow:established,from_client; content:"GET"; http_method; content:"/d21e79"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877022/; classtype:trojan-activity;sid:84740122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877023)"; flow:established,from_client; content:"GET"; http_method; content:"/00e000"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877023/; classtype:trojan-activity;sid:84740123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.173.7.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877024/; classtype:trojan-activity;sid:84740124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877025)"; flow:established,from_client; content:"GET"; http_method; content:"/389390"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877025/; classtype:trojan-activity;sid:84740125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877026)"; flow:established,from_client; content:"GET"; http_method; content:"/d03139"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877026/; classtype:trojan-activity;sid:84740126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877018)"; flow:established,from_client; content:"GET"; http_method; content:"/f42db4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877018/; classtype:trojan-activity;sid:84740118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877019)"; flow:established,from_client; content:"GET"; http_method; content:"/133b80"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877019/; classtype:trojan-activity;sid:84740119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877020)"; flow:established,from_client; content:"GET"; http_method; content:"/9aff49"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877020/; classtype:trojan-activity;sid:84740120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877021)"; flow:established,from_client; content:"GET"; http_method; content:"/6b3251"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877021/; classtype:trojan-activity;sid:84740121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877017)"; flow:established,from_client; content:"GET"; http_method; content:"/03ea2c"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877017/; classtype:trojan-activity;sid:84740117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877009)"; flow:established,from_client; content:"GET"; http_method; content:"/a2612c"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877009/; classtype:trojan-activity;sid:84740109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877010)"; flow:established,from_client; content:"GET"; http_method; content:"/cf93e3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877010/; classtype:trojan-activity;sid:84740110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877011)"; flow:established,from_client; content:"GET"; http_method; content:"/026d54"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877011/; classtype:trojan-activity;sid:84740111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877012)"; flow:established,from_client; content:"GET"; http_method; content:"/24cd68"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877012/; classtype:trojan-activity;sid:84740112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877013)"; flow:established,from_client; content:"GET"; http_method; content:"/969682"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877013/; classtype:trojan-activity;sid:84740113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877014)"; flow:established,from_client; content:"GET"; http_method; content:"/1a4c21"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877014/; classtype:trojan-activity;sid:84740114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877015)"; flow:established,from_client; content:"GET"; http_method; content:"/469c57"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877015/; classtype:trojan-activity;sid:84740115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877016)"; flow:established,from_client; content:"GET"; http_method; content:"/00bb3b"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877016/; classtype:trojan-activity;sid:84740116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.102.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877008/; classtype:trojan-activity;sid:84740108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.34.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877007/; classtype:trojan-activity;sid:84740107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877006)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-cgroup"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877006/; classtype:trojan-activity;sid:84740106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.102.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877005/; classtype:trojan-activity;sid:84740105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877004)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.42.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877004/; classtype:trojan-activity;sid:84740104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.207.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877003/; classtype:trojan-activity;sid:84740103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.15.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877002/; classtype:trojan-activity;sid:84740102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.198.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877001/; classtype:trojan-activity;sid:84740101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877000)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=e8fdddf9-cc7d-4ff9-9bab-473183826cc5"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ccczqxl6.blackjackonlineplay83.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877000/; classtype:trojan-activity;sid:84740100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876999)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=821d8e6a-5083-4a53-acd3-d8204f10d8a9"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ck0ny34p.1xprobet.app"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876999/; classtype:trojan-activity;sid:84740099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.39.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876998/; classtype:trojan-activity;sid:84740098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.15.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876997/; classtype:trojan-activity;sid:84740097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876996)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-crypto"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876996/; classtype:trojan-activity;sid:84740096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876988)"; flow:established,from_client; content:"GET"; http_method; content:"/ipmiv2.xml"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876988/; classtype:trojan-activity;sid:84740088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876989)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-events"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876989/; classtype:trojan-activity;sid:84740089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876990)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-irq"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876990/; classtype:trojan-activity;sid:84740090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876991)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-softirq"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876991/; classtype:trojan-activity;sid:84740091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876992)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-rcu"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876992/; classtype:trojan-activity;sid:84740092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876993)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-netns"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876993/; classtype:trojan-activity;sid:84740093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876994)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-irq-bal"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876994/; classtype:trojan-activity;sid:84740094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876995)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-netns-rt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876995/; classtype:trojan-activity;sid:84740095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876987)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876987/; classtype:trojan-activity;sid:84740087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876986)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876986/; classtype:trojan-activity;sid:84740086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.198.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876981/; classtype:trojan-activity;sid:84740081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876982)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-mm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876982/; classtype:trojan-activity;sid:84740082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876983)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-blkcg"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876983/; classtype:trojan-activity;sid:84740083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876984)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-writeback"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876984/; classtype:trojan-activity;sid:84740084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876985)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-scsi"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"93.115.101.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876985/; classtype:trojan-activity;sid:84740085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.173.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876980/; classtype:trojan-activity;sid:84740080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.85.98.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876979/; classtype:trojan-activity;sid:84740079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876978)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_b78b8e118d18d080.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876978/; classtype:trojan-activity;sid:84740078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.200.85.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876977/; classtype:trojan-activity;sid:84740077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.70.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876975/; classtype:trojan-activity;sid:84740075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876974)"; flow:established,from_client; content:"GET"; http_method; content:"/setup-win32-bundle.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dl.multiextension.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876974/; classtype:trojan-activity;sid:84740074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876969)"; flow:established,from_client; content:"GET"; http_method; content:"/load/bjbh.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876969/; classtype:trojan-activity;sid:84740069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876970)"; flow:established,from_client; content:"GET"; http_method; content:"/load/os1/greatcherry.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876970/; classtype:trojan-activity;sid:84740070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876971)"; flow:established,from_client; content:"GET"; http_method; content:"/load/hjbk.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876971/; classtype:trojan-activity;sid:84740071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876972)"; flow:established,from_client; content:"GET"; http_method; content:"/load/jhgkuyyg.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876972/; classtype:trojan-activity;sid:84740072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876973)"; flow:established,from_client; content:"GET"; http_method; content:"/load/os1/beb.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876973/; classtype:trojan-activity;sid:84740073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876968)"; flow:established,from_client; content:"GET"; http_method; content:"/load/os1/u1.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.252.155.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876968/; classtype:trojan-activity;sid:84740068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876967)"; flow:established,from_client; content:"GET"; http_method; content:"/vpn/proctoru.1.32.win.08.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.191.126.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876967/; classtype:trojan-activity;sid:84740067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876966)"; flow:established,from_client; content:"GET"; http_method; content:"/setup.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.87.138.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876966/; classtype:trojan-activity;sid:84740066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876959)"; flow:established,from_client; content:"GET"; http_method; content:"/load/os1/u1.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"kuilfgfd.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876959/; classtype:trojan-activity;sid:84740059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876961)"; flow:established,from_client; content:"GET"; http_method; content:"/load/os1/l9.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"apexdataserver4.sbs"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876961/; classtype:trojan-activity;sid:84740061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876962)"; flow:established,from_client; content:"GET"; http_method; content:"/load/kliulij.exehttp://185.191.126.171/vpn/proctoru.1.32.win.08.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876962/; classtype:trojan-activity;sid:84740062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876964)"; flow:established,from_client; content:"GET"; http_method; content:"/load/os1/l9.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876964/; classtype:trojan-activity;sid:84740064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.39.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876958/; classtype:trojan-activity;sid:84740058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876957)"; flow:established,from_client; content:"GET"; http_method; content:"/get"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.192.12.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876957/; classtype:trojan-activity;sid:84740057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876955)"; flow:established,from_client; content:"GET"; http_method; content:"/load/os1/beb.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kuilfgfd.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876955/; classtype:trojan-activity;sid:84740055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876956)"; flow:established,from_client; content:"GET"; http_method; content:"/load/os1/l97.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876956/; classtype:trojan-activity;sid:84740056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876953)"; flow:established,from_client; content:"GET"; http_method; content:"/jenniferloeffler.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"jenniferloeffler.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876953/; classtype:trojan-activity;sid:84740053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.46.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876954/; classtype:trojan-activity;sid:84740054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.143.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876952/; classtype:trojan-activity;sid:84740052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.215.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876951/; classtype:trojan-activity;sid:84740051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.194.50.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876949/; classtype:trojan-activity;sid:84740049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.60.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876950/; classtype:trojan-activity;sid:84740050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.186.237.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876948/; classtype:trojan-activity;sid:84740048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.73.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876947/; classtype:trojan-activity;sid:84740047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.52.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876946/; classtype:trojan-activity;sid:84740046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.52.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876945/; classtype:trojan-activity;sid:84740045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876944)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=e66a8ec7-85d6-4798-b1aa-b9e7ac3f3c1a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"hzks2llo.1xdownload2023.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876944/; classtype:trojan-activity;sid:84740044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.198.116.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876943/; classtype:trojan-activity;sid:84740043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876942)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/tedy324/proxy-socket@d504380/netwrk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876942/; classtype:trojan-activity;sid:84740042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.52.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876941/; classtype:trojan-activity;sid:84740041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.198.116.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876940/; classtype:trojan-activity;sid:84740040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.51.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876939/; classtype:trojan-activity;sid:84740039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.52.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876938/; classtype:trojan-activity;sid:84740038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876936)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/tedy324/proxy-socket@main/number"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876936/; classtype:trojan-activity;sid:84740036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876937)"; flow:established,from_client; content:"GET"; http_method; content:"/0fce9b5b-bb28-4c42-8d94-b381ed3944b8"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"e.perspolis.pro"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876937/; classtype:trojan-activity;sid:84740037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.120.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876935/; classtype:trojan-activity;sid:84740035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876933)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_2cc2c9ed16116f73.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876933/; classtype:trojan-activity;sid:84740033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876934)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_9d52b13e2e4a46f9.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876934/; classtype:trojan-activity;sid:84740034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.196.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876932/; classtype:trojan-activity;sid:84740032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.255.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876931/; classtype:trojan-activity;sid:84740031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.225.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876930/; classtype:trojan-activity;sid:84740030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.13.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876929/; classtype:trojan-activity;sid:84740029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.186.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876928/; classtype:trojan-activity;sid:84740028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.225.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876926/; classtype:trojan-activity;sid:84740026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.13.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876927/; classtype:trojan-activity;sid:84740027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.52.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876925/; classtype:trojan-activity;sid:84740025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876924)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_c9a136a95aa72292.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876924/; classtype:trojan-activity;sid:84740024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.186.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876923/; classtype:trojan-activity;sid:84740023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.249.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876922/; classtype:trojan-activity;sid:84740022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.31.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876921/; classtype:trojan-activity;sid:84740021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.52.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876920/; classtype:trojan-activity;sid:84740020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.136.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876919/; classtype:trojan-activity;sid:84740019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.88.136.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876918/; classtype:trojan-activity;sid:84740018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876917)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.192.97.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876917/; classtype:trojan-activity;sid:84740017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876916)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.192.97.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876916/; classtype:trojan-activity;sid:84740016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.31.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876915/; classtype:trojan-activity;sid:84740015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876914)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=26e61271-b53c-40a6-adef-48cc79cdf14b"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tb4awyc7.vip1xbet.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876914/; classtype:trojan-activity;sid:84740014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.54.162.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876913/; classtype:trojan-activity;sid:84740013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.199.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876912/; classtype:trojan-activity;sid:84740012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.83.13.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876911/; classtype:trojan-activity;sid:84740011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876910)"; flow:established,from_client; content:"GET"; http_method; content:"/kikimora-arch/solid-doodle/releases/download/realease/javachecker.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876910/; classtype:trojan-activity;sid:84740010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.228.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876909/; classtype:trojan-activity;sid:84740009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.54.162.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876908/; classtype:trojan-activity;sid:84740008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.228.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876907/; classtype:trojan-activity;sid:84740007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876906)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=3d43edf6-3d40-40b8-a4e0-a69c2cdc6009"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"qpmbndoi.yekshart.app"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876906/; classtype:trojan-activity;sid:84740006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.193.106.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876905/; classtype:trojan-activity;sid:84740005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.99.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876904/; classtype:trojan-activity;sid:84740004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.187.82.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876903/; classtype:trojan-activity;sid:84740003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"172.111.39.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876902/; classtype:trojan-activity;sid:84740002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"172.111.39.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876901/; classtype:trojan-activity;sid:84740001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"162.251.60.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876900/; classtype:trojan-activity;sid:84740000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"162.251.60.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876899/; classtype:trojan-activity;sid:84739999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.240.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876898/; classtype:trojan-activity;sid:84739998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.255.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876897/; classtype:trojan-activity;sid:84739997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.145.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876896/; classtype:trojan-activity;sid:84739996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"23.139.68.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876895/; classtype:trojan-activity;sid:84739995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.89.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876894/; classtype:trojan-activity;sid:84739994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.8.18.23"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876893/; classtype:trojan-activity;sid:84739993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.233.194.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876892/; classtype:trojan-activity;sid:84739992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"5.8.18.45"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876891/; classtype:trojan-activity;sid:84739991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.8.18.45"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876890/; classtype:trojan-activity;sid:84739990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.53.152.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876889/; classtype:trojan-activity;sid:84739989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.89.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876888/; classtype:trojan-activity;sid:84739988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876887)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=5075967f-f323-4802-8ed7-1a5845ffd972"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bcb7ukdo.tinyshart.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876887/; classtype:trojan-activity;sid:84739987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.53.152.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876886/; classtype:trojan-activity;sid:84739986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.38.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876885/; classtype:trojan-activity;sid:84739985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.240.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876884/; classtype:trojan-activity;sid:84739984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876882)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/m68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.175.166.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876882/; classtype:trojan-activity;sid:84739982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876883)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv6l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.175.166.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876883/; classtype:trojan-activity;sid:84739983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876879)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.175.166.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876879/; classtype:trojan-activity;sid:84739979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876880)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/x86_64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.175.166.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876880/; classtype:trojan-activity;sid:84739980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876881)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/ppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.175.166.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876881/; classtype:trojan-activity;sid:84739981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876876)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv4l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.175.166.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876876/; classtype:trojan-activity;sid:84739976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876877)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mips64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.175.166.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876877/; classtype:trojan-activity;sid:84739977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876878)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/aarch64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.175.166.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876878/; classtype:trojan-activity;sid:84739978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876875)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv7l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.175.166.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876875/; classtype:trojan-activity;sid:84739975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876873)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv5l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.175.166.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876873/; classtype:trojan-activity;sid:84739973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876874)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/tbk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.175.166.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876874/; classtype:trojan-activity;sid:84739974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876872)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/x86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.175.166.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876872/; classtype:trojan-activity;sid:84739972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876871)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=7fa0e4a5-c309-4cb8-accd-13ed062c71f9"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"0z4y5ci2.1xboropartners.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876871/; classtype:trojan-activity;sid:84739971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.163.181.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876870/; classtype:trojan-activity;sid:84739970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.9.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876869/; classtype:trojan-activity;sid:84739969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876866)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.175.166.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876866/; classtype:trojan-activity;sid:84739966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876867)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.175.166.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876867/; classtype:trojan-activity;sid:84739967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876868)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/lterouter"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.175.166.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876868/; classtype:trojan-activity;sid:84739968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.139.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876865/; classtype:trojan-activity;sid:84739965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876864)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/tedy324/bootstrap@main/mila-j"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876864/; classtype:trojan-activity;sid:84739964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.145.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876863/; classtype:trojan-activity;sid:84739963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.44.145.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876862/; classtype:trojan-activity;sid:84739962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.221.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876861/; classtype:trojan-activity;sid:84739961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.113.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876860/; classtype:trojan-activity;sid:84739960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.9.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876859/; classtype:trojan-activity;sid:84739959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.163.181.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876858/; classtype:trojan-activity;sid:84739958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876857)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/langflow.sh"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"89.32.41.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876857/; classtype:trojan-activity;sid:84739957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.2.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876856/; classtype:trojan-activity;sid:84739956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.163.134.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876855/; classtype:trojan-activity;sid:84739955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876854)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/tedy324/roadgate/dfsk-65j8"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876854/; classtype:trojan-activity;sid:84739954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.44.145.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876853/; classtype:trojan-activity;sid:84739953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.171.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876852/; classtype:trojan-activity;sid:84739952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.73.96.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876851/; classtype:trojan-activity;sid:84739951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.2.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876850/; classtype:trojan-activity;sid:84739950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.34.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876849/; classtype:trojan-activity;sid:84739949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876848)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=15832166-4358-4620-94a9-6f8b83b83a39"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ik029b3d.1xsignupbet.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876848/; classtype:trojan-activity;sid:84739948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876847)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=13406cbf-0d3f-4cda-8d2f-cfdace50e7a9"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tmvkionb.taktikbet.bio"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876847/; classtype:trojan-activity;sid:84739947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.139.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876846/; classtype:trojan-activity;sid:84739946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876845)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/roody2643/roadguard@main/car_284"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876845/; classtype:trojan-activity;sid:84739945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.221.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876844/; classtype:trojan-activity;sid:84739944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.250.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876843/; classtype:trojan-activity;sid:84739943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.157.210.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876842/; classtype:trojan-activity;sid:84739942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.74.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876841/; classtype:trojan-activity;sid:84739941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.250.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876840/; classtype:trojan-activity;sid:84739940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.195.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876839/; classtype:trojan-activity;sid:84739939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876838)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rt.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.32.41.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876838/; classtype:trojan-activity;sid:84739938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.17.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876837/; classtype:trojan-activity;sid:84739937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.232.137.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876836/; classtype:trojan-activity;sid:84739936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.186.227.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876835/; classtype:trojan-activity;sid:84739935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.186.227.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876834/; classtype:trojan-activity;sid:84739934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.12.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876833/; classtype:trojan-activity;sid:84739933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876832)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_4893cd95021a9ea1.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876832/; classtype:trojan-activity;sid:84739932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876831)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhole/asm/asmpure.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"babayagareborn.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876831/; classtype:trojan-activity;sid:84739931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876830)"; flow:established,from_client; content:"GET"; http_method; content:"/seition2doc/dosta2/main/n3.bat"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876830/; classtype:trojan-activity;sid:84739930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.74.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876829/; classtype:trojan-activity;sid:84739929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876828)"; flow:established,from_client; content:"GET"; http_method; content:"/ugd/09c1d5_4626761063374d69ab0351f21fd703ce.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"09c1d5c3-1a6e-4c05-8e4e-eff75c6b5dd6.filesusr.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876828/; classtype:trojan-activity;sid:84739928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876827)"; flow:established,from_client; content:"GET"; http_method; content:"/atom.xml"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hoteljune2026.blogspot.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876827/; classtype:trojan-activity;sid:84739927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876826)"; flow:established,from_client; content:"GET"; http_method; content:"/////udus.docx.pdf.olp.sysphud.dudus.docx.pdf.olp.sysphud.dudus.docx.pdf.olp.sysphud.dpc.lfwo"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"hoteljune2026.blogspot.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876826/; classtype:trojan-activity;sid:84739926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876825)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_cf95ba24331b48d8.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876825/; classtype:trojan-activity;sid:84739925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876824)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.28.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876824/; classtype:trojan-activity;sid:84739924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.232.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876823/; classtype:trojan-activity;sid:84739923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876821)"; flow:established,from_client; content:"GET"; http_method; content:"/3hhwfoep7rfh57uns2k"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.225.135.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876821/; classtype:trojan-activity;sid:84739921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876822)"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.76.241.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876822/; classtype:trojan-activity;sid:84739922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876819)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"diskfoottoarxives2023.vercel.app"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876819/; classtype:trojan-activity;sid:84739919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876820)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"police2606work.vercel.app"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876820/; classtype:trojan-activity;sid:84739920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876818)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"diskfoottoarxives2023.vercel.app"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876818/; classtype:trojan-activity;sid:84739918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876810)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_61e9916d8ab241af.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876810/; classtype:trojan-activity;sid:84739910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876811)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_3f39b4276744a983.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876811/; classtype:trojan-activity;sid:84739911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876812)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_e8eb14d778076b37.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876812/; classtype:trojan-activity;sid:84739912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876813)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_d30be19c59a663a8.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876813/; classtype:trojan-activity;sid:84739913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876814)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_c6e154ddfe4355f1.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876814/; classtype:trojan-activity;sid:84739914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876815)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_de029686f85cf6e5.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876815/; classtype:trojan-activity;sid:84739915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876816)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_d1bb2fad4ab2e94b.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876816/; classtype:trojan-activity;sid:84739916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876817)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_474f99b7ffd449d5.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876817/; classtype:trojan-activity;sid:84739917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.157.210.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876809/; classtype:trojan-activity;sid:84739909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.206.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876808/; classtype:trojan-activity;sid:84739908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.230.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876807/; classtype:trojan-activity;sid:84739907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.196.192.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876806/; classtype:trojan-activity;sid:84739906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.21.255.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876805/; classtype:trojan-activity;sid:84739905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876804)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=60668e46-5ccc-49f7-bc29-6d11782e73aa"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"85xhbv2q.shartcart.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876804/; classtype:trojan-activity;sid:84739904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.38.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876803/; classtype:trojan-activity;sid:84739903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.21.255.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876802/; classtype:trojan-activity;sid:84739902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.230.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876801/; classtype:trojan-activity;sid:84739901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.238.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876800/; classtype:trojan-activity;sid:84739900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.20.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876799/; classtype:trojan-activity;sid:84739899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.252.69.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876798/; classtype:trojan-activity;sid:84739898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.42.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876797/; classtype:trojan-activity;sid:84739897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.194.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876796/; classtype:trojan-activity;sid:84739896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.38.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876795/; classtype:trojan-activity;sid:84739895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.95.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876794/; classtype:trojan-activity;sid:84739894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876792)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876792/; classtype:trojan-activity;sid:84739892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876793)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876793/; classtype:trojan-activity;sid:84739893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876790)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876790/; classtype:trojan-activity;sid:84739890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876791)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876791/; classtype:trojan-activity;sid:84739891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"144.48.123.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876789/; classtype:trojan-activity;sid:84739889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.95.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876788/; classtype:trojan-activity;sid:84739888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876784)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.42.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876784/; classtype:trojan-activity;sid:84739884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876785)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.42.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876785/; classtype:trojan-activity;sid:84739885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876786)"; flow:established,from_client; content:"GET"; http_method; content:"/arm64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.92.42.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876786/; classtype:trojan-activity;sid:84739886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876787)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.42.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876787/; classtype:trojan-activity;sid:84739887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876778)"; flow:established,from_client; content:"GET"; http_method; content:"/i386"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.42.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876778/; classtype:trojan-activity;sid:84739878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876779)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.42.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876779/; classtype:trojan-activity;sid:84739879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876780)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsle"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.42.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876780/; classtype:trojan-activity;sid:84739880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876781)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.92.42.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876781/; classtype:trojan-activity;sid:84739881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876782)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.42.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876782/; classtype:trojan-activity;sid:84739882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876783)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.42.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876783/; classtype:trojan-activity;sid:84739883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876777)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.42.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876777/; classtype:trojan-activity;sid:84739877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.42.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876776/; classtype:trojan-activity;sid:84739876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.48.123.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876775/; classtype:trojan-activity;sid:84739875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.14.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876774/; classtype:trojan-activity;sid:84739874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.233.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876773/; classtype:trojan-activity;sid:84739873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.130.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876772/; classtype:trojan-activity;sid:84739872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.232.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876771/; classtype:trojan-activity;sid:84739871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876770)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=86a65fe1-cbde-43a9-90e1-f5d94d2d2ced"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"7pkztjkc.1xbetpartnersiran.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876770/; classtype:trojan-activity;sid:84739870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.79.160.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876769/; classtype:trojan-activity;sid:84739869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876768)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=36d699e6-a378-460c-849a-696d1508bc3a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"9pkiisod.jetbet1.pro"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876768/; classtype:trojan-activity;sid:84739868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.194.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876767/; classtype:trojan-activity;sid:84739867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.156.139.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876766/; classtype:trojan-activity;sid:84739866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.233.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876765/; classtype:trojan-activity;sid:84739865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.54.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876764/; classtype:trojan-activity;sid:84739864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.231.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876763/; classtype:trojan-activity;sid:84739863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.65.174.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876762/; classtype:trojan-activity;sid:84739862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.65.174.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876761/; classtype:trojan-activity;sid:84739861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.231.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876760/; classtype:trojan-activity;sid:84739860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.194.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876759/; classtype:trojan-activity;sid:84739859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.60.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876758/; classtype:trojan-activity;sid:84739858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.192.227.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876757/; classtype:trojan-activity;sid:84739857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.205.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876756/; classtype:trojan-activity;sid:84739856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876755)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=bce5e4a8-ffb5-44e4-8d63-f49e25a49152"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tszebpwz.1xprobet.app"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876755/; classtype:trojan-activity;sid:84739855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.223.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876754/; classtype:trojan-activity;sid:84739854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876753)"; flow:established,from_client; content:"GET"; http_method; content:"/hoakkkk/botnet/refs/heads/main/johenlastgen.sh"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876753/; classtype:trojan-activity;sid:84739853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.192.227.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876752/; classtype:trojan-activity;sid:84739852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876751)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_a42c1dc8442e1c9b.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876751/; classtype:trojan-activity;sid:84739851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.249.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876750/; classtype:trojan-activity;sid:84739850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.165.187.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876749/; classtype:trojan-activity;sid:84739849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.233.228.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876748/; classtype:trojan-activity;sid:84739848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.223.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876747/; classtype:trojan-activity;sid:84739847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.156.139.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876746/; classtype:trojan-activity;sid:84739846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.116.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876745/; classtype:trojan-activity;sid:84739845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.144.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876744/; classtype:trojan-activity;sid:84739844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.205.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876743/; classtype:trojan-activity;sid:84739843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.233.228.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876742/; classtype:trojan-activity;sid:84739842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876741)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=7cc2255d-8e24-492c-92a9-9534b52de332"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"c2uwzjf8.blackjackonlineplay83.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876741/; classtype:trojan-activity;sid:84739841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.249.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876740/; classtype:trojan-activity;sid:84739840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.164.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876739/; classtype:trojan-activity;sid:84739839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.94.142.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876738/; classtype:trojan-activity;sid:84739838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.82.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876737/; classtype:trojan-activity;sid:84739837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.82.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876736/; classtype:trojan-activity;sid:84739836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.165.187.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876735/; classtype:trojan-activity;sid:84739835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.147.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876734/; classtype:trojan-activity;sid:84739834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876733)"; flow:established,from_client; content:"GET"; http_method; content:"/p"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"server-830796.thatserver.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876733/; classtype:trojan-activity;sid:84739833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.71.31.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876732/; classtype:trojan-activity;sid:84739832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.94.142.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876731/; classtype:trojan-activity;sid:84739831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.55.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876730/; classtype:trojan-activity;sid:84739830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.71.31.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876729/; classtype:trojan-activity;sid:84739829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.76.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876728/; classtype:trojan-activity;sid:84739828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.50.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876727/; classtype:trojan-activity;sid:84739827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.77.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876726/; classtype:trojan-activity;sid:84739826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.76.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876725/; classtype:trojan-activity;sid:84739825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.215.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876724/; classtype:trojan-activity;sid:84739824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.120.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876723/; classtype:trojan-activity;sid:84739823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.156.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876722/; classtype:trojan-activity;sid:84739822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.214.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876721/; classtype:trojan-activity;sid:84739821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.77.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876720/; classtype:trojan-activity;sid:84739820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.151.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876719/; classtype:trojan-activity;sid:84739819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.215.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876718/; classtype:trojan-activity;sid:84739818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876717)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=72791768-c733-4336-9090-00935887e58a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"gibi1zic.alobet.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876717/; classtype:trojan-activity;sid:84739817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.120.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876716/; classtype:trojan-activity;sid:84739816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.238.157.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876715/; classtype:trojan-activity;sid:84739815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.251.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876714/; classtype:trojan-activity;sid:84739814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.157.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876713/; classtype:trojan-activity;sid:84739813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.199.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876712/; classtype:trojan-activity;sid:84739812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.238.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876710/; classtype:trojan-activity;sid:84739810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.238.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876711/; classtype:trojan-activity;sid:84739811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876709)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_639c336330ba48b7.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876709/; classtype:trojan-activity;sid:84739809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.51.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876708/; classtype:trojan-activity;sid:84739808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.68.162.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876707/; classtype:trojan-activity;sid:84739807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876706)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=801f8b3a-b54a-409c-8c98-b5a30f64e1c3"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"qq6dl5dg.1x303.casino"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876706/; classtype:trojan-activity;sid:84739806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.156.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876705/; classtype:trojan-activity;sid:84739805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.44.145.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876704/; classtype:trojan-activity;sid:84739804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.54.95.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876703/; classtype:trojan-activity;sid:84739803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.28.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876702/; classtype:trojan-activity;sid:84739802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.71.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876701/; classtype:trojan-activity;sid:84739801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.68.162.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876700/; classtype:trojan-activity;sid:84739800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.249.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876699/; classtype:trojan-activity;sid:84739799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"68.235.251.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876698/; classtype:trojan-activity;sid:84739798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.171.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876697/; classtype:trojan-activity;sid:84739797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.54.95.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876696/; classtype:trojan-activity;sid:84739796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876694)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.192.97.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876694/; classtype:trojan-activity;sid:84739794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876695)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.192.97.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876695/; classtype:trojan-activity;sid:84739795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876693)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.192.97.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876693/; classtype:trojan-activity;sid:84739793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876692)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.192.97.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876692/; classtype:trojan-activity;sid:84739792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876690)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.192.97.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876690/; classtype:trojan-activity;sid:84739790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876691)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.192.97.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876691/; classtype:trojan-activity;sid:84739791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.147.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876689/; classtype:trojan-activity;sid:84739789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.23.137.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876688/; classtype:trojan-activity;sid:84739788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.229.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876687/; classtype:trojan-activity;sid:84739787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.87.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876686/; classtype:trojan-activity;sid:84739786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.119.164.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876685/; classtype:trojan-activity;sid:84739785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876684)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_c728de98ac1beb8a.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876684/; classtype:trojan-activity;sid:84739784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876683/; classtype:trojan-activity;sid:84739783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.251.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876681/; classtype:trojan-activity;sid:84739781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.193.106.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876682/; classtype:trojan-activity;sid:84739782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.229.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876680/; classtype:trojan-activity;sid:84739780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.54.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876679/; classtype:trojan-activity;sid:84739779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.177.33.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876678/; classtype:trojan-activity;sid:84739778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.119.164.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876677/; classtype:trojan-activity;sid:84739777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876676)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=2df6a46f-f84b-44ba-8cee-29d1185e3014"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"qa4lsxxi.313betapk.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876676/; classtype:trojan-activity;sid:84739776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876675)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b044dd75-8721-4bd6-916f-1501c01712ce"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"6b4ki3sp.abt90kade.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876675/; classtype:trojan-activity;sid:84739775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.179.18.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876674/; classtype:trojan-activity;sid:84739774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.44.146.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876673/; classtype:trojan-activity;sid:84739773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.179.18.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876672/; classtype:trojan-activity;sid:84739772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.221.150.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876671/; classtype:trojan-activity;sid:84739771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.224.33.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876670/; classtype:trojan-activity;sid:84739770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.224.33.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876669/; classtype:trojan-activity;sid:84739769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.249.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876668/; classtype:trojan-activity;sid:84739768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.177.33.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876667/; classtype:trojan-activity;sid:84739767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.153.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876666/; classtype:trojan-activity;sid:84739766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.231.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876665/; classtype:trojan-activity;sid:84739765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.232.100.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876664/; classtype:trojan-activity;sid:84739764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.221.150.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876663/; classtype:trojan-activity;sid:84739763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.25.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876661/; classtype:trojan-activity;sid:84739761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.25.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876662/; classtype:trojan-activity;sid:84739762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.76.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876660/; classtype:trojan-activity;sid:84739760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.163.107.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876659/; classtype:trojan-activity;sid:84739759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.232.100.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876658/; classtype:trojan-activity;sid:84739758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.16.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876657/; classtype:trojan-activity;sid:84739757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.66.146.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876656/; classtype:trojan-activity;sid:84739756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.3.0.134"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876655/; classtype:trojan-activity;sid:84739755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.18.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876654/; classtype:trojan-activity;sid:84739754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.163.107.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876653/; classtype:trojan-activity;sid:84739753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.3.0.134"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876652/; classtype:trojan-activity;sid:84739752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.164.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876651/; classtype:trojan-activity;sid:84739751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.85.60.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876650/; classtype:trojan-activity;sid:84739750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.245.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876649/; classtype:trojan-activity;sid:84739749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.147.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876648/; classtype:trojan-activity;sid:84739748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876647)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=9acbec46-3cf2-48c1-af92-731bcb3553b6"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"gkn9py5i.honarrang.online"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876647/; classtype:trojan-activity;sid:84739747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.196.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876646/; classtype:trojan-activity;sid:84739746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.249.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876645/; classtype:trojan-activity;sid:84739745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876644)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/tedy324/vlan44-nginx/sample"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876644/; classtype:trojan-activity;sid:84739744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.3.165"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876643/; classtype:trojan-activity;sid:84739743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876642)"; flow:established,from_client; content:"GET"; http_method; content:"/36580b02-9d9c-4a93-81a8-46f87779e789"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"sjc3.sabad724.bio"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876642/; classtype:trojan-activity;sid:84739742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876641)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/tedy324/vlan44-nginx/secure"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876641/; classtype:trojan-activity;sid:84739741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.237.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876640/; classtype:trojan-activity;sid:84739740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.245.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876639/; classtype:trojan-activity;sid:84739739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.81.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876638/; classtype:trojan-activity;sid:84739738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876637)"; flow:established,from_client; content:"GET"; http_method; content:"/9db9"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"server-830796.thatserver.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876637/; classtype:trojan-activity;sid:84739737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.59.107.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876636/; classtype:trojan-activity;sid:84739736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.237.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876635/; classtype:trojan-activity;sid:84739735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.81.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876634/; classtype:trojan-activity;sid:84739734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876633/; classtype:trojan-activity;sid:84739733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.25.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876632/; classtype:trojan-activity;sid:84739732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876631/; classtype:trojan-activity;sid:84739731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.12.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876630/; classtype:trojan-activity;sid:84739730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.199.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876629/; classtype:trojan-activity;sid:84739729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.93.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876628/; classtype:trojan-activity;sid:84739728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.239.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876627/; classtype:trojan-activity;sid:84739727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876626)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=3342a41f-6114-45a0-909e-5f65f89baef8"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"effc4p41.honardartarikh.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876626/; classtype:trojan-activity;sid:84739726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.20.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876625/; classtype:trojan-activity;sid:84739725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.199.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876624/; classtype:trojan-activity;sid:84739724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.251.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876623/; classtype:trojan-activity;sid:84739723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.74.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876621/; classtype:trojan-activity;sid:84739721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.105.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876622/; classtype:trojan-activity;sid:84739722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876605)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"138.124.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876605/; classtype:trojan-activity;sid:84739705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876606)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/systemcl/m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"138.124.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876606/; classtype:trojan-activity;sid:84739706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876607)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/systemcl/x86_64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"138.124.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876607/; classtype:trojan-activity;sid:84739707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876608)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"138.124.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876608/; classtype:trojan-activity;sid:84739708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876609)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.124.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876609/; classtype:trojan-activity;sid:84739709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876610)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i586"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.124.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876610/; classtype:trojan-activity;sid:84739710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876611)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"138.124.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876611/; classtype:trojan-activity;sid:84739711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876612)"; flow:established,from_client; content:"GET"; http_method; content:"/s"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.124.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876612/; classtype:trojan-activity;sid:84739712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876613)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sparc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"138.124.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876613/; classtype:trojan-activity;sid:84739713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876614)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv4l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"138.124.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876614/; classtype:trojan-activity;sid:84739714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876615)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.124.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876615/; classtype:trojan-activity;sid:84739715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876616)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.124.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876616/; classtype:trojan-activity;sid:84739716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876617)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.124.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876617/; classtype:trojan-activity;sid:84739717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876618)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv5l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"138.124.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876618/; classtype:trojan-activity;sid:84739718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876619)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.124.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876619/; classtype:trojan-activity;sid:84739719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876620)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/systemcl/mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"138.124.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876620/; classtype:trojan-activity;sid:84739720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876598)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"138.124.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876598/; classtype:trojan-activity;sid:84739698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876599)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"138.124.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876599/; classtype:trojan-activity;sid:84739699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876600)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/aarch64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"138.124.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876600/; classtype:trojan-activity;sid:84739700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876601)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/systemcl/ppc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"138.124.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876601/; classtype:trojan-activity;sid:84739701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876602)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"138.124.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876602/; classtype:trojan-activity;sid:84739702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876603)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv7l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"138.124.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876603/; classtype:trojan-activity;sid:84739703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876604)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amd64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"138.124.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876604/; classtype:trojan-activity;sid:84739704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876597)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/systemcl/sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"138.124.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876597/; classtype:trojan-activity;sid:84739697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.184.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876596/; classtype:trojan-activity;sid:84739696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876595)"; flow:established,from_client; content:"GET"; http_method; content:"/qic"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"server-830796.thatserver.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876595/; classtype:trojan-activity;sid:84739695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.146.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876594/; classtype:trojan-activity;sid:84739694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.74.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876593/; classtype:trojan-activity;sid:84739693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876592)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=fc3f134d-11c0-45aa-8299-b7f685d6110e"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"pffvv3yw.22bahis-tr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876592/; classtype:trojan-activity;sid:84739692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.93.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876591/; classtype:trojan-activity;sid:84739691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.25.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876590/; classtype:trojan-activity;sid:84739690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.194.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876589/; classtype:trojan-activity;sid:84739689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.251.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876588/; classtype:trojan-activity;sid:84739688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.86.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876587/; classtype:trojan-activity;sid:84739687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876586)"; flow:established,from_client; content:"GET"; http_method; content:"/levantamento/5gr67j/nwm2nb/jicbf8"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"areal.rj.gov.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876586/; classtype:trojan-activity;sid:84739686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876585)"; flow:established,from_client; content:"GET"; http_method; content:"/levantamento/5gr67j/fr88rm/cmlzhu"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"areal.rj.gov.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876585/; classtype:trojan-activity;sid:84739685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876584)"; flow:established,from_client; content:"GET"; http_method; content:"/file/u/2/d/1pa70qgfvmht-frcaihzsbh2fbm8hemg3/view|3f|usp=sharing"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876584/; classtype:trojan-activity;sid:84739684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876583)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=4255b638-6f2a-400a-ad89-81f0b94f1fcd"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"yvkbbq3e.1xdownload2023.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876583/; classtype:trojan-activity;sid:84739683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.24.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876582/; classtype:trojan-activity;sid:84739682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.195.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876581/; classtype:trojan-activity;sid:84739681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.78.205.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876580/; classtype:trojan-activity;sid:84739680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.221.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876578/; classtype:trojan-activity;sid:84739678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.221.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876579/; classtype:trojan-activity;sid:84739679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876577)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=6f3ca295-4048-4123-8f63-7272f4d5de60"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"isgmj697.hesabdarishabahang.xyz"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876577/; classtype:trojan-activity;sid:84739677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.109.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876576/; classtype:trojan-activity;sid:84739676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876575)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=fe6d4366-4acb-4e06-9141-38ae8dbd5ba4"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"arpt9xvl.1xdlbet.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876575/; classtype:trojan-activity;sid:84739675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.76.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876574/; classtype:trojan-activity;sid:84739674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876570)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.137.81.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876570/; classtype:trojan-activity;sid:84739670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876571)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.137.81.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876571/; classtype:trojan-activity;sid:84739671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876572)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.137.81.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876572/; classtype:trojan-activity;sid:84739672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876573)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.137.81.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876573/; classtype:trojan-activity;sid:84739673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876569)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.137.81.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876569/; classtype:trojan-activity;sid:84739669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876568)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.79.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876568/; classtype:trojan-activity;sid:84739668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.109.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876567/; classtype:trojan-activity;sid:84739667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.131.92.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876566/; classtype:trojan-activity;sid:84739666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.31.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876565/; classtype:trojan-activity;sid:84739665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.216.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876564/; classtype:trojan-activity;sid:84739664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.68.53.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876563/; classtype:trojan-activity;sid:84739663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.65.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876562/; classtype:trojan-activity;sid:84739662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.232.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876561/; classtype:trojan-activity;sid:84739661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.148.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876560/; classtype:trojan-activity;sid:84739660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.233.94.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876559/; classtype:trojan-activity;sid:84739659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.68.53.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876558/; classtype:trojan-activity;sid:84739658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.200.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876556/; classtype:trojan-activity;sid:84739656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.87.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876557/; classtype:trojan-activity;sid:84739657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.69.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876555/; classtype:trojan-activity;sid:84739655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.197.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876554/; classtype:trojan-activity;sid:84739654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.70.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876552/; classtype:trojan-activity;sid:84739652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.136.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876553/; classtype:trojan-activity;sid:84739653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.65.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876551/; classtype:trojan-activity;sid:84739651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.33.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876550/; classtype:trojan-activity;sid:84739650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.232.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876549/; classtype:trojan-activity;sid:84739649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.136.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876548/; classtype:trojan-activity;sid:84739648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.148.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876547/; classtype:trojan-activity;sid:84739647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.145.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876546/; classtype:trojan-activity;sid:84739646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.87.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876545/; classtype:trojan-activity;sid:84739645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.69.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876544/; classtype:trojan-activity;sid:84739644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876543)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b12991eb-8ded-428b-8258-6f45baf88ac6"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"0qam1x6q.alobet.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876543/; classtype:trojan-activity;sid:84739643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.33.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876542/; classtype:trojan-activity;sid:84739642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876541/; classtype:trojan-activity;sid:84739641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.104.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876540/; classtype:trojan-activity;sid:84739640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.19.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876539/; classtype:trojan-activity;sid:84739639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.250.37.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876538/; classtype:trojan-activity;sid:84739638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.89.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876537/; classtype:trojan-activity;sid:84739637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.190.160.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876536/; classtype:trojan-activity;sid:84739636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.89.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876535/; classtype:trojan-activity;sid:84739635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.41.78.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876534/; classtype:trojan-activity;sid:84739634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.196.192.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876533/; classtype:trojan-activity;sid:84739633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.164.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876531/; classtype:trojan-activity;sid:84739631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.148.220.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876532/; classtype:trojan-activity;sid:84739632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.131.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876530/; classtype:trojan-activity;sid:84739630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.197.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876529/; classtype:trojan-activity;sid:84739629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.104.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876528/; classtype:trojan-activity;sid:84739628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.19.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876527/; classtype:trojan-activity;sid:84739627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.44.145.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876526/; classtype:trojan-activity;sid:84739626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.148.220.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876525/; classtype:trojan-activity;sid:84739625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.131.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876524/; classtype:trojan-activity;sid:84739624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.190.160.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876523/; classtype:trojan-activity;sid:84739623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876522)"; flow:established,from_client; content:"GET"; http_method; content:"/check_bot_m"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"diobenu2silva.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876522/; classtype:trojan-activity;sid:84739622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876521)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_3fec31ac90ffd33e.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876521/; classtype:trojan-activity;sid:84739621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876520)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_278ea03277611bf1.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876520/; classtype:trojan-activity;sid:84739620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.164.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876519/; classtype:trojan-activity;sid:84739619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.147.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876518/; classtype:trojan-activity;sid:84739618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.200.191.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876517/; classtype:trojan-activity;sid:84739617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.239.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876516/; classtype:trojan-activity;sid:84739616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.200.191.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876515/; classtype:trojan-activity;sid:84739615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.165.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876514/; classtype:trojan-activity;sid:84739614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.212.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876513/; classtype:trojan-activity;sid:84739613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876512)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b3a28359-5117-4b3b-b920-2f6af5e95a93"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"7sjngotr.1xsignupbet.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876512/; classtype:trojan-activity;sid:84739612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.167.39.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876511/; classtype:trojan-activity;sid:84739611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876510)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=859fe997-8d2e-4259-9545-371871746841"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"qgyszj8a.abt90kade.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876510/; classtype:trojan-activity;sid:84739610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.229.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876509/; classtype:trojan-activity;sid:84739609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.89.157.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876508/; classtype:trojan-activity;sid:84739608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876507)"; flow:established,from_client; content:"GET"; http_method; content:"/unbefitting/pressurize"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.v-care.hk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876507/; classtype:trojan-activity;sid:84739607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876506)"; flow:established,from_client; content:"GET"; http_method; content:"/vaseline/insole"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"westcodex.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876506/; classtype:trojan-activity;sid:84739606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876503)"; flow:established,from_client; content:"GET"; http_method; content:"/crushed/bilk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"sergiodiazcoach.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876503/; classtype:trojan-activity;sid:84739603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876504)"; flow:established,from_client; content:"GET"; http_method; content:"/connatural/scavenge"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"centrodeinfusaocuritiba.com.br"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876504/; classtype:trojan-activity;sid:84739604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876505)"; flow:established,from_client; content:"GET"; http_method; content:"/prolegome/velvet"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ravstore.cl"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876505/; classtype:trojan-activity;sid:84739605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876495)"; flow:established,from_client; content:"GET"; http_method; content:"/agrimotor/kilobyte"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"testdomain.kognitivtrainer.de"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876495/; classtype:trojan-activity;sid:84739595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876496)"; flow:established,from_client; content:"GET"; http_method; content:"/bunkering/onomasiology"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"jabalitowers.nexatestwp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876496/; classtype:trojan-activity;sid:84739596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876497)"; flow:established,from_client; content:"GET"; http_method; content:"/bunkering/advocacies"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"jabalitowers.nexatestwp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876497/; classtype:trojan-activity;sid:84739597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876498)"; flow:established,from_client; content:"GET"; http_method; content:"/three.js.old/examples/models/gltf/monster/gltf/predatory/rampage"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"360.intraserv.pl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876498/; classtype:trojan-activity;sid:84739598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876499)"; flow:established,from_client; content:"GET"; http_method; content:"/bunkering/clandestine"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"jabalitowers.nexatestwp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876499/; classtype:trojan-activity;sid:84739599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876500)"; flow:established,from_client; content:"GET"; http_method; content:"/subparameter/seamy"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kelvintahvieh.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876500/; classtype:trojan-activity;sid:84739600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876501)"; flow:established,from_client; content:"GET"; http_method; content:"/utilize/helicopter"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mythandmycelium.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876501/; classtype:trojan-activity;sid:84739601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876502)"; flow:established,from_client; content:"GET"; http_method; content:"/improperly/foregoing"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"propertymgmtsoft.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876502/; classtype:trojan-activity;sid:84739602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876493)"; flow:established,from_client; content:"GET"; http_method; content:"/matin/complicate"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"doc.eagle-web-concept.fr"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876493/; classtype:trojan-activity;sid:84739593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876494)"; flow:established,from_client; content:"GET"; http_method; content:"/feign/pedigreed"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"alkhateebholding.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876494/; classtype:trojan-activity;sid:84739594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.50.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876492/; classtype:trojan-activity;sid:84739592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.68.168.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876491/; classtype:trojan-activity;sid:84739591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.165.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876490/; classtype:trojan-activity;sid:84739590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.185.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876489/; classtype:trojan-activity;sid:84739589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.89.157.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876488/; classtype:trojan-activity;sid:84739588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.185.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876487/; classtype:trojan-activity;sid:84739587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.48.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876486/; classtype:trojan-activity;sid:84739586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.48.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876485/; classtype:trojan-activity;sid:84739585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.167.39.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876484/; classtype:trojan-activity;sid:84739584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876483)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=03a32fba-0101-4277-94ea-928f9dc8aa4c"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"00pq7d1j.1xboropartners.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876483/; classtype:trojan-activity;sid:84739583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.106.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876482/; classtype:trojan-activity;sid:84739582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.95.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876481/; classtype:trojan-activity;sid:84739581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.50.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876480/; classtype:trojan-activity;sid:84739580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876479)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.225.135.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876479/; classtype:trojan-activity;sid:84739579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876478/; classtype:trojan-activity;sid:84739578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.233.194.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876477/; classtype:trojan-activity;sid:84739577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.93.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876475/; classtype:trojan-activity;sid:84739575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.55.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876476/; classtype:trojan-activity;sid:84739576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.243.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876474/; classtype:trojan-activity;sid:84739574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.224.14.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876473/; classtype:trojan-activity;sid:84739573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.68.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876472/; classtype:trojan-activity;sid:84739572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.144.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876471/; classtype:trojan-activity;sid:84739571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.184.80.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876470/; classtype:trojan-activity;sid:84739570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.93.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876469/; classtype:trojan-activity;sid:84739569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.205.226.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876468/; classtype:trojan-activity;sid:84739568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.213.175.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876467/; classtype:trojan-activity;sid:84739567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.205.226.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876466/; classtype:trojan-activity;sid:84739566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.243.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876465/; classtype:trojan-activity;sid:84739565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.224.14.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876464/; classtype:trojan-activity;sid:84739564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.60.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876463/; classtype:trojan-activity;sid:84739563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876462)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=25c2a4b7-0168-4108-ac3b-71609dc02175"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"rfhudhbz.313betsingup.casino"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876462/; classtype:trojan-activity;sid:84739562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876461)"; flow:established,from_client; content:"GET"; http_method; content:"/3kje"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"server-830796.thatserver.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876461/; classtype:trojan-activity;sid:84739561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.173.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876460/; classtype:trojan-activity;sid:84739560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.32.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876459/; classtype:trojan-activity;sid:84739559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.184.80.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876458/; classtype:trojan-activity;sid:84739558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.228.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876457/; classtype:trojan-activity;sid:84739557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.230.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876456/; classtype:trojan-activity;sid:84739556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.228.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876455/; classtype:trojan-activity;sid:84739555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876454)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/roody2643/driver-access-service/access_manager"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876454/; classtype:trojan-activity;sid:84739554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.32.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876453/; classtype:trojan-activity;sid:84739553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.52.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876452/; classtype:trojan-activity;sid:84739552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.10.155.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876451/; classtype:trojan-activity;sid:84739551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.63.144.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876450/; classtype:trojan-activity;sid:84739550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.230.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876449/; classtype:trojan-activity;sid:84739549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876448)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/roody2643/roadblock4/dfd745"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876448/; classtype:trojan-activity;sid:84739548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876447)"; flow:established,from_client; content:"GET"; http_method; content:"/d2e8d12f-63a2-4e0f-806b-da67aad39488"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"drf.honareslami.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876447/; classtype:trojan-activity;sid:84739547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.255.30.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876446/; classtype:trojan-activity;sid:84739546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.52.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876445/; classtype:trojan-activity;sid:84739545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.201.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876444/; classtype:trojan-activity;sid:84739544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.73.206.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876443/; classtype:trojan-activity;sid:84739543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.186.175.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876442/; classtype:trojan-activity;sid:84739542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876441/; classtype:trojan-activity;sid:84739541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.255.30.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876440/; classtype:trojan-activity;sid:84739540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.10.155.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876439/; classtype:trojan-activity;sid:84739539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.23.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876438/; classtype:trojan-activity;sid:84739538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.201.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876437/; classtype:trojan-activity;sid:84739537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.73.206.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876436/; classtype:trojan-activity;sid:84739536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876435)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/belova-bb071/syd1-failover/krt5a"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876435/; classtype:trojan-activity;sid:84739535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876434)"; flow:established,from_client; content:"GET"; http_method; content:"/e0c4cf0d-a8b3-4e57-82fe-5686322d9bed"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xb.bet1bonus.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876434/; classtype:trojan-activity;sid:84739534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.186.175.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876433/; classtype:trojan-activity;sid:84739533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876432)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=29a94676-d1ea-4a6b-9d3a-ed0d793f48a8"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wlwnophi.313betiran.online"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876432/; classtype:trojan-activity;sid:84739532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.98.39.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876431/; classtype:trojan-activity;sid:84739531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876429)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/x86_64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876429/; classtype:trojan-activity;sid:84739529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876430)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/main.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876430/; classtype:trojan-activity;sid:84739530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876426)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/boatnet.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876426/; classtype:trojan-activity;sid:84739526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876427)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/untouchable.x86"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876427/; classtype:trojan-activity;sid:84739527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/untouchable.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876428/; classtype:trojan-activity;sid:84739528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876424)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/untouchable.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876424/; classtype:trojan-activity;sid:84739524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876425)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/untouchable.x86_64"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876425/; classtype:trojan-activity;sid:84739525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/tadashi.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876422/; classtype:trojan-activity;sid:84739522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876423)"; flow:established,from_client; content:"GET"; http_method; content:"/n2//bot.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876423/; classtype:trojan-activity;sid:84739523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876421)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/boatnet.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876421/; classtype:trojan-activity;sid:84739521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876420)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876420/; classtype:trojan-activity;sid:84739520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876417)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tuxbot.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876417/; classtype:trojan-activity;sid:84739517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876418)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/tuxbot.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876418/; classtype:trojan-activity;sid:84739518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876419)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/bot.x86_64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876419/; classtype:trojan-activity;sid:84739519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876414)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/tadashi.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876414/; classtype:trojan-activity;sid:84739514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876415)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/main.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876415/; classtype:trojan-activity;sid:84739515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876416)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/boatnet.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876416/; classtype:trojan-activity;sid:84739516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876411)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/sora.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876411/; classtype:trojan-activity;sid:84739511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876412)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/main.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876412/; classtype:trojan-activity;sid:84739512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876413)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876413/; classtype:trojan-activity;sid:84739513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876404)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/tuxbot.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876404/; classtype:trojan-activity;sid:84739504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/main.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876405/; classtype:trojan-activity;sid:84739505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/bot.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876406/; classtype:trojan-activity;sid:84739506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/boatnet.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876407/; classtype:trojan-activity;sid:84739507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/nerv.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876408/; classtype:trojan-activity;sid:84739508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876409)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tuxbot.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876409/; classtype:trojan-activity;sid:84739509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/tuxbot.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876410/; classtype:trojan-activity;sid:84739510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876402)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/nerv.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876402/; classtype:trojan-activity;sid:84739502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876403)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876403/; classtype:trojan-activity;sid:84739503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876397)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/main.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876397/; classtype:trojan-activity;sid:84739497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876398)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/nerv.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876398/; classtype:trojan-activity;sid:84739498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876399)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876399/; classtype:trojan-activity;sid:84739499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876400)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/tuxbot.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876400/; classtype:trojan-activity;sid:84739500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/main.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876401/; classtype:trojan-activity;sid:84739501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/nerv.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876396/; classtype:trojan-activity;sid:84739496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876392)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tadashi.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876392/; classtype:trojan-activity;sid:84739492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876393)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/tadashi.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876393/; classtype:trojan-activity;sid:84739493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876394/; classtype:trojan-activity;sid:84739494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876395)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/untouchable.x86"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876395/; classtype:trojan-activity;sid:84739495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876387)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/untouchable.x86_64"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876387/; classtype:trojan-activity;sid:84739487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876388)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nerv.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876388/; classtype:trojan-activity;sid:84739488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876389)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/boatnet.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876389/; classtype:trojan-activity;sid:84739489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876390)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876390/; classtype:trojan-activity;sid:84739490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876391)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nerv.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876391/; classtype:trojan-activity;sid:84739491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/sora.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876382/; classtype:trojan-activity;sid:84739482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876383)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/x86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876383/; classtype:trojan-activity;sid:84739483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/bot.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876384/; classtype:trojan-activity;sid:84739484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876385)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/untouchable.x86_64"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876385/; classtype:trojan-activity;sid:84739485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/sora.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876386/; classtype:trojan-activity;sid:84739486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/boatnet.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876381/; classtype:trojan-activity;sid:84739481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876378)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tadashi.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876378/; classtype:trojan-activity;sid:84739478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876379)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876379/; classtype:trojan-activity;sid:84739479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876380)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/tadashi.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876380/; classtype:trojan-activity;sid:84739480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876367)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/nerv.x86"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876367/; classtype:trojan-activity;sid:84739467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876368)"; flow:established,from_client; content:"GET"; http_method; content:"/nerv.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876368/; classtype:trojan-activity;sid:84739468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876369)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876369/; classtype:trojan-activity;sid:84739469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876370)"; flow:established,from_client; content:"GET"; http_method; content:"/main.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876370/; classtype:trojan-activity;sid:84739470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876371)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/bot.x86_64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876371/; classtype:trojan-activity;sid:84739471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876372)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/sora.x86_64"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876372/; classtype:trojan-activity;sid:84739472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876373)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/main.x86"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876373/; classtype:trojan-activity;sid:84739473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876374)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876374/; classtype:trojan-activity;sid:84739474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876375)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876375/; classtype:trojan-activity;sid:84739475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876376)"; flow:established,from_client; content:"GET"; http_method; content:"/check.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.225.135.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876376/; classtype:trojan-activity;sid:84739476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876377)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876377/; classtype:trojan-activity;sid:84739477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876365)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/tadashi.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876365/; classtype:trojan-activity;sid:84739465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876366)"; flow:established,from_client; content:"GET"; http_method; content:"/tadashi.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876366/; classtype:trojan-activity;sid:84739466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876362)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876362/; classtype:trojan-activity;sid:84739462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876363)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/nerv.x86_64"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876363/; classtype:trojan-activity;sid:84739463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876364)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/main.x86_64"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876364/; classtype:trojan-activity;sid:84739464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876361)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_cf7313a869b75634.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876361/; classtype:trojan-activity;sid:84739461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876360)"; flow:established,from_client; content:"GET"; http_method; content:"/nilapila.docx.psd.pdf.in.sys.nilapila.docx.psd.pdf.in.sys"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"mineiicancry25june2026.blogspot.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876360/; classtype:trojan-activity;sid:84739460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876356)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_3929e99cb34bd81d.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876356/; classtype:trojan-activity;sid:84739456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876357)"; flow:established,from_client; content:"GET"; http_method; content:"/nilapila.docx.psd.pdf.in.sys.nilapila.docx.psd.pdf.in.sys|3f|m=1"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"mineiicancry25june2026.blogspot.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876357/; classtype:trojan-activity;sid:84739457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876358)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_5efa8b22546fb824.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876358/; classtype:trojan-activity;sid:84739458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876359)"; flow:established,from_client; content:"GET"; http_method; content:"/ugd/09c1d5_f29a3b493ad342199c678fc221f44af7.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"09c1d5c3-1a6e-4c05-8e4e-eff75c6b5dd6.filesusr.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876359/; classtype:trojan-activity;sid:84739459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876355)"; flow:established,from_client; content:"GET"; http_method; content:"/apache"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.76.241.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876355/; classtype:trojan-activity;sid:84739455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876354)"; flow:established,from_client; content:"GET"; http_method; content:"/gigatex/fuckall.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876354/; classtype:trojan-activity;sid:84739454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876353)"; flow:established,from_client; content:"GET"; http_method; content:"/s4warm/cybervalorant-valorant-cheat-aimbot-esp/main/eduty%20external/valorant-external.vcxproj"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876353/; classtype:trojan-activity;sid:84739453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876352)"; flow:established,from_client; content:"GET"; http_method; content:"/besvigahw/valorant-efi-driver-cheat-hack/main/driver/driver/eficlient.vcxproj"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876352/; classtype:trojan-activity;sid:84739452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876350)"; flow:established,from_client; content:"GET"; http_method; content:"/atom.xml"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mineiicancry25june2026.blogspot.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876350/; classtype:trojan-activity;sid:84739450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876351)"; flow:established,from_client; content:"GET"; http_method; content:"/atom.xml|3f|m=1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mineiicancry25june2026.blogspot.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876351/; classtype:trojan-activity;sid:84739451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876347)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_4e2018f59b40990b.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876347/; classtype:trojan-activity;sid:84739447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876348)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_e6c9920023234218.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876348/; classtype:trojan-activity;sid:84739448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876349)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_cb304e7539c83e32.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876349/; classtype:trojan-activity;sid:84739449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.243.27.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876346/; classtype:trojan-activity;sid:84739446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876345)"; flow:established,from_client; content:"GET"; http_method; content:"/untouchable.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876345/; classtype:trojan-activity;sid:84739445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.251.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876344/; classtype:trojan-activity;sid:84739444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.103.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876343/; classtype:trojan-activity;sid:84739443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.216.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876342/; classtype:trojan-activity;sid:84739442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876340)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/tedy324/techub-v7/rtt-6"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876340/; classtype:trojan-activity;sid:84739440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876341)"; flow:established,from_client; content:"GET"; http_method; content:"/9957f452-10ee-4604-9013-043730dd6937"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"nxbv.sabad724.bio"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876341/; classtype:trojan-activity;sid:84739441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876339)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"server-176-97-210-186.da.direct"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876339/; classtype:trojan-activity;sid:84739439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876338)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mail.pagar10.vendasptg.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876338/; classtype:trojan-activity;sid:84739438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876336)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mail.dns2.vendasptg.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876336/; classtype:trojan-activity;sid:84739436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876337)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dns2.vendasptg.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876337/; classtype:trojan-activity;sid:84739437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876335)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mail.pagar10.vendasptg.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876335/; classtype:trojan-activity;sid:84739435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876332)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176-97-210-186.syd.nbn.aussiebb.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876332/; classtype:trojan-activity;sid:84739432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876333)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pagar10.vendasptg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876333/; classtype:trojan-activity;sid:84739433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876334)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mail.dns2.vendasptg.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876334/; classtype:trojan-activity;sid:84739434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876331)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176-97-210-186.syd.nbn.aussiebb.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876331/; classtype:trojan-activity;sid:84739431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876329)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pagar10.vendasptg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876329/; classtype:trojan-activity;sid:84739429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876330)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dns2.vendasptg.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876330/; classtype:trojan-activity;sid:84739430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876327)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dns2.vendasptg.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876327/; classtype:trojan-activity;sid:84739427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876328)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dns2.vendasptg.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876328/; classtype:trojan-activity;sid:84739428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876326)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mail.dns2.vendasptg.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876326/; classtype:trojan-activity;sid:84739426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876324)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mail.pagar10.vendasptg.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876324/; classtype:trojan-activity;sid:84739424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876325)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mail.dns2.vendasptg.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876325/; classtype:trojan-activity;sid:84739425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876320)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176-97-210-186.syd.nbn.aussiebb.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876320/; classtype:trojan-activity;sid:84739420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876321)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176-97-210-186.syd.nbn.aussiebb.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876321/; classtype:trojan-activity;sid:84739421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876322)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176-97-210-186.syd.nbn.aussiebb.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876322/; classtype:trojan-activity;sid:84739422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876323)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mail.pagar10.vendasptg.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876323/; classtype:trojan-activity;sid:84739423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876318)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mail.dns2.vendasptg.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876318/; classtype:trojan-activity;sid:84739418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876319)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176-97-210-186.syd.nbn.aussiebb.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876319/; classtype:trojan-activity;sid:84739419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876317)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176-97-210-186.syd.nbn.aussiebb.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876317/; classtype:trojan-activity;sid:84739417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876316)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176-97-210-186.syd.nbn.aussiebb.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876316/; classtype:trojan-activity;sid:84739416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876312)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pagar10.vendasptg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876312/; classtype:trojan-activity;sid:84739412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876313)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pagar10.vendasptg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876313/; classtype:trojan-activity;sid:84739413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876314)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mail.dns2.vendasptg.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876314/; classtype:trojan-activity;sid:84739414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876315)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mail.pagar10.vendasptg.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876315/; classtype:trojan-activity;sid:84739415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876303)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"server-176-97-210-186.da.direct"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876303/; classtype:trojan-activity;sid:84739403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876304)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pagar10.vendasptg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876304/; classtype:trojan-activity;sid:84739404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876305)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dns2.vendasptg.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876305/; classtype:trojan-activity;sid:84739405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876306)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"server-176-97-210-186.da.direct"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876306/; classtype:trojan-activity;sid:84739406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876307)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mail.dns2.vendasptg.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876307/; classtype:trojan-activity;sid:84739407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876308)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"server-176-97-210-186.da.direct"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876308/; classtype:trojan-activity;sid:84739408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876309)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mail.pagar10.vendasptg.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876309/; classtype:trojan-activity;sid:84739409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876310)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"server-176-97-210-186.da.direct"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876310/; classtype:trojan-activity;sid:84739410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876311)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mail.dns2.vendasptg.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876311/; classtype:trojan-activity;sid:84739411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876294)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"server-176-97-210-186.da.direct"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876294/; classtype:trojan-activity;sid:84739394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876295)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"server-176-97-210-186.da.direct"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876295/; classtype:trojan-activity;sid:84739395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876296)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"server-176-97-210-186.da.direct"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876296/; classtype:trojan-activity;sid:84739396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876297)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pagar10.vendasptg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876297/; classtype:trojan-activity;sid:84739397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876298)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pagar10.vendasptg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876298/; classtype:trojan-activity;sid:84739398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876299)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mail.pagar10.vendasptg.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876299/; classtype:trojan-activity;sid:84739399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876300)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mail.pagar10.vendasptg.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876300/; classtype:trojan-activity;sid:84739400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876301)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pagar10.vendasptg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876301/; classtype:trojan-activity;sid:84739401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876302)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mail.dns2.vendasptg.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876302/; classtype:trojan-activity;sid:84739402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876290)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dns2.vendasptg.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876290/; classtype:trojan-activity;sid:84739390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876291)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dns2.vendasptg.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876291/; classtype:trojan-activity;sid:84739391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876292)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dns2.vendasptg.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876292/; classtype:trojan-activity;sid:84739392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876293)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pagar10.vendasptg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876293/; classtype:trojan-activity;sid:84739393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876287)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176-97-210-186.syd.nbn.aussiebb.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876287/; classtype:trojan-activity;sid:84739387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876288)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dns2.vendasptg.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876288/; classtype:trojan-activity;sid:84739388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876289)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mail.pagar10.vendasptg.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876289/; classtype:trojan-activity;sid:84739389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876286)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"server-176-97-210-186.da.direct"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876286/; classtype:trojan-activity;sid:84739386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.255.42.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876285/; classtype:trojan-activity;sid:84739385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.243.27.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876284/; classtype:trojan-activity;sid:84739384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.12.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876282/; classtype:trojan-activity;sid:84739382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.12.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876283/; classtype:trojan-activity;sid:84739383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.220.145.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876281/; classtype:trojan-activity;sid:84739381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876280)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv5l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876280/; classtype:trojan-activity;sid:84739380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876269)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.i486"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876269/; classtype:trojan-activity;sid:84739369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876270)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv7l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876270/; classtype:trojan-activity;sid:84739370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876271)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.powerpc-440fp"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876271/; classtype:trojan-activity;sid:84739371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876272)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.mips64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876272/; classtype:trojan-activity;sid:84739372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876273)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv4l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876273/; classtype:trojan-activity;sid:84739373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876274)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv4tl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876274/; classtype:trojan-activity;sid:84739374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876275)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876275/; classtype:trojan-activity;sid:84739375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876276)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876276/; classtype:trojan-activity;sid:84739376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876277)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.i586"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876277/; classtype:trojan-activity;sid:84739377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876278)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876278/; classtype:trojan-activity;sid:84739378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876279)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.mipsel"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876279/; classtype:trojan-activity;sid:84739379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876264)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876264/; classtype:trojan-activity;sid:84739364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876265)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv6l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876265/; classtype:trojan-activity;sid:84739365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876266)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.powerpc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876266/; classtype:trojan-activity;sid:84739366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876267)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876267/; classtype:trojan-activity;sid:84739367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876268)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv4eb"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.148.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876268/; classtype:trojan-activity;sid:84739368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.216.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876263/; classtype:trojan-activity;sid:84739363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.103.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876262/; classtype:trojan-activity;sid:84739362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876261)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=eef02546-fb14-4a9b-b56b-60ad5f1905b2"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"nxk3vadq.1xprobet.app"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876261/; classtype:trojan-activity;sid:84739361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.49.213.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876260/; classtype:trojan-activity;sid:84739360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.251.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876259/; classtype:trojan-activity;sid:84739359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876258)"; flow:established,from_client; content:"GET"; http_method; content:"/tuxbot.x86_64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876258/; classtype:trojan-activity;sid:84739358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.255.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876256/; classtype:trojan-activity;sid:84739356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.19.49.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876257/; classtype:trojan-activity;sid:84739357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.135.218.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876255/; classtype:trojan-activity;sid:84739355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.111.24.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876254/; classtype:trojan-activity;sid:84739354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.135.218.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876253/; classtype:trojan-activity;sid:84739353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.220.145.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876252/; classtype:trojan-activity;sid:84739352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.184.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876251/; classtype:trojan-activity;sid:84739351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.92.240.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876250/; classtype:trojan-activity;sid:84739350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.92.240.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876249/; classtype:trojan-activity;sid:84739349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.92.240.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876247/; classtype:trojan-activity;sid:84739347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.92.240.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876248/; classtype:trojan-activity;sid:84739348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876244)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.m68k"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"5.253.246.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876244/; classtype:trojan-activity;sid:84739344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876245)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.ppc"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"5.253.246.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876245/; classtype:trojan-activity;sid:84739345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876246)"; flow:established,from_client; content:"GET"; http_method; content:"/mmaarriioisectanee/mmaarriioisectanee.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"5.253.246.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876246/; classtype:trojan-activity;sid:84739346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876243)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.x86"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"5.253.246.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876243/; classtype:trojan-activity;sid:84739343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876232)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.arm7"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"5.253.246.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876232/; classtype:trojan-activity;sid:84739332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876233)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.arm"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"5.253.246.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876233/; classtype:trojan-activity;sid:84739333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876234)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.spc"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"5.253.246.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876234/; classtype:trojan-activity;sid:84739334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876235)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.arm6"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"5.253.246.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876235/; classtype:trojan-activity;sid:84739335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876236)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.arm5"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"5.253.246.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876236/; classtype:trojan-activity;sid:84739336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876237)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.mips"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"5.253.246.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876237/; classtype:trojan-activity;sid:84739337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876238)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.mpsl"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"5.253.246.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876238/; classtype:trojan-activity;sid:84739338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876239)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.i586"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"5.253.246.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876239/; classtype:trojan-activity;sid:84739339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876240)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.x86_64"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"5.253.246.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876240/; classtype:trojan-activity;sid:84739340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876241)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.i686"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"5.253.246.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876241/; classtype:trojan-activity;sid:84739341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876242)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.sh4"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"5.253.246.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876242/; classtype:trojan-activity;sid:84739342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.255.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876231/; classtype:trojan-activity;sid:84739331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.100.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876230/; classtype:trojan-activity;sid:84739330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876229)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876229/; classtype:trojan-activity;sid:84739329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876228)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876228/; classtype:trojan-activity;sid:84739328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.184.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876227/; classtype:trojan-activity;sid:84739327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876226)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.97.210.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876226/; classtype:trojan-activity;sid:84739326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876220)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.97.210.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876220/; classtype:trojan-activity;sid:84739320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876221)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.97.210.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876221/; classtype:trojan-activity;sid:84739321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876222)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.97.210.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876222/; classtype:trojan-activity;sid:84739322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876223)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.97.210.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876223/; classtype:trojan-activity;sid:84739323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876224)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.97.210.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876224/; classtype:trojan-activity;sid:84739324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876225)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.97.210.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876225/; classtype:trojan-activity;sid:84739325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876218)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.97.210.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876218/; classtype:trojan-activity;sid:84739318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876219)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.97.210.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876219/; classtype:trojan-activity;sid:84739319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"194.26.192.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876217/; classtype:trojan-activity;sid:84739317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"194.26.192.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876216/; classtype:trojan-activity;sid:84739316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"192.159.99.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876215/; classtype:trojan-activity;sid:84739315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.159.99.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876214/; classtype:trojan-activity;sid:84739314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.238.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876213/; classtype:trojan-activity;sid:84739313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.251.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876212/; classtype:trojan-activity;sid:84739312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876210)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=44791ca1-0c48-42db-a742-763b32f0a9fa"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"u5xjkopi.1xbetpartnersiran.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876210/; classtype:trojan-activity;sid:84739310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876211)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=a848cfec-7bfd-46a8-876a-9f584ccf855b"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ty954rii.313betios.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876211/; classtype:trojan-activity;sid:84739311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.148.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876209/; classtype:trojan-activity;sid:84739309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.100.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876208/; classtype:trojan-activity;sid:84739308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.238.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876207/; classtype:trojan-activity;sid:84739307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.235.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876206/; classtype:trojan-activity;sid:84739306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876205)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876205/; classtype:trojan-activity;sid:84739305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.61.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876204/; classtype:trojan-activity;sid:84739304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876203)"; flow:established,from_client; content:"GET"; http_method; content:"/tuxbot.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876203/; classtype:trojan-activity;sid:84739303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/tadashi.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876202/; classtype:trojan-activity;sid:84739302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.195.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876201/; classtype:trojan-activity;sid:84739301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.211.47.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876200/; classtype:trojan-activity;sid:84739300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.195.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876199/; classtype:trojan-activity;sid:84739299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876198)"; flow:established,from_client; content:"GET"; http_method; content:"/1.xml"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.225.135.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876198/; classtype:trojan-activity;sid:84739298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.26.202.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876197/; classtype:trojan-activity;sid:84739297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.45.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876196/; classtype:trojan-activity;sid:84739296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.194.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876195/; classtype:trojan-activity;sid:84739295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/tuxbot.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876194/; classtype:trojan-activity;sid:84739294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.47.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876193/; classtype:trojan-activity;sid:84739293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.145.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876192/; classtype:trojan-activity;sid:84739292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.26.202.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876191/; classtype:trojan-activity;sid:84739291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.196.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876190/; classtype:trojan-activity;sid:84739290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876189)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876189/; classtype:trojan-activity;sid:84739289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876188)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876188/; classtype:trojan-activity;sid:84739288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.197.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876187/; classtype:trojan-activity;sid:84739287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.74.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876186/; classtype:trojan-activity;sid:84739286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.45.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876185/; classtype:trojan-activity;sid:84739285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.97.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876184/; classtype:trojan-activity;sid:84739284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.196.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876183/; classtype:trojan-activity;sid:84739283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876182)"; flow:established,from_client; content:"GET"; http_method; content:"/nerv.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876182/; classtype:trojan-activity;sid:84739282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.227.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876181/; classtype:trojan-activity;sid:84739281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.13.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876180/; classtype:trojan-activity;sid:84739280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.97.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876179/; classtype:trojan-activity;sid:84739279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.66.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876178/; classtype:trojan-activity;sid:84739278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.9.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876177/; classtype:trojan-activity;sid:84739277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876176)"; flow:established,from_client; content:"GET"; http_method; content:"/main.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876176/; classtype:trojan-activity;sid:84739276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.9.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876174/; classtype:trojan-activity;sid:84739274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.13.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876175/; classtype:trojan-activity;sid:84739275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.243.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876173/; classtype:trojan-activity;sid:84739273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.58.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876172/; classtype:trojan-activity;sid:84739272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.183.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876171/; classtype:trojan-activity;sid:84739271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.66.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876170/; classtype:trojan-activity;sid:84739270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.31.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876169/; classtype:trojan-activity;sid:84739269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876168)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/bot.x86"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876168/; classtype:trojan-activity;sid:84739268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.164.128.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876167/; classtype:trojan-activity;sid:84739267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.23.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876166/; classtype:trojan-activity;sid:84739266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.14.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876165/; classtype:trojan-activity;sid:84739265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.14.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876164/; classtype:trojan-activity;sid:84739264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.183.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876163/; classtype:trojan-activity;sid:84739263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876162)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876162/; classtype:trojan-activity;sid:84739262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.123.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876160/; classtype:trojan-activity;sid:84739260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.75.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876161/; classtype:trojan-activity;sid:84739261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.213.174.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876159/; classtype:trojan-activity;sid:84739259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876158)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=7d1a5001-0f3c-4f7c-99ed-6a2df7baf38f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wqeign6o.vip1xbet.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876158/; classtype:trojan-activity;sid:84739258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.84.215.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876157/; classtype:trojan-activity;sid:84739257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.31.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876156/; classtype:trojan-activity;sid:84739256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.213.174.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876155/; classtype:trojan-activity;sid:84739255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876154)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/tuxbot.x86_64"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876154/; classtype:trojan-activity;sid:84739254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876153/; classtype:trojan-activity;sid:84739253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876152)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=baaa48cf-b389-4c92-80bd-3ee4f0ac0992"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"9ergp1lh.yekshart.app"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876152/; classtype:trojan-activity;sid:84739252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.49.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876151/; classtype:trojan-activity;sid:84739251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876150)"; flow:established,from_client; content:"GET"; http_method; content:"/files/493632231/gxqtzwd.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876150/; classtype:trojan-activity;sid:84739250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.202.88.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876149/; classtype:trojan-activity;sid:84739249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.49.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876148/; classtype:trojan-activity;sid:84739248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/untouchable.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876147/; classtype:trojan-activity;sid:84739247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.88.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876146/; classtype:trojan-activity;sid:84739246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.255.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876145/; classtype:trojan-activity;sid:84739245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.80.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876144/; classtype:trojan-activity;sid:84739244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.6.169.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876143/; classtype:trojan-activity;sid:84739243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876142)"; flow:established,from_client; content:"GET"; http_method; content:"/jkl"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"server-830796.thatserver.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876142/; classtype:trojan-activity;sid:84739242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.14.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876141/; classtype:trojan-activity;sid:84739241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.5.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876140/; classtype:trojan-activity;sid:84739240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.13.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876139/; classtype:trojan-activity;sid:84739239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876138)"; flow:established,from_client; content:"GET"; http_method; content:"/untouchable.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876138/; classtype:trojan-activity;sid:84739238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.219.1.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876137/; classtype:trojan-activity;sid:84739237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.13.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876136/; classtype:trojan-activity;sid:84739236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876135)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/dsj3lxu.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876135/; classtype:trojan-activity;sid:84739235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.60.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876134/; classtype:trojan-activity;sid:84739234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.19.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876133/; classtype:trojan-activity;sid:84739233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876132)"; flow:established,from_client; content:"GET"; http_method; content:"/oix"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"server-830796.thatserver.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876132/; classtype:trojan-activity;sid:84739232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.19.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876131/; classtype:trojan-activity;sid:84739231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.118.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876130/; classtype:trojan-activity;sid:84739230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876129)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/sora.x86"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876129/; classtype:trojan-activity;sid:84739229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876128)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=4c5222c7-0633-4d1d-bb25-47483fbe1738"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"4iw2skgz.tinyshart.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876128/; classtype:trojan-activity;sid:84739228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876127)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b81be4fe-20dc-4d72-bab3-18b14c1d1962"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"nmo1ivv6.akhlagvaahkam.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876127/; classtype:trojan-activity;sid:84739227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.61.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876126/; classtype:trojan-activity;sid:84739226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.2.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876125/; classtype:trojan-activity;sid:84739225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.14.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876124/; classtype:trojan-activity;sid:84739224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.198.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876123/; classtype:trojan-activity;sid:84739223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.118.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876122/; classtype:trojan-activity;sid:84739222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876121)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876121/; classtype:trojan-activity;sid:84739221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.198.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876120/; classtype:trojan-activity;sid:84739220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.193.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876119/; classtype:trojan-activity;sid:84739219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.30.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876118/; classtype:trojan-activity;sid:84739218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.153.196.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876117/; classtype:trojan-activity;sid:84739217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.202.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876116/; classtype:trojan-activity;sid:84739216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.202.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876115/; classtype:trojan-activity;sid:84739215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.227.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876114/; classtype:trojan-activity;sid:84739214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876113)"; flow:established,from_client; content:"GET"; http_method; content:"/tadashi.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"72.61.196.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876113/; classtype:trojan-activity;sid:84739213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.30.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876112/; classtype:trojan-activity;sid:84739212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.204.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876111/; classtype:trojan-activity;sid:84739211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.7.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876110/; classtype:trojan-activity;sid:84739210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.153.196.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876109/; classtype:trojan-activity;sid:84739209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.99.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876108/; classtype:trojan-activity;sid:84739208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.56.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876107/; classtype:trojan-activity;sid:84739207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.99.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876106/; classtype:trojan-activity;sid:84739206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.227.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876105/; classtype:trojan-activity;sid:84739205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.75.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876104/; classtype:trojan-activity;sid:84739204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.7.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876103/; classtype:trojan-activity;sid:84739203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876102)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b25772d6-925c-4b3e-a91c-004679564062"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"71zdauu1.taktikbet.bio"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876102/; classtype:trojan-activity;sid:84739202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.67.33.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876101/; classtype:trojan-activity;sid:84739201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.121.120.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876099/; classtype:trojan-activity;sid:84739199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.118.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876098/; classtype:trojan-activity;sid:84739198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.56.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876097/; classtype:trojan-activity;sid:84739197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.106.1.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876096/; classtype:trojan-activity;sid:84739196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.121.120.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876095/; classtype:trojan-activity;sid:84739195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.31.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876094/; classtype:trojan-activity;sid:84739194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.72.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876093/; classtype:trojan-activity;sid:84739193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876092)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=6a5530d6-08b2-45c4-885d-9591d652bac2"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ex5nibpq.vip1xbet.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876092/; classtype:trojan-activity;sid:84739192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.67.33.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876091/; classtype:trojan-activity;sid:84739191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.201.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876090/; classtype:trojan-activity;sid:84739190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.46.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876089/; classtype:trojan-activity;sid:84739189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.118.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876088/; classtype:trojan-activity;sid:84739188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.106.1.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876087/; classtype:trojan-activity;sid:84739187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.31.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876086/; classtype:trojan-activity;sid:84739186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.46.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876085/; classtype:trojan-activity;sid:84739185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.222.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876084/; classtype:trojan-activity;sid:84739184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.222.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876083/; classtype:trojan-activity;sid:84739183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876074)"; flow:established,from_client; content:"GET"; http_method; content:"/meerkat.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"51.158.248.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876074/; classtype:trojan-activity;sid:84739174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876075)"; flow:established,from_client; content:"GET"; http_method; content:"/meerkat.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"51.158.248.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876075/; classtype:trojan-activity;sid:84739175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876076)"; flow:established,from_client; content:"GET"; http_method; content:"/meerkat.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"51.158.248.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876076/; classtype:trojan-activity;sid:84739176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876077)"; flow:established,from_client; content:"GET"; http_method; content:"/meerkat.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"51.158.248.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876077/; classtype:trojan-activity;sid:84739177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876078)"; flow:established,from_client; content:"GET"; http_method; content:"/meerkat.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"51.158.248.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876078/; classtype:trojan-activity;sid:84739178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876079)"; flow:established,from_client; content:"GET"; http_method; content:"/meerkat.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"51.158.248.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876079/; classtype:trojan-activity;sid:84739179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876080)"; flow:established,from_client; content:"GET"; http_method; content:"/meerkat.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"51.158.248.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876080/; classtype:trojan-activity;sid:84739180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876081)"; flow:established,from_client; content:"GET"; http_method; content:"/meerkat.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"51.158.248.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876081/; classtype:trojan-activity;sid:84739181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876082)"; flow:established,from_client; content:"GET"; http_method; content:"/meerkat.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"51.158.248.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876082/; classtype:trojan-activity;sid:84739182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.18.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876073/; classtype:trojan-activity;sid:84739173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.5.138.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876072/; classtype:trojan-activity;sid:84739172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.18.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876071/; classtype:trojan-activity;sid:84739171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876070/; classtype:trojan-activity;sid:84739170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.140.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876069/; classtype:trojan-activity;sid:84739169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876068)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=e59453c8-4280-4f44-8070-b6fc1c5788ae"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"hdb1qm8y.shartcart.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876068/; classtype:trojan-activity;sid:84739168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876067)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_a807958c8808a7df.msi"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876067/; classtype:trojan-activity;sid:84739167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876066)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_96500d1cd646a6d8.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876066/; classtype:trojan-activity;sid:84739166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876065)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"51.158.248.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876065/; classtype:trojan-activity;sid:84739165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876062)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_ec8c5bd33d915201.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876062/; classtype:trojan-activity;sid:84739162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876063)"; flow:established,from_client; content:"GET"; http_method; content:"/dl.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"51.158.248.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876063/; classtype:trojan-activity;sid:84739163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876064)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"51.158.248.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876064/; classtype:trojan-activity;sid:84739164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.21.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876061/; classtype:trojan-activity;sid:84739161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.21.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876060/; classtype:trojan-activity;sid:84739160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.42.89.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876059/; classtype:trojan-activity;sid:84739159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.5.138.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876058/; classtype:trojan-activity;sid:84739158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.140.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876057/; classtype:trojan-activity;sid:84739157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.123.9.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876056/; classtype:trojan-activity;sid:84739156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.128.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876055/; classtype:trojan-activity;sid:84739155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.12.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876054/; classtype:trojan-activity;sid:84739154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.236.65.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876053/; classtype:trojan-activity;sid:84739153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.241.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876052/; classtype:trojan-activity;sid:84739152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.70.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876051/; classtype:trojan-activity;sid:84739151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.227.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876050/; classtype:trojan-activity;sid:84739150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876049)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=df01d0ba-2a5b-4f55-8fb3-0b5ec3fa9e29"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"t1x1vby3.ahkam.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876049/; classtype:trojan-activity;sid:84739149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.171.42.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876047/; classtype:trojan-activity;sid:84739147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.163.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876046/; classtype:trojan-activity;sid:84739146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.108.24.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876045/; classtype:trojan-activity;sid:84739145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876044/; classtype:trojan-activity;sid:84739144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.70.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876043/; classtype:trojan-activity;sid:84739143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.147.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876042/; classtype:trojan-activity;sid:84739142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.60.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876041/; classtype:trojan-activity;sid:84739141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.65.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876040/; classtype:trojan-activity;sid:84739140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876037)"; flow:established,from_client; content:"GET"; http_method; content:"/cnc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.79.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876037/; classtype:trojan-activity;sid:84739137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.189.183.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876038/; classtype:trojan-activity;sid:84739138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876039)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876039/; classtype:trojan-activity;sid:84739139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.189.183.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876036/; classtype:trojan-activity;sid:84739136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.253.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876035/; classtype:trojan-activity;sid:84739135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.230.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876034/; classtype:trojan-activity;sid:84739134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.240.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876033/; classtype:trojan-activity;sid:84739133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.252.69.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876032/; classtype:trojan-activity;sid:84739132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.65.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876031/; classtype:trojan-activity;sid:84739131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.209.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876030/; classtype:trojan-activity;sid:84739130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876029)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=74bb95fe-85d1-4247-b674-b8c0a461ae25"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cd6ts3mz.blackjackonlineplay83.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876029/; classtype:trojan-activity;sid:84739129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.253.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876028/; classtype:trojan-activity;sid:84739128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.21.174.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876027/; classtype:trojan-activity;sid:84739127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.230.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876026/; classtype:trojan-activity;sid:84739126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.105.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876025/; classtype:trojan-activity;sid:84739125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.21.174.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876024/; classtype:trojan-activity;sid:84739124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.209.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876023/; classtype:trojan-activity;sid:84739123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.151.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876022/; classtype:trojan-activity;sid:84739122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.190.23.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876021/; classtype:trojan-activity;sid:84739121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.198.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876020/; classtype:trojan-activity;sid:84739120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876019)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=e938818a-fef6-4d3f-8bf3-3ee13aa5c65e"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tv2gs2t9.1xfa.bio"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876019/; classtype:trojan-activity;sid:84739119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.2.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876017/; classtype:trojan-activity;sid:84739117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.190.23.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876016/; classtype:trojan-activity;sid:84739116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876015)"; flow:established,from_client; content:"GET"; http_method; content:"/script.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"etaczb1.jetbetapk.online"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876015/; classtype:trojan-activity;sid:84739115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876014)"; flow:established,from_client; content:"GET"; http_method; content:"/dynamic|3f|txd=2dfc3df264e5fdd440df3a7466922a7228001af837832252e15bfd17b5343c68"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"proviewhomeinspections.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876014/; classtype:trojan-activity;sid:84739114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876009)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876009/; classtype:trojan-activity;sid:84739109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876010)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876010/; classtype:trojan-activity;sid:84739110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876011)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876011/; classtype:trojan-activity;sid:84739111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876012)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876012/; classtype:trojan-activity;sid:84739112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876013)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876013/; classtype:trojan-activity;sid:84739113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876005)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876005/; classtype:trojan-activity;sid:84739105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876006)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876006/; classtype:trojan-activity;sid:84739106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876007)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876007/; classtype:trojan-activity;sid:84739107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876008)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876008/; classtype:trojan-activity;sid:84739108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876004)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876004/; classtype:trojan-activity;sid:84739104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876003)"; flow:established,from_client; content:"GET"; http_method; content:"/gq2"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876003/; classtype:trojan-activity;sid:84739103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876002)"; flow:established,from_client; content:"GET"; http_method; content:"/1ab"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876002/; classtype:trojan-activity;sid:84739102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.2.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876001/; classtype:trojan-activity;sid:84739101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.140.190.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876000/; classtype:trojan-activity;sid:84739100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875999)"; flow:established,from_client; content:"GET"; http_method; content:"/yqfn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875999/; classtype:trojan-activity;sid:84739099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875997)"; flow:established,from_client; content:"GET"; http_method; content:"/lyul"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875997/; classtype:trojan-activity;sid:84739097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875998)"; flow:established,from_client; content:"GET"; http_method; content:"/g7vg"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875998/; classtype:trojan-activity;sid:84739098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875996)"; flow:established,from_client; content:"GET"; http_method; content:"/file/bdaec2a4aop0iqi/cheat.rar/file"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875996/; classtype:trojan-activity;sid:84739096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.198.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875995/; classtype:trojan-activity;sid:84739095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.106.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875994/; classtype:trojan-activity;sid:84739094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.144.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875992/; classtype:trojan-activity;sid:84739092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.145.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875991/; classtype:trojan-activity;sid:84739091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.44.145.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875990/; classtype:trojan-activity;sid:84739090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875989)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=67ab1e54-fcad-470b-87ea-b63168276be9"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"7vs3nqp7.vip1x.bet"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875989/; classtype:trojan-activity;sid:84739089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.106.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875988/; classtype:trojan-activity;sid:84739088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.17.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875987/; classtype:trojan-activity;sid:84739087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.99.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875986/; classtype:trojan-activity;sid:84739086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.83.13.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875984/; classtype:trojan-activity;sid:84739084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.68.168.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875985/; classtype:trojan-activity;sid:84739085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.248.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875983/; classtype:trojan-activity;sid:84739083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.202.142.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875982/; classtype:trojan-activity;sid:84739082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875981)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=37c0fc50-796e-482b-9c5f-4cee609c32d3"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"4iuq4imv.jetbet1.pro"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875981/; classtype:trojan-activity;sid:84739081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.44.144.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875979/; classtype:trojan-activity;sid:84739079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.5.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875980/; classtype:trojan-activity;sid:84739080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.85.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875978/; classtype:trojan-activity;sid:84739078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.248.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875977/; classtype:trojan-activity;sid:84739077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.202.142.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875976/; classtype:trojan-activity;sid:84739076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.107.136.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875975/; classtype:trojan-activity;sid:84739075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.85.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875974/; classtype:trojan-activity;sid:84739074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875973)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=c4f50d63-3b86-4cf9-8569-407f1ffe8d6f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"8opocc30.1x303.casino"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875973/; classtype:trojan-activity;sid:84739073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.99.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875972/; classtype:trojan-activity;sid:84739072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.141.130.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875971/; classtype:trojan-activity;sid:84739071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.93.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875970/; classtype:trojan-activity;sid:84739070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875969)"; flow:established,from_client; content:"GET"; http_method; content:"/tron35/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875969/; classtype:trojan-activity;sid:84739069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875967)"; flow:established,from_client; content:"GET"; http_method; content:"/tron33/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875967/; classtype:trojan-activity;sid:84739067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875968)"; flow:established,from_client; content:"GET"; http_method; content:"/tron34/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875968/; classtype:trojan-activity;sid:84739068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875965)"; flow:established,from_client; content:"GET"; http_method; content:"/tron31/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875965/; classtype:trojan-activity;sid:84739065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875966)"; flow:established,from_client; content:"GET"; http_method; content:"/tron32/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875966/; classtype:trojan-activity;sid:84739066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875963)"; flow:established,from_client; content:"GET"; http_method; content:"/tron29/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875963/; classtype:trojan-activity;sid:84739063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875964)"; flow:established,from_client; content:"GET"; http_method; content:"/tron30/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875964/; classtype:trojan-activity;sid:84739064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.67.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875962/; classtype:trojan-activity;sid:84739062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875961)"; flow:established,from_client; content:"GET"; http_method; content:"/tron27/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875961/; classtype:trojan-activity;sid:84739061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875958)"; flow:established,from_client; content:"GET"; http_method; content:"/tron25/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875958/; classtype:trojan-activity;sid:84739058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875959)"; flow:established,from_client; content:"GET"; http_method; content:"/tron28/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875959/; classtype:trojan-activity;sid:84739059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875960)"; flow:established,from_client; content:"GET"; http_method; content:"/tron26/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875960/; classtype:trojan-activity;sid:84739060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875954)"; flow:established,from_client; content:"GET"; http_method; content:"/tron24/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875954/; classtype:trojan-activity;sid:84739054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875955)"; flow:established,from_client; content:"GET"; http_method; content:"/tron21/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875955/; classtype:trojan-activity;sid:84739055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875956)"; flow:established,from_client; content:"GET"; http_method; content:"/tron23/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875956/; classtype:trojan-activity;sid:84739056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875957)"; flow:established,from_client; content:"GET"; http_method; content:"/tron22/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875957/; classtype:trojan-activity;sid:84739057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875949)"; flow:established,from_client; content:"GET"; http_method; content:"/tron18/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875949/; classtype:trojan-activity;sid:84739049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875950)"; flow:established,from_client; content:"GET"; http_method; content:"/tron19/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875950/; classtype:trojan-activity;sid:84739050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875951)"; flow:established,from_client; content:"GET"; http_method; content:"/tron17/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875951/; classtype:trojan-activity;sid:84739051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875952)"; flow:established,from_client; content:"GET"; http_method; content:"/tron20/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875952/; classtype:trojan-activity;sid:84739052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875953)"; flow:established,from_client; content:"GET"; http_method; content:"/tron16/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875953/; classtype:trojan-activity;sid:84739053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875948)"; flow:established,from_client; content:"GET"; http_method; content:"/tron15/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875948/; classtype:trojan-activity;sid:84739048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.67.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875947/; classtype:trojan-activity;sid:84739047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875946)"; flow:established,from_client; content:"GET"; http_method; content:"/tron14/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875946/; classtype:trojan-activity;sid:84739046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875945)"; flow:established,from_client; content:"GET"; http_method; content:"/tron60/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875945/; classtype:trojan-activity;sid:84739045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875941)"; flow:established,from_client; content:"GET"; http_method; content:"/tron58/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875941/; classtype:trojan-activity;sid:84739041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875942)"; flow:established,from_client; content:"GET"; http_method; content:"/tron57/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875942/; classtype:trojan-activity;sid:84739042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875943)"; flow:established,from_client; content:"GET"; http_method; content:"/tron59/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875943/; classtype:trojan-activity;sid:84739043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875944)"; flow:established,from_client; content:"GET"; http_method; content:"/tron56/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875944/; classtype:trojan-activity;sid:84739044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875940)"; flow:established,from_client; content:"GET"; http_method; content:"/tron55/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875940/; classtype:trojan-activity;sid:84739040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875938)"; flow:established,from_client; content:"GET"; http_method; content:"/tron53/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875938/; classtype:trojan-activity;sid:84739038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875939)"; flow:established,from_client; content:"GET"; http_method; content:"/tron54/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875939/; classtype:trojan-activity;sid:84739039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875937)"; flow:established,from_client; content:"GET"; http_method; content:"/tron52/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875937/; classtype:trojan-activity;sid:84739037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875936)"; flow:established,from_client; content:"GET"; http_method; content:"/tron50/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875936/; classtype:trojan-activity;sid:84739036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875935)"; flow:established,from_client; content:"GET"; http_method; content:"/tron51/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875935/; classtype:trojan-activity;sid:84739035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875933)"; flow:established,from_client; content:"GET"; http_method; content:"/tron48/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875933/; classtype:trojan-activity;sid:84739033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875934)"; flow:established,from_client; content:"GET"; http_method; content:"/tron47/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875934/; classtype:trojan-activity;sid:84739034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875932)"; flow:established,from_client; content:"GET"; http_method; content:"/tron49/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875932/; classtype:trojan-activity;sid:84739032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875929)"; flow:established,from_client; content:"GET"; http_method; content:"/tron45/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875929/; classtype:trojan-activity;sid:84739029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875930)"; flow:established,from_client; content:"GET"; http_method; content:"/tron44/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875930/; classtype:trojan-activity;sid:84739030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875931)"; flow:established,from_client; content:"GET"; http_method; content:"/tron46/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875931/; classtype:trojan-activity;sid:84739031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875925)"; flow:established,from_client; content:"GET"; http_method; content:"/tron41/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875925/; classtype:trojan-activity;sid:84739025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875926)"; flow:established,from_client; content:"GET"; http_method; content:"/tron42/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875926/; classtype:trojan-activity;sid:84739026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875927)"; flow:established,from_client; content:"GET"; http_method; content:"/tron40/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875927/; classtype:trojan-activity;sid:84739027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875928)"; flow:established,from_client; content:"GET"; http_method; content:"/tron43/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875928/; classtype:trojan-activity;sid:84739028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875921)"; flow:established,from_client; content:"GET"; http_method; content:"/tron37/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875921/; classtype:trojan-activity;sid:84739021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875922)"; flow:established,from_client; content:"GET"; http_method; content:"/tron36/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875922/; classtype:trojan-activity;sid:84739022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875923)"; flow:established,from_client; content:"GET"; http_method; content:"/tron38/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875923/; classtype:trojan-activity;sid:84739023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875924)"; flow:established,from_client; content:"GET"; http_method; content:"/tron39/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875924/; classtype:trojan-activity;sid:84739024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.17.27.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875920/; classtype:trojan-activity;sid:84739020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.179.240.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875919/; classtype:trojan-activity;sid:84739019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.141.130.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875918/; classtype:trojan-activity;sid:84739018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875917)"; flow:established,from_client; content:"GET"; http_method; content:"/j0yh-keux-j9id-2i7m/img_ozliwt.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"blue-paper-f69f.acrypters.workers.dev"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875917/; classtype:trojan-activity;sid:84739017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.17.27.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875916/; classtype:trojan-activity;sid:84739016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.224.194.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875915/; classtype:trojan-activity;sid:84739015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875914)"; flow:established,from_client; content:"GET"; http_method; content:"/sensi.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875914/; classtype:trojan-activity;sid:84739014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875913)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/izc8wp2sgdkd2kga69p4w/re-417205-908134-rechnung-de6429037.vbs|3f|rlkey=5d4amumoki24s4pbqv22ofwsx|7c|26|7c|st=ma0htyv5|7c|26|7c|dl=1"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875913/; classtype:trojan-activity;sid:84739013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875912)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=0bc22eed-3685-4474-b210-b9e75e35294d"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"qkqz220k.jetbet1.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875912/; classtype:trojan-activity;sid:84739012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.201.126.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875911/; classtype:trojan-activity;sid:84739011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.131.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875910/; classtype:trojan-activity;sid:84739010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.150.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875909/; classtype:trojan-activity;sid:84739009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.120.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875908/; classtype:trojan-activity;sid:84739008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.106.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875907/; classtype:trojan-activity;sid:84739007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.253.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875906/; classtype:trojan-activity;sid:84739006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.150.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875905/; classtype:trojan-activity;sid:84739005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.201.126.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875904/; classtype:trojan-activity;sid:84739004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.120.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875903/; classtype:trojan-activity;sid:84739003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875902)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/ip1js3nmm1jqwtfxrivkz/re-690215-374880-rechnung-de4917602.vbs|3f|rlkey=ogve9v4k3i524oj7gx7x6f0so|7c|26|7c|st=6dojarzo|7c|26|7c|dl=1"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875902/; classtype:trojan-activity;sid:84739002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875901)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_09db6a78e39c7ec7.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875901/; classtype:trojan-activity;sid:84739001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.218.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875900/; classtype:trojan-activity;sid:84739000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.236.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875899/; classtype:trojan-activity;sid:84738999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.15.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875898/; classtype:trojan-activity;sid:84738998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.253.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875897/; classtype:trojan-activity;sid:84738997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.94.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875896/; classtype:trojan-activity;sid:84738996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.218.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875895/; classtype:trojan-activity;sid:84738995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.15.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875894/; classtype:trojan-activity;sid:84738994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875893)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875893/; classtype:trojan-activity;sid:84738993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.3.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875892/; classtype:trojan-activity;sid:84738992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.17.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875891/; classtype:trojan-activity;sid:84738991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.15.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875890/; classtype:trojan-activity;sid:84738990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.94.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875889/; classtype:trojan-activity;sid:84738989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.15.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875888/; classtype:trojan-activity;sid:84738988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.22.219.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875886/; classtype:trojan-activity;sid:84738986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.15.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875887/; classtype:trojan-activity;sid:84738987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.22.219.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875885/; classtype:trojan-activity;sid:84738985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875883)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.arm8"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875883/; classtype:trojan-activity;sid:84738983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875884)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875884/; classtype:trojan-activity;sid:84738984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875879)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875879/; classtype:trojan-activity;sid:84738979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875880)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.x86_64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875880/; classtype:trojan-activity;sid:84738980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875881)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875881/; classtype:trojan-activity;sid:84738981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875882)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875882/; classtype:trojan-activity;sid:84738982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875877)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875877/; classtype:trojan-activity;sid:84738977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875878)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875878/; classtype:trojan-activity;sid:84738978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875876)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875876/; classtype:trojan-activity;sid:84738976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875875)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=7ad8380a-5ab4-470a-88fe-aab2caeeb2ff"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"jw2wczuj.jetbet1.pro"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875875/; classtype:trojan-activity;sid:84738975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.147.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875874/; classtype:trojan-activity;sid:84738974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.15.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875873/; classtype:trojan-activity;sid:84738973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.103.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875871/; classtype:trojan-activity;sid:84738971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.159.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875872/; classtype:trojan-activity;sid:84738972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.112.129.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875870/; classtype:trojan-activity;sid:84738970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.95.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875869/; classtype:trojan-activity;sid:84738969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.107.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875868/; classtype:trojan-activity;sid:84738968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.137.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875867/; classtype:trojan-activity;sid:84738967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.107.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875866/; classtype:trojan-activity;sid:84738966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.137.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875865/; classtype:trojan-activity;sid:84738965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.159.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875864/; classtype:trojan-activity;sid:84738964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.149.125.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875863/; classtype:trojan-activity;sid:84738963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875862)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=96c60124-b066-4958-a5ea-a50071191f64"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"6novzudn.vip1xbet.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875862/; classtype:trojan-activity;sid:84738962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.83.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875861/; classtype:trojan-activity;sid:84738961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.103.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875860/; classtype:trojan-activity;sid:84738960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.95.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875859/; classtype:trojan-activity;sid:84738959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.63.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875858/; classtype:trojan-activity;sid:84738958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875857)"; flow:established,from_client; content:"GET"; http_method; content:"/cage.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"widerangegroup.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875857/; classtype:trojan-activity;sid:84738957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.63.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875856/; classtype:trojan-activity;sid:84738956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.31.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875855/; classtype:trojan-activity;sid:84738955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.44.144.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875854/; classtype:trojan-activity;sid:84738954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.162.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875853/; classtype:trojan-activity;sid:84738953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.162.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875852/; classtype:trojan-activity;sid:84738952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.179.240.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875851/; classtype:trojan-activity;sid:84738951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.149.125.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875850/; classtype:trojan-activity;sid:84738950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875843)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc-440fp"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"51.158.248.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875843/; classtype:trojan-activity;sid:84738943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875844)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"51.158.248.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875844/; classtype:trojan-activity;sid:84738944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875845)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"51.158.248.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875845/; classtype:trojan-activity;sid:84738945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875846)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"51.158.248.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875846/; classtype:trojan-activity;sid:84738946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875847)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"51.158.248.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875847/; classtype:trojan-activity;sid:84738947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875848)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"51.158.248.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875848/; classtype:trojan-activity;sid:84738948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875849)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"51.158.248.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875849/; classtype:trojan-activity;sid:84738949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.94.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875842/; classtype:trojan-activity;sid:84738942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875840)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"51.158.248.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875840/; classtype:trojan-activity;sid:84738940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875841)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"51.158.248.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875841/; classtype:trojan-activity;sid:84738941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875837)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_f28c9e09b0b2c92e.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875837/; classtype:trojan-activity;sid:84738937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875838)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"51.158.248.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875838/; classtype:trojan-activity;sid:84738938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875839)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"51.158.248.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875839/; classtype:trojan-activity;sid:84738939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.104.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875836/; classtype:trojan-activity;sid:84738936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875835)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=9bd2acf0-ad55-4b13-bf07-c775fcf5cd7f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"c3u193ap.betmajic.cc"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875835/; classtype:trojan-activity;sid:84738935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.93.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875834/; classtype:trojan-activity;sid:84738934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875833)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=f41699fe-9f66-49bb-b033-b877b315998a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"oay019z6.1xfa.bio"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875833/; classtype:trojan-activity;sid:84738933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.93.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875832/; classtype:trojan-activity;sid:84738932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.151.34.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875831/; classtype:trojan-activity;sid:84738931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.166.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875829/; classtype:trojan-activity;sid:84738929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875828)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kblockd0"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.76.149.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875828/; classtype:trojan-activity;sid:84738928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875825)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ksoftirqd0"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.76.149.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875825/; classtype:trojan-activity;sid:84738925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875826)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cfg80211d"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.76.149.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875826/; classtype:trojan-activity;sid:84738926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875827)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/edac_polld"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.76.149.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875827/; classtype:trojan-activity;sid:84738927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875818)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworker_u8"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.76.149.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875818/; classtype:trojan-activity;sid:84738918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875819)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bioset0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.76.149.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875819/; classtype:trojan-activity;sid:84738919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875820)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jbd2_sda1d"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.76.149.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875820/; classtype:trojan-activity;sid:84738920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875821)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/devfreq_wq"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.76.149.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875821/; classtype:trojan-activity;sid:84738921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875822)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ecryptfsd"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.76.149.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875822/; classtype:trojan-activity;sid:84738922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875823)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zswap_shrinkd"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.76.149.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875823/; classtype:trojan-activity;sid:84738923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875824)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kswapd0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.76.149.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875824/; classtype:trojan-activity;sid:84738924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875817)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.76.149.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875817/; classtype:trojan-activity;sid:84738917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875816)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rcuop_0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.76.149.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875816/; classtype:trojan-activity;sid:84738916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875814)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xfsaild_sda"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.76.149.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875814/; classtype:trojan-activity;sid:84738914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875815)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/scsi_tmf_0"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.76.149.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875815/; classtype:trojan-activity;sid:84738915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.211.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875813/; classtype:trojan-activity;sid:84738913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.242.128.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875812/; classtype:trojan-activity;sid:84738912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.151.34.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875811/; classtype:trojan-activity;sid:84738911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.145.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875810/; classtype:trojan-activity;sid:84738910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875808)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.ghost"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875808/; classtype:trojan-activity;sid:84738908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875809)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l.ghost"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875809/; classtype:trojan-activity;sid:84738909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875804)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.ghost"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875804/; classtype:trojan-activity;sid:84738904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875805)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.ghost"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875805/; classtype:trojan-activity;sid:84738905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875806)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.ghost"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875806/; classtype:trojan-activity;sid:84738906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875807)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64.ghost"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875807/; classtype:trojan-activity;sid:84738907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875800)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.ghost"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875800/; classtype:trojan-activity;sid:84738900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875801)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.ghost"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875801/; classtype:trojan-activity;sid:84738901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875802)"; flow:established,from_client; content:"GET"; http_method; content:"/i686.ghost"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875802/; classtype:trojan-activity;sid:84738902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875803)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l.ghost"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875803/; classtype:trojan-activity;sid:84738903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.211.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875799/; classtype:trojan-activity;sid:84738899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875798)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/payload.applescript"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"5v12-3my5908y1.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875798/; classtype:trojan-activity;sid:84738898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875797)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/loader.sh"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5v12-3my5908y1.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875797/; classtype:trojan-activity;sid:84738897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875796)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.250.238.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875796/; classtype:trojan-activity;sid:84738896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.166.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875795/; classtype:trojan-activity;sid:84738895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875794)"; flow:established,from_client; content:"GET"; http_method; content:"/fscan"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.63.94.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875794/; classtype:trojan-activity;sid:84738894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.134.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875791/; classtype:trojan-activity;sid:84738891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.19.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875792/; classtype:trojan-activity;sid:84738892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875789)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=cf5e4a39-69f9-459a-9f8f-19dc4f0dcf17"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"4olnuxxz.blackjackonlineplay83.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875789/; classtype:trojan-activity;sid:84738889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.165.231.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875788/; classtype:trojan-activity;sid:84738888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.236.74.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875787/; classtype:trojan-activity;sid:84738887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875786)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ashahaarmans.nl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875786/; classtype:trojan-activity;sid:84738886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875785)"; flow:established,from_client; content:"GET"; http_method; content:"/144.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ashahaarmans.nl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875785/; classtype:trojan-activity;sid:84738885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.134.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875784/; classtype:trojan-activity;sid:84738884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.187.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875783/; classtype:trojan-activity;sid:84738883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875782)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_51113c4021c7ce7a.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875782/; classtype:trojan-activity;sid:84738882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.224.74.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875781/; classtype:trojan-activity;sid:84738881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.236.74.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875780/; classtype:trojan-activity;sid:84738880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.165.231.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875778/; classtype:trojan-activity;sid:84738878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.187.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875779/; classtype:trojan-activity;sid:84738879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.187.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875777/; classtype:trojan-activity;sid:84738877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.224.74.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875776/; classtype:trojan-activity;sid:84738876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.80.14.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875775/; classtype:trojan-activity;sid:84738875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875774)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=0e0abe39-4e05-40ea-a663-04b2e1f0feb1"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ygbl3eg2.vip1xbet.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875774/; classtype:trojan-activity;sid:84738874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.84.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875773/; classtype:trojan-activity;sid:84738873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875772)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_770ba08c32f49311.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875772/; classtype:trojan-activity;sid:84738872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.164.238.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875771/; classtype:trojan-activity;sid:84738871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875770)"; flow:established,from_client; content:"GET"; http_method; content:"/deploy_softwaretech.sh"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.225.135.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875770/; classtype:trojan-activity;sid:84738870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875769)"; flow:established,from_client; content:"GET"; http_method; content:"/ghost.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875769/; classtype:trojan-activity;sid:84738869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875768)"; flow:established,from_client; content:"GET"; http_method; content:"/072d9420-f4da-402d-ab74-9195bee8d427/pf.ch"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"fdg.jetbet1.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875768/; classtype:trojan-activity;sid:84738868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875767)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_7d35d73729c60ac7.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875767/; classtype:trojan-activity;sid:84738867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.181.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875766/; classtype:trojan-activity;sid:84738866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.119.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875765/; classtype:trojan-activity;sid:84738865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.80.14.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875764/; classtype:trojan-activity;sid:84738864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875763)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b7cd8121-586a-47e6-8acc-07ae169647bd"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"pa9xqikq.1000shart.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875763/; classtype:trojan-activity;sid:84738863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.193.203.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875762/; classtype:trojan-activity;sid:84738862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.0.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875761/; classtype:trojan-activity;sid:84738861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.66.64.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875760/; classtype:trojan-activity;sid:84738860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.193.203.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875759/; classtype:trojan-activity;sid:84738859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.106.225.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875758/; classtype:trojan-activity;sid:84738858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.191.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875757/; classtype:trojan-activity;sid:84738857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.85.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875756/; classtype:trojan-activity;sid:84738856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.212.37.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875755/; classtype:trojan-activity;sid:84738855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875754)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=361a0d0e-e4e4-4b68-afe9-3ecaa2dd28e3"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"g3byemsx.xbetone.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875754/; classtype:trojan-activity;sid:84738854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.106.225.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875753/; classtype:trojan-activity;sid:84738853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.0.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875752/; classtype:trojan-activity;sid:84738852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.191.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875751/; classtype:trojan-activity;sid:84738851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.122.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875750/; classtype:trojan-activity;sid:84738850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.221.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875748/; classtype:trojan-activity;sid:84738848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.122.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875747/; classtype:trojan-activity;sid:84738847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.41.156"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875746/; classtype:trojan-activity;sid:84738846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.41.156"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875745/; classtype:trojan-activity;sid:84738845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.155.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875744/; classtype:trojan-activity;sid:84738844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.45.14.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875743/; classtype:trojan-activity;sid:84738843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875742)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=7fdf217b-76cd-49a9-945e-1ddc06f9cfb5"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"5qsj6shb.rigel1poker.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875742/; classtype:trojan-activity;sid:84738842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.85.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875741/; classtype:trojan-activity;sid:84738841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.34.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875740/; classtype:trojan-activity;sid:84738840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.45.14.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875739/; classtype:trojan-activity;sid:84738839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.249.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875738/; classtype:trojan-activity;sid:84738838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.155.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875737/; classtype:trojan-activity;sid:84738837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.188.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875736/; classtype:trojan-activity;sid:84738836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.188.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875735/; classtype:trojan-activity;sid:84738835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.67.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875734/; classtype:trojan-activity;sid:84738834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.12.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875733/; classtype:trojan-activity;sid:84738833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.70.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875732/; classtype:trojan-activity;sid:84738832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.104.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875731/; classtype:trojan-activity;sid:84738831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.1.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875730/; classtype:trojan-activity;sid:84738830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.95.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875729/; classtype:trojan-activity;sid:84738829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.111.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875727/; classtype:trojan-activity;sid:84738827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.1.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875728/; classtype:trojan-activity;sid:84738828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.67.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875726/; classtype:trojan-activity;sid:84738826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.95.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875725/; classtype:trojan-activity;sid:84738825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.243.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875724/; classtype:trojan-activity;sid:84738824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.202.65.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875723/; classtype:trojan-activity;sid:84738823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.26.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875722/; classtype:trojan-activity;sid:84738822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875721)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d3ece653-6dcf-43a3-87cb-1409b785d187"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"glbr7plk.parsballl.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875721/; classtype:trojan-activity;sid:84738821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.111.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875720/; classtype:trojan-activity;sid:84738820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.255.42.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875719/; classtype:trojan-activity;sid:84738819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.233.77.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875717/; classtype:trojan-activity;sid:84738817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.93.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875718/; classtype:trojan-activity;sid:84738818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.42.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875716/; classtype:trojan-activity;sid:84738816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.65.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875715/; classtype:trojan-activity;sid:84738815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.233.77.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875714/; classtype:trojan-activity;sid:84738814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.93.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875713/; classtype:trojan-activity;sid:84738813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.131.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875712/; classtype:trojan-activity;sid:84738812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.215.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875710/; classtype:trojan-activity;sid:84738810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.74.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875711/; classtype:trojan-activity;sid:84738811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.66.64.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875709/; classtype:trojan-activity;sid:84738809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.215.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875708/; classtype:trojan-activity;sid:84738808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875707/; classtype:trojan-activity;sid:84738807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.80.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875705/; classtype:trojan-activity;sid:84738805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.144.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875706/; classtype:trojan-activity;sid:84738806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.224.228.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875704/; classtype:trojan-activity;sid:84738804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.253.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875703/; classtype:trojan-activity;sid:84738803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.42.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875701/; classtype:trojan-activity;sid:84738801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.80.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875702/; classtype:trojan-activity;sid:84738802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.87.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875700/; classtype:trojan-activity;sid:84738800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"153.117.6.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875699/; classtype:trojan-activity;sid:84738799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.44.144.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875687/; classtype:trojan-activity;sid:84738787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875686)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/tbk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"51.81.96.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875686/; classtype:trojan-activity;sid:84738786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875685/; classtype:trojan-activity;sid:84738785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.87.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875684/; classtype:trojan-activity;sid:84738784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.251.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875683/; classtype:trojan-activity;sid:84738783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875673)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/ppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"51.81.96.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875673/; classtype:trojan-activity;sid:84738773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875674)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/x86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"51.81.96.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875674/; classtype:trojan-activity;sid:84738774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875675)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv5l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.81.96.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875675/; classtype:trojan-activity;sid:84738775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875676)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv7l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.81.96.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875676/; classtype:trojan-activity;sid:84738776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875677)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/x86_64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.81.96.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875677/; classtype:trojan-activity;sid:84738777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875678)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/m68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"51.81.96.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875678/; classtype:trojan-activity;sid:84738778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875679)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv4l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.81.96.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875679/; classtype:trojan-activity;sid:84738779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875680)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv6l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.81.96.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875680/; classtype:trojan-activity;sid:84738780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875681)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"51.81.96.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875681/; classtype:trojan-activity;sid:84738781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875682)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mips64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.81.96.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875682/; classtype:trojan-activity;sid:84738782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875672)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/aarch64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"51.81.96.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875672/; classtype:trojan-activity;sid:84738772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.253.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875671/; classtype:trojan-activity;sid:84738771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875670)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=48859f92-b5fc-4d03-9c1a-0052c24c5e40"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"1owgctfi.ekhtelalattabrizi.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875670/; classtype:trojan-activity;sid:84738770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.164.115.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875669/; classtype:trojan-activity;sid:84738769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875667)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"51.81.96.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875667/; classtype:trojan-activity;sid:84738767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875668)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/lterouter"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"51.81.96.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875668/; classtype:trojan-activity;sid:84738768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875666)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"51.81.96.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875666/; classtype:trojan-activity;sid:84738766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.101.0.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875665/; classtype:trojan-activity;sid:84738765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.15.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875664/; classtype:trojan-activity;sid:84738764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.104.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875663/; classtype:trojan-activity;sid:84738763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875662)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=5cc291ec-850e-49a0-8e79-7c2d41690321"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"6shg02c5.onlinecasinorouletteblackjack.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875662/; classtype:trojan-activity;sid:84738762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.164.115.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875661/; classtype:trojan-activity;sid:84738761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.44.145.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875660/; classtype:trojan-activity;sid:84738760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.238.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875659/; classtype:trojan-activity;sid:84738759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.42.89.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875658/; classtype:trojan-activity;sid:84738758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.15.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875657/; classtype:trojan-activity;sid:84738757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.104.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875656/; classtype:trojan-activity;sid:84738756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.185.93.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875655/; classtype:trojan-activity;sid:84738755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.99.162.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875654/; classtype:trojan-activity;sid:84738754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.185.93.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875653/; classtype:trojan-activity;sid:84738753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875652)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=44fdb697-24db-41d8-afc9-09557b3b7b45"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"b97pimiu.vip1x.bet"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875652/; classtype:trojan-activity;sid:84738752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.112.129.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875651/; classtype:trojan-activity;sid:84738751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.238.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875650/; classtype:trojan-activity;sid:84738750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.36.23.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875649/; classtype:trojan-activity;sid:84738749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.101.0.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875648/; classtype:trojan-activity;sid:84738748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.243.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875647/; classtype:trojan-activity;sid:84738747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.48.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875646/; classtype:trojan-activity;sid:84738746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.151.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875645/; classtype:trojan-activity;sid:84738745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.186.37.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875644/; classtype:trojan-activity;sid:84738744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.163.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875643/; classtype:trojan-activity;sid:84738743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.186.37.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875642/; classtype:trojan-activity;sid:84738742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.29.223.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875641/; classtype:trojan-activity;sid:84738741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.224.9.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875640/; classtype:trojan-activity;sid:84738740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.163.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875639/; classtype:trojan-activity;sid:84738739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.240.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875638/; classtype:trojan-activity;sid:84738738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875636)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875636/; classtype:trojan-activity;sid:84738736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875637)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875637/; classtype:trojan-activity;sid:84738737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.29.223.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875635/; classtype:trojan-activity;sid:84738735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.147.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875634/; classtype:trojan-activity;sid:84738734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875633)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=032922bc-e273-4542-8708-60927a371713"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"xxgbaenv.onlineblackjackscam.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875633/; classtype:trojan-activity;sid:84738733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.145.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875632/; classtype:trojan-activity;sid:84738732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.240.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875631/; classtype:trojan-activity;sid:84738731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.107.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875630/; classtype:trojan-activity;sid:84738730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.224.9.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875629/; classtype:trojan-activity;sid:84738729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.235.174.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875628/; classtype:trojan-activity;sid:84738728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.174.122.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875627/; classtype:trojan-activity;sid:84738727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.76.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875626/; classtype:trojan-activity;sid:84738726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.98.97.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875625/; classtype:trojan-activity;sid:84738725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.158.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875624/; classtype:trojan-activity;sid:84738724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.174.122.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875623/; classtype:trojan-activity;sid:84738723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.158.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875622/; classtype:trojan-activity;sid:84738722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.144.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875621/; classtype:trojan-activity;sid:84738721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.122.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875620/; classtype:trojan-activity;sid:84738720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.76.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875619/; classtype:trojan-activity;sid:84738719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.144.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875618/; classtype:trojan-activity;sid:84738718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.98.97.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875617/; classtype:trojan-activity;sid:84738717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.156.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875616/; classtype:trojan-activity;sid:84738716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.137.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875615/; classtype:trojan-activity;sid:84738715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.122.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875614/; classtype:trojan-activity;sid:84738714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.156.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875613/; classtype:trojan-activity;sid:84738713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.137.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875612/; classtype:trojan-activity;sid:84738712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.137.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875611/; classtype:trojan-activity;sid:84738711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.160.130.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875610/; classtype:trojan-activity;sid:84738710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.84.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875609/; classtype:trojan-activity;sid:84738709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875608)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=e06ecccc-7a43-4453-8895-6ff22a2bfdbd"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ss9sxw23.online-blackjack-j.info"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875608/; classtype:trojan-activity;sid:84738708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.238.131.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875607/; classtype:trojan-activity;sid:84738707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.84.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875605/; classtype:trojan-activity;sid:84738705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.249.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875606/; classtype:trojan-activity;sid:84738706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.9.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875604/; classtype:trojan-activity;sid:84738704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.107.102.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875603/; classtype:trojan-activity;sid:84738703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875602)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=3f407dbb-4d46-4a51-aaad-c2590716f03f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"hbcq8sv3.oghabbet1.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875602/; classtype:trojan-activity;sid:84738702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.160.130.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875601/; classtype:trojan-activity;sid:84738701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.140.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875600/; classtype:trojan-activity;sid:84738700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.181.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875599/; classtype:trojan-activity;sid:84738699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.74.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875598/; classtype:trojan-activity;sid:84738698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.74.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875597/; classtype:trojan-activity;sid:84738697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875596)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=5422679e-54d2-48bf-9ca5-e189c0ae943c"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"4o63jpbm.ekhtelalat.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875596/; classtype:trojan-activity;sid:84738696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.4.166"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875595/; classtype:trojan-activity;sid:84738695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875594)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_1bafc197e17b2b27.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875594/; classtype:trojan-activity;sid:84738694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.181.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875593/; classtype:trojan-activity;sid:84738693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875592)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.226.174.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875592/; classtype:trojan-activity;sid:84738692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875591)"; flow:established,from_client; content:"GET"; http_method; content:"/heilongbotnet.arm7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.30.183.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875591/; classtype:trojan-activity;sid:84738691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875590)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_89313d786b8bc386.ps1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875590/; classtype:trojan-activity;sid:84738690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875589)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=dee49145-da2e-4229-a145-7a29b95bca16"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ljkfok0p.vip1xbet.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875589/; classtype:trojan-activity;sid:84738689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.250.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875588/; classtype:trojan-activity;sid:84738688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.69.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875587/; classtype:trojan-activity;sid:84738687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.182.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875586/; classtype:trojan-activity;sid:84738686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.140.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875585/; classtype:trojan-activity;sid:84738685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.250.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875584/; classtype:trojan-activity;sid:84738684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.146.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875583/; classtype:trojan-activity;sid:84738683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.32.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875582/; classtype:trojan-activity;sid:84738682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875581)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=48d42bd7-c73c-4907-8c40-8a70f41e8682"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"8aldchrh.jetbt9.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875581/; classtype:trojan-activity;sid:84738681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.245.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875580/; classtype:trojan-activity;sid:84738680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.187.105.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875579/; classtype:trojan-activity;sid:84738679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.123.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875578/; classtype:trojan-activity;sid:84738678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.33.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875577/; classtype:trojan-activity;sid:84738677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.229.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875576/; classtype:trojan-activity;sid:84738676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.39.122.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875575/; classtype:trojan-activity;sid:84738675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.123.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875574/; classtype:trojan-activity;sid:84738674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.33.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875573/; classtype:trojan-activity;sid:84738673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.229.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875572/; classtype:trojan-activity;sid:84738672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.34.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875571/; classtype:trojan-activity;sid:84738671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.187.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875570/; classtype:trojan-activity;sid:84738670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875569/; classtype:trojan-activity;sid:84738669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.142.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875568/; classtype:trojan-activity;sid:84738668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.146.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875567/; classtype:trojan-activity;sid:84738667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"148.170.135.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875566/; classtype:trojan-activity;sid:84738666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.147.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875565/; classtype:trojan-activity;sid:84738665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.94.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875564/; classtype:trojan-activity;sid:84738664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.250.17.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875563/; classtype:trojan-activity;sid:84738663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.116.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875562/; classtype:trojan-activity;sid:84738662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875561)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=8275aba1-2d9a-443c-b065-09354981600f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"9baeu5sl.zistzirezarebin.shop"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875561/; classtype:trojan-activity;sid:84738661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.144.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875560/; classtype:trojan-activity;sid:84738660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.116.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875559/; classtype:trojan-activity;sid:84738659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.250.17.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875558/; classtype:trojan-activity;sid:84738658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.249.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875557/; classtype:trojan-activity;sid:84738657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875556)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"heartbeatlinkbot.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875556/; classtype:trojan-activity;sid:84738656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875554)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875554/; classtype:trojan-activity;sid:84738654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.110.60.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875555/; classtype:trojan-activity;sid:84738655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875553)"; flow:established,from_client; content:"GET"; http_method; content:"/ftm0-40po-ao28-g98e/img_ybcdby.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"blue-paper-f69f.acrypters.workers.dev"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875553/; classtype:trojan-activity;sid:84738653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875552)"; flow:established,from_client; content:"GET"; http_method; content:"/300/img_214949.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"192.3.140.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875552/; classtype:trojan-activity;sid:84738652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875550)"; flow:established,from_client; content:"GET"; http_method; content:"/300/givingmesomethinggoodthingsforme.hta"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"192.3.140.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875550/; classtype:trojan-activity;sid:84738650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875551)"; flow:established,from_client; content:"GET"; http_method; content:"/90/makemybestgoodpartwithbetterwayscomingforme.hta"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"198.23.177.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875551/; classtype:trojan-activity;sid:84738651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875535)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"genddos.st"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875535/; classtype:trojan-activity;sid:84738635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875536)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"genddos.st"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875536/; classtype:trojan-activity;sid:84738636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875537)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"heartbeatlinkbot.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875537/; classtype:trojan-activity;sid:84738637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875538)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"heartbeatlinkbot.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875538/; classtype:trojan-activity;sid:84738638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875539)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"heartbeatlinkbot.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875539/; classtype:trojan-activity;sid:84738639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875540)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"heartbeatlinkbot.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875540/; classtype:trojan-activity;sid:84738640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875541)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"heartbeatlinkbot.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875541/; classtype:trojan-activity;sid:84738641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875542)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"heartbeatlinkbot.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875542/; classtype:trojan-activity;sid:84738642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875543)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"heartbeatlinkbot.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875543/; classtype:trojan-activity;sid:84738643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875544)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"heartbeatlinkbot.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875544/; classtype:trojan-activity;sid:84738644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875545)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"heartbeatlinkbot.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875545/; classtype:trojan-activity;sid:84738645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875546)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"heartbeatlinkbot.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875546/; classtype:trojan-activity;sid:84738646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875547)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"heartbeatlinkbot.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875547/; classtype:trojan-activity;sid:84738647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875548)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"heartbeatlinkbot.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875548/; classtype:trojan-activity;sid:84738648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875549)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"heartbeatlinkbot.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875549/; classtype:trojan-activity;sid:84738649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875533)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"heartbeatlinkbot.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875533/; classtype:trojan-activity;sid:84738633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875534)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"heartbeatlinkbot.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875534/; classtype:trojan-activity;sid:84738634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875528)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"heartbeatlinkbot.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875528/; classtype:trojan-activity;sid:84738628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875529)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"genddos.st"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875529/; classtype:trojan-activity;sid:84738629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875530)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"heartbeatlinkbot.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875530/; classtype:trojan-activity;sid:84738630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875531)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"heartbeatlinkbot.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875531/; classtype:trojan-activity;sid:84738631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875532)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"heartbeatlinkbot.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875532/; classtype:trojan-activity;sid:84738632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875526)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"heartbeatlinkbot.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875526/; classtype:trojan-activity;sid:84738626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875527)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"heartbeatlinkbot.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875527/; classtype:trojan-activity;sid:84738627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875524)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"genddos.st"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875524/; classtype:trojan-activity;sid:84738624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875525)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"genddos.st"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875525/; classtype:trojan-activity;sid:84738625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875522)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.spc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"genddos.st"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875522/; classtype:trojan-activity;sid:84738622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875523)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.arm"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"genddos.st"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875523/; classtype:trojan-activity;sid:84738623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875521)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.m68k"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"genddos.st"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875521/; classtype:trojan-activity;sid:84738621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"thedon1.ink"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875513/; classtype:trojan-activity;sid:84738613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875514)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.i686"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"genddos.st"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875514/; classtype:trojan-activity;sid:84738614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875515)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.sh4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"genddos.st"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875515/; classtype:trojan-activity;sid:84738615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875516)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"genddos.st"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875516/; classtype:trojan-activity;sid:84738616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875517)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.x86_64"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"genddos.st"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875517/; classtype:trojan-activity;sid:84738617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875518)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.arc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"genddos.st"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875518/; classtype:trojan-activity;sid:84738618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875519)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"genddos.st"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875519/; classtype:trojan-activity;sid:84738619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"thedon1.ink"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875512/; classtype:trojan-activity;sid:84738612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875509)"; flow:established,from_client; content:"GET"; http_method; content:"/gms_update.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"genddos.st"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875509/; classtype:trojan-activity;sid:84738609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875510)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"genddos.st"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875510/; classtype:trojan-activity;sid:84738610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875511)"; flow:established,from_client; content:"GET"; http_method; content:"/in"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"echallan-traffic.live"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875511/; classtype:trojan-activity;sid:84738611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875504)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_54bee27ccbe25b86.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875504/; classtype:trojan-activity;sid:84738604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875505)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_bed02281218bd914.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875505/; classtype:trojan-activity;sid:84738605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"deznyllcf.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875506/; classtype:trojan-activity;sid:84738606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"deznyllcf.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875507/; classtype:trojan-activity;sid:84738607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875508)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/0x68j0lrza0nrfylgw1mx/gutschein_zertifikat12174.pfd.js|3f|rlkey=qjw2lg1gluodzwi3oa5q8yfix"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875508/; classtype:trojan-activity;sid:84738608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.110.60.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875503/; classtype:trojan-activity;sid:84738603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.217.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875502/; classtype:trojan-activity;sid:84738602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.244.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875501/; classtype:trojan-activity;sid:84738601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.244.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875500/; classtype:trojan-activity;sid:84738600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.145.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875499/; classtype:trojan-activity;sid:84738599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.217.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875498/; classtype:trojan-activity;sid:84738598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.11.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875497/; classtype:trojan-activity;sid:84738597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.190.235.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875496/; classtype:trojan-activity;sid:84738596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.240.222.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875495/; classtype:trojan-activity;sid:84738595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875494)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b20949d5-c3da-4872-8ed0-84327888f900"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ya6b2803.edareumumi.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875494/; classtype:trojan-activity;sid:84738594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.116.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875493/; classtype:trojan-activity;sid:84738593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.247.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875491/; classtype:trojan-activity;sid:84738591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.247.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875492/; classtype:trojan-activity;sid:84738592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.101.187.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875490/; classtype:trojan-activity;sid:84738590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.2.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875489/; classtype:trojan-activity;sid:84738589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.73.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875488/; classtype:trojan-activity;sid:84738588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875487)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=253e8ead-7f1a-4da6-acca-d93dbedacaed"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"893804ep.zarinfile.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875487/; classtype:trojan-activity;sid:84738587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.117.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875486/; classtype:trojan-activity;sid:84738586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.38.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875485/; classtype:trojan-activity;sid:84738585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875484)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=a3c3fc31-9e9c-45dc-b0a7-7effc7330ab9"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"she63245.vip1xbet.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875484/; classtype:trojan-activity;sid:84738584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.40.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875483/; classtype:trojan-activity;sid:84738583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.73.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875482/; classtype:trojan-activity;sid:84738582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.182.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875481/; classtype:trojan-activity;sid:84738581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.40.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875480/; classtype:trojan-activity;sid:84738580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.253.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875479/; classtype:trojan-activity;sid:84738579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.205.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875478/; classtype:trojan-activity;sid:84738578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.228.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875476/; classtype:trojan-activity;sid:84738576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.124.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875477/; classtype:trojan-activity;sid:84738577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.61.39.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875475/; classtype:trojan-activity;sid:84738575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.61.39.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875474/; classtype:trojan-activity;sid:84738574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.164.32.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875473/; classtype:trojan-activity;sid:84738573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875469)"; flow:established,from_client; content:"GET"; http_method; content:"/4c27da"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875469/; classtype:trojan-activity;sid:84738569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875470)"; flow:established,from_client; content:"GET"; http_method; content:"/464e0c"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875470/; classtype:trojan-activity;sid:84738570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875471)"; flow:established,from_client; content:"GET"; http_method; content:"/2e2f92"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875471/; classtype:trojan-activity;sid:84738571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875472)"; flow:established,from_client; content:"GET"; http_method; content:"/5e056e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875472/; classtype:trojan-activity;sid:84738572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875461)"; flow:established,from_client; content:"GET"; http_method; content:"/7a4f95"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875461/; classtype:trojan-activity;sid:84738561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875462)"; flow:established,from_client; content:"GET"; http_method; content:"/b02638"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875462/; classtype:trojan-activity;sid:84738562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875463)"; flow:established,from_client; content:"GET"; http_method; content:"/cffba7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875463/; classtype:trojan-activity;sid:84738563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875464)"; flow:established,from_client; content:"GET"; http_method; content:"/bee900"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875464/; classtype:trojan-activity;sid:84738564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875465)"; flow:established,from_client; content:"GET"; http_method; content:"/5db573"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875465/; classtype:trojan-activity;sid:84738565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875466)"; flow:established,from_client; content:"GET"; http_method; content:"/c0accb"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875466/; classtype:trojan-activity;sid:84738566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875467)"; flow:established,from_client; content:"GET"; http_method; content:"/f5956b"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875467/; classtype:trojan-activity;sid:84738567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875468)"; flow:established,from_client; content:"GET"; http_method; content:"/e4a4e9"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875468/; classtype:trojan-activity;sid:84738568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875456)"; flow:established,from_client; content:"GET"; http_method; content:"/xs3"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875456/; classtype:trojan-activity;sid:84738556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875457)"; flow:established,from_client; content:"GET"; http_method; content:"/y7vl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875457/; classtype:trojan-activity;sid:84738557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875458)"; flow:established,from_client; content:"GET"; http_method; content:"/dwzd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875458/; classtype:trojan-activity;sid:84738558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875459)"; flow:established,from_client; content:"GET"; http_method; content:"/8ffk"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875459/; classtype:trojan-activity;sid:84738559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875460)"; flow:established,from_client; content:"GET"; http_method; content:"/uer"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875460/; classtype:trojan-activity;sid:84738560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875455)"; flow:established,from_client; content:"GET"; http_method; content:"/includes/taxii/edu.png"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"securedisk.cfd"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875455/; classtype:trojan-activity;sid:84738555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875454)"; flow:established,from_client; content:"GET"; http_method; content:"/roxanneiq6.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875454/; classtype:trojan-activity;sid:84738554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875453)"; flow:established,from_client; content:"GET"; http_method; content:"/includes/taxii/optim.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"securedisk.cfd"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875453/; classtype:trojan-activity;sid:84738553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.146.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875452/; classtype:trojan-activity;sid:84738552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875451)"; flow:established,from_client; content:"GET"; http_method; content:"/j0yh-keux-j9id-2i7m/img_n0x6bn.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"blue-paper-f69f.acrypters.workers.dev"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875451/; classtype:trojan-activity;sid:84738551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875449)"; flow:established,from_client; content:"GET"; http_method; content:"/yachted/sibling/"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"demo.alkhateeb.ae"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875449/; classtype:trojan-activity;sid:84738549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875450)"; flow:established,from_client; content:"GET"; http_method; content:"/connatural/shortsighted"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"centrodeinfusaocuritiba.com.br"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875450/; classtype:trojan-activity;sid:84738550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875448)"; flow:established,from_client; content:"GET"; http_method; content:"/matin/rend"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"doc.eagle-web-concept.fr"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875448/; classtype:trojan-activity;sid:84738548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875447)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=20b69ad2-ae8d-41c9-b843-b3d0f427c1be"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"k9qxyqt8.jetbt8.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875447/; classtype:trojan-activity;sid:84738547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.32.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875446/; classtype:trojan-activity;sid:84738546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.145.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875445/; classtype:trojan-activity;sid:84738545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.229.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875444/; classtype:trojan-activity;sid:84738544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.32.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875443/; classtype:trojan-activity;sid:84738543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875442)"; flow:established,from_client; content:"GET"; http_method; content:"/bonavol.zip|3f|v=1782289272129|7c|26|7c|r=tdodhd"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"bonavol.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875442/; classtype:trojan-activity;sid:84738542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875441)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_a2b567031aeb65f7.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875441/; classtype:trojan-activity;sid:84738541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.132.135.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875440/; classtype:trojan-activity;sid:84738540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.132.135.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875439/; classtype:trojan-activity;sid:84738539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875438)"; flow:established,from_client; content:"GET"; http_method; content:"/css/djoriginnew.png"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"brenmayasociados.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875438/; classtype:trojan-activity;sid:84738538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875437)"; flow:established,from_client; content:"GET"; http_method; content:"/components/stubaa.ps1"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"2019.ecoknights.org.my"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875437/; classtype:trojan-activity;sid:84738537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875436)"; flow:established,from_client; content:"GET"; http_method; content:"/sass/optimized_foryujune.png"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"brenmayasociados.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875436/; classtype:trojan-activity;sid:84738536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.24.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875434/; classtype:trojan-activity;sid:84738534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.24.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875435/; classtype:trojan-activity;sid:84738535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.84.134.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875433/; classtype:trojan-activity;sid:84738533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875432)"; flow:established,from_client; content:"GET"; http_method; content:"/1b1eca"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875432/; classtype:trojan-activity;sid:84738532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875428)"; flow:established,from_client; content:"GET"; http_method; content:"/068dd6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875428/; classtype:trojan-activity;sid:84738528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875429)"; flow:established,from_client; content:"GET"; http_method; content:"/7d200e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875429/; classtype:trojan-activity;sid:84738529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875430)"; flow:established,from_client; content:"GET"; http_method; content:"/09a96c"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875430/; classtype:trojan-activity;sid:84738530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875431)"; flow:established,from_client; content:"GET"; http_method; content:"/b78de2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875431/; classtype:trojan-activity;sid:84738531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875427)"; flow:established,from_client; content:"GET"; http_method; content:"/242ed0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875427/; classtype:trojan-activity;sid:84738527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875422)"; flow:established,from_client; content:"GET"; http_method; content:"/a14535"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875422/; classtype:trojan-activity;sid:84738522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875423)"; flow:established,from_client; content:"GET"; http_method; content:"/bb8bc9"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875423/; classtype:trojan-activity;sid:84738523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875424)"; flow:established,from_client; content:"GET"; http_method; content:"/c20310"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875424/; classtype:trojan-activity;sid:84738524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875425)"; flow:established,from_client; content:"GET"; http_method; content:"/e1a75c"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875425/; classtype:trojan-activity;sid:84738525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875426)"; flow:established,from_client; content:"GET"; http_method; content:"/43252c"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875426/; classtype:trojan-activity;sid:84738526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875418)"; flow:established,from_client; content:"GET"; http_method; content:"/gigatex/mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875418/; classtype:trojan-activity;sid:84738518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875419)"; flow:established,from_client; content:"GET"; http_method; content:"/gigatex/x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875419/; classtype:trojan-activity;sid:84738519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875420)"; flow:established,from_client; content:"GET"; http_method; content:"/d91b8a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875420/; classtype:trojan-activity;sid:84738520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875421)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.249.230.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875421/; classtype:trojan-activity;sid:84738521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875401)"; flow:established,from_client; content:"GET"; http_method; content:"/b2ac87"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875401/; classtype:trojan-activity;sid:84738501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875402)"; flow:established,from_client; content:"GET"; http_method; content:"/3475cd"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875402/; classtype:trojan-activity;sid:84738502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875403)"; flow:established,from_client; content:"GET"; http_method; content:"/071094"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875403/; classtype:trojan-activity;sid:84738503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875404)"; flow:established,from_client; content:"GET"; http_method; content:"/752cf3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875404/; classtype:trojan-activity;sid:84738504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875405)"; flow:established,from_client; content:"GET"; http_method; content:"/cb87c3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875405/; classtype:trojan-activity;sid:84738505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875406)"; flow:established,from_client; content:"GET"; http_method; content:"/030d34"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875406/; classtype:trojan-activity;sid:84738506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875407)"; flow:established,from_client; content:"GET"; http_method; content:"/9902c4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875407/; classtype:trojan-activity;sid:84738507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875408)"; flow:established,from_client; content:"GET"; http_method; content:"/c3312a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875408/; classtype:trojan-activity;sid:84738508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875409)"; flow:established,from_client; content:"GET"; http_method; content:"/36778c"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875409/; classtype:trojan-activity;sid:84738509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875410)"; flow:established,from_client; content:"GET"; http_method; content:"/5d9f3d"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875410/; classtype:trojan-activity;sid:84738510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875411)"; flow:established,from_client; content:"GET"; http_method; content:"/53d8b8"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875411/; classtype:trojan-activity;sid:84738511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875412)"; flow:established,from_client; content:"GET"; http_method; content:"/0c8da2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875412/; classtype:trojan-activity;sid:84738512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875413)"; flow:established,from_client; content:"GET"; http_method; content:"/7a2453"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875413/; classtype:trojan-activity;sid:84738513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875414)"; flow:established,from_client; content:"GET"; http_method; content:"/e51801"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875414/; classtype:trojan-activity;sid:84738514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875415)"; flow:established,from_client; content:"GET"; http_method; content:"/c24b2f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875415/; classtype:trojan-activity;sid:84738515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875416)"; flow:established,from_client; content:"GET"; http_method; content:"/c42e24"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875416/; classtype:trojan-activity;sid:84738516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875417)"; flow:established,from_client; content:"GET"; http_method; content:"/1a70a3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875417/; classtype:trojan-activity;sid:84738517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875384)"; flow:established,from_client; content:"GET"; http_method; content:"/d4f738"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875384/; classtype:trojan-activity;sid:84738484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875385)"; flow:established,from_client; content:"GET"; http_method; content:"/108b2a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875385/; classtype:trojan-activity;sid:84738485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875386)"; flow:established,from_client; content:"GET"; http_method; content:"/865dd0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875386/; classtype:trojan-activity;sid:84738486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875387)"; flow:established,from_client; content:"GET"; http_method; content:"/1671e9"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875387/; classtype:trojan-activity;sid:84738487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875388)"; flow:established,from_client; content:"GET"; http_method; content:"/97b730"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875388/; classtype:trojan-activity;sid:84738488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875389)"; flow:established,from_client; content:"GET"; http_method; content:"/6d4385"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875389/; classtype:trojan-activity;sid:84738489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875390)"; flow:established,from_client; content:"GET"; http_method; content:"/f273ee"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875390/; classtype:trojan-activity;sid:84738490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875391)"; flow:established,from_client; content:"GET"; http_method; content:"/d5891f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875391/; classtype:trojan-activity;sid:84738491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875392)"; flow:established,from_client; content:"GET"; http_method; content:"/f0a1b9"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875392/; classtype:trojan-activity;sid:84738492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875393)"; flow:established,from_client; content:"GET"; http_method; content:"/e08f7e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875393/; classtype:trojan-activity;sid:84738493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875394)"; flow:established,from_client; content:"GET"; http_method; content:"/1de7f2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875394/; classtype:trojan-activity;sid:84738494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875395)"; flow:established,from_client; content:"GET"; http_method; content:"/156231"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875395/; classtype:trojan-activity;sid:84738495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875396)"; flow:established,from_client; content:"GET"; http_method; content:"/418957"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875396/; classtype:trojan-activity;sid:84738496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875397)"; flow:established,from_client; content:"GET"; http_method; content:"/a14b12"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875397/; classtype:trojan-activity;sid:84738497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875398)"; flow:established,from_client; content:"GET"; http_method; content:"/a1ab0a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875398/; classtype:trojan-activity;sid:84738498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875399)"; flow:established,from_client; content:"GET"; http_method; content:"/93a7f0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875399/; classtype:trojan-activity;sid:84738499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875400)"; flow:established,from_client; content:"GET"; http_method; content:"/a287a6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875400/; classtype:trojan-activity;sid:84738500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875382)"; flow:established,from_client; content:"GET"; http_method; content:"/01ae15"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875382/; classtype:trojan-activity;sid:84738482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875383)"; flow:established,from_client; content:"GET"; http_method; content:"/fdbcb8"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875383/; classtype:trojan-activity;sid:84738483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.207.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875381/; classtype:trojan-activity;sid:84738481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.84.134.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875380/; classtype:trojan-activity;sid:84738480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.216.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875379/; classtype:trojan-activity;sid:84738479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.207.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875378/; classtype:trojan-activity;sid:84738478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.11.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875377/; classtype:trojan-activity;sid:84738477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875376)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=68af7e40-3ff3-43d0-90e6-61387ce78d08"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"8jkjxf31.jetbt7.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875376/; classtype:trojan-activity;sid:84738476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.212.37.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875375/; classtype:trojan-activity;sid:84738475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.52.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875374/; classtype:trojan-activity;sid:84738474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875373)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=71a75337-f523-4a8c-814a-cb124930fd86"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"m2p5bg3q.ahkam.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875373/; classtype:trojan-activity;sid:84738473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.106.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875372/; classtype:trojan-activity;sid:84738472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.52.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875371/; classtype:trojan-activity;sid:84738471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.32.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875370/; classtype:trojan-activity;sid:84738470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875369)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.58.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875369/; classtype:trojan-activity;sid:84738469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875356)"; flow:established,from_client; content:"GET"; http_method; content:"/268cf3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875356/; classtype:trojan-activity;sid:84738456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875357)"; flow:established,from_client; content:"GET"; http_method; content:"/4a7dc3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875357/; classtype:trojan-activity;sid:84738457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875358)"; flow:established,from_client; content:"GET"; http_method; content:"/c1953e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875358/; classtype:trojan-activity;sid:84738458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875359)"; flow:established,from_client; content:"GET"; http_method; content:"/0b1517"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875359/; classtype:trojan-activity;sid:84738459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875360)"; flow:established,from_client; content:"GET"; http_method; content:"/4d01d5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875360/; classtype:trojan-activity;sid:84738460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875361)"; flow:established,from_client; content:"GET"; http_method; content:"/2529d6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875361/; classtype:trojan-activity;sid:84738461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875363)"; flow:established,from_client; content:"GET"; http_method; content:"/6d67c6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875363/; classtype:trojan-activity;sid:84738463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875364)"; flow:established,from_client; content:"GET"; http_method; content:"/78e24f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875364/; classtype:trojan-activity;sid:84738464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875367)"; flow:established,from_client; content:"GET"; http_method; content:"/90aad3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875367/; classtype:trojan-activity;sid:84738467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875368)"; flow:established,from_client; content:"GET"; http_method; content:"/a1cef9"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875368/; classtype:trojan-activity;sid:84738468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875354)"; flow:established,from_client; content:"GET"; http_method; content:"/dd0b31"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875354/; classtype:trojan-activity;sid:84738454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875355)"; flow:established,from_client; content:"GET"; http_method; content:"/883b9c"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875355/; classtype:trojan-activity;sid:84738455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875353)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.150.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875353/; classtype:trojan-activity;sid:84738453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875347)"; flow:established,from_client; content:"GET"; http_method; content:"/d2ee02"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875347/; classtype:trojan-activity;sid:84738447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875348)"; flow:established,from_client; content:"GET"; http_method; content:"/090987"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875348/; classtype:trojan-activity;sid:84738448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875349)"; flow:established,from_client; content:"GET"; http_method; content:"/217d54"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875349/; classtype:trojan-activity;sid:84738449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875351)"; flow:established,from_client; content:"GET"; http_method; content:"/c8cc97"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875351/; classtype:trojan-activity;sid:84738451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875337)"; flow:established,from_client; content:"GET"; http_method; content:"/b61498"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875337/; classtype:trojan-activity;sid:84738437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.48.132.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875339/; classtype:trojan-activity;sid:84738439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.103.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875346/; classtype:trojan-activity;sid:84738446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875322)"; flow:established,from_client; content:"GET"; http_method; content:"/76a632"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875322/; classtype:trojan-activity;sid:84738422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875323)"; flow:established,from_client; content:"GET"; http_method; content:"/e2cbb1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875323/; classtype:trojan-activity;sid:84738423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875324)"; flow:established,from_client; content:"GET"; http_method; content:"/38ec5f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875324/; classtype:trojan-activity;sid:84738424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875325)"; flow:established,from_client; content:"GET"; http_method; content:"/87fa5f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875325/; classtype:trojan-activity;sid:84738425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875326)"; flow:established,from_client; content:"GET"; http_method; content:"/4f6d54"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875326/; classtype:trojan-activity;sid:84738426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875327)"; flow:established,from_client; content:"GET"; http_method; content:"/985cea"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875327/; classtype:trojan-activity;sid:84738427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875328)"; flow:established,from_client; content:"GET"; http_method; content:"/16dcd4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875328/; classtype:trojan-activity;sid:84738428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875329)"; flow:established,from_client; content:"GET"; http_method; content:"/3bd4b8"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875329/; classtype:trojan-activity;sid:84738429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875330)"; flow:established,from_client; content:"GET"; http_method; content:"/95675c"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875330/; classtype:trojan-activity;sid:84738430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875331)"; flow:established,from_client; content:"GET"; http_method; content:"/4f1932"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875331/; classtype:trojan-activity;sid:84738431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875332)"; flow:established,from_client; content:"GET"; http_method; content:"/6300a2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875332/; classtype:trojan-activity;sid:84738432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875333)"; flow:established,from_client; content:"GET"; http_method; content:"/2fe1e0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875333/; classtype:trojan-activity;sid:84738433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875334)"; flow:established,from_client; content:"GET"; http_method; content:"/3994af"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875334/; classtype:trojan-activity;sid:84738434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875335)"; flow:established,from_client; content:"GET"; http_method; content:"/875b73"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875335/; classtype:trojan-activity;sid:84738435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875336)"; flow:established,from_client; content:"GET"; http_method; content:"/f13dc1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875336/; classtype:trojan-activity;sid:84738436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875321)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bitter-handsome-truck.digivmm.katapult.cloud"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875321/; classtype:trojan-activity;sid:84738421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875317)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"static.26.134.83.5.clients.ryzehosting.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875317/; classtype:trojan-activity;sid:84738417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875318)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"152.89.76.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875318/; classtype:trojan-activity;sid:84738418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875319)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bitter-handsome-truck.digivmm.katapult.cloud"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875319/; classtype:trojan-activity;sid:84738419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875320)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"static.26.134.83.5.clients.ryzehosting.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875320/; classtype:trojan-activity;sid:84738420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875312)"; flow:established,from_client; content:"GET"; http_method; content:"/data_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.38.228.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875312/; classtype:trojan-activity;sid:84738412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875313)"; flow:established,from_client; content:"GET"; http_method; content:"/womp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.38.228.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875313/; classtype:trojan-activity;sid:84738413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875314)"; flow:established,from_client; content:"GET"; http_method; content:"/896e0f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875314/; classtype:trojan-activity;sid:84738414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875315)"; flow:established,from_client; content:"GET"; http_method; content:"/34195b"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875315/; classtype:trojan-activity;sid:84738415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875316)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"static.26.134.83.5.clients.ryzehosting.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875316/; classtype:trojan-activity;sid:84738416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875302)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"static.26.134.83.5.clients.ryzehosting.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875302/; classtype:trojan-activity;sid:84738402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875303)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"static.26.134.83.5.clients.ryzehosting.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875303/; classtype:trojan-activity;sid:84738403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875304)"; flow:established,from_client; content:"GET"; http_method; content:"/cn"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"static.26.134.83.5.clients.ryzehosting.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875304/; classtype:trojan-activity;sid:84738404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875305)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"152.89.76.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875305/; classtype:trojan-activity;sid:84738405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875306)"; flow:established,from_client; content:"GET"; http_method; content:"/dca15d"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875306/; classtype:trojan-activity;sid:84738406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875307)"; flow:established,from_client; content:"GET"; http_method; content:"/21bc78"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875307/; classtype:trojan-activity;sid:84738407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875308)"; flow:established,from_client; content:"GET"; http_method; content:"/41bca6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875308/; classtype:trojan-activity;sid:84738408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.141.5.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875309/; classtype:trojan-activity;sid:84738409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875310)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"static.26.134.83.5.clients.ryzehosting.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875310/; classtype:trojan-activity;sid:84738410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875311)"; flow:established,from_client; content:"GET"; http_method; content:"/bf35c6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875311/; classtype:trojan-activity;sid:84738411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875301)"; flow:established,from_client; content:"GET"; http_method; content:"/c8f58f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875301/; classtype:trojan-activity;sid:84738401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875293)"; flow:established,from_client; content:"GET"; http_method; content:"/22cd13"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875293/; classtype:trojan-activity;sid:84738393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875294)"; flow:established,from_client; content:"GET"; http_method; content:"/dbg"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"137.220.242.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875294/; classtype:trojan-activity;sid:84738394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875295)"; flow:established,from_client; content:"GET"; http_method; content:"/b0aac5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875295/; classtype:trojan-activity;sid:84738395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875296)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"137.220.242.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875296/; classtype:trojan-activity;sid:84738396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875297)"; flow:established,from_client; content:"GET"; http_method; content:"/d12973"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875297/; classtype:trojan-activity;sid:84738397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875298)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkx86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"137.220.242.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875298/; classtype:trojan-activity;sid:84738398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875299)"; flow:established,from_client; content:"GET"; http_method; content:"/0ce314"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875299/; classtype:trojan-activity;sid:84738399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875300)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"137.220.242.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875300/; classtype:trojan-activity;sid:84738400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875292)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"137.220.242.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875292/; classtype:trojan-activity;sid:84738392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.255.3.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875291/; classtype:trojan-activity;sid:84738391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875277)"; flow:established,from_client; content:"GET"; http_method; content:"/717f7b"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875277/; classtype:trojan-activity;sid:84738377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875278)"; flow:established,from_client; content:"GET"; http_method; content:"/efb57c"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875278/; classtype:trojan-activity;sid:84738378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875279)"; flow:established,from_client; content:"GET"; http_method; content:"/04858e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875279/; classtype:trojan-activity;sid:84738379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875280)"; flow:established,from_client; content:"GET"; http_method; content:"/63228b"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875280/; classtype:trojan-activity;sid:84738380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875281)"; flow:established,from_client; content:"GET"; http_method; content:"/b195c6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875281/; classtype:trojan-activity;sid:84738381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875282)"; flow:established,from_client; content:"GET"; http_method; content:"/0a8d57"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875282/; classtype:trojan-activity;sid:84738382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875283)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"137.220.242.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875283/; classtype:trojan-activity;sid:84738383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875284)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"137.220.242.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875284/; classtype:trojan-activity;sid:84738384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875285)"; flow:established,from_client; content:"GET"; http_method; content:"/975580"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875285/; classtype:trojan-activity;sid:84738385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875286)"; flow:established,from_client; content:"GET"; http_method; content:"/c0b090"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875286/; classtype:trojan-activity;sid:84738386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875287)"; flow:established,from_client; content:"GET"; http_method; content:"/2e5788"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875287/; classtype:trojan-activity;sid:84738387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875288)"; flow:established,from_client; content:"GET"; http_method; content:"/64782a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875288/; classtype:trojan-activity;sid:84738388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875289)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"137.220.242.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875289/; classtype:trojan-activity;sid:84738389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875290)"; flow:established,from_client; content:"GET"; http_method; content:"/5ec92a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875290/; classtype:trojan-activity;sid:84738390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875252)"; flow:established,from_client; content:"GET"; http_method; content:"/e003f5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875252/; classtype:trojan-activity;sid:84738352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875253)"; flow:established,from_client; content:"GET"; http_method; content:"/f8c015"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875253/; classtype:trojan-activity;sid:84738353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875254)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"137.220.242.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875254/; classtype:trojan-activity;sid:84738354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875255)"; flow:established,from_client; content:"GET"; http_method; content:"/181ff1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875255/; classtype:trojan-activity;sid:84738355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875256)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkarm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"137.220.242.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875256/; classtype:trojan-activity;sid:84738356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875257)"; flow:established,from_client; content:"GET"; http_method; content:"/72883f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875257/; classtype:trojan-activity;sid:84738357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875258)"; flow:established,from_client; content:"GET"; http_method; content:"/nshksh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"137.220.242.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875258/; classtype:trojan-activity;sid:84738358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875259)"; flow:established,from_client; content:"GET"; http_method; content:"/angelaaa.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"137.220.242.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875259/; classtype:trojan-activity;sid:84738359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875260)"; flow:established,from_client; content:"GET"; http_method; content:"/1b784e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875260/; classtype:trojan-activity;sid:84738360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875261)"; flow:established,from_client; content:"GET"; http_method; content:"/7a8e4a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875261/; classtype:trojan-activity;sid:84738361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875262)"; flow:established,from_client; content:"GET"; http_method; content:"/5ac4a1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875262/; classtype:trojan-activity;sid:84738362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875263)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"137.220.242.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875263/; classtype:trojan-activity;sid:84738363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875264)"; flow:established,from_client; content:"GET"; http_method; content:"/7d08d4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875264/; classtype:trojan-activity;sid:84738364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875265)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"137.220.242.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875265/; classtype:trojan-activity;sid:84738365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875266)"; flow:established,from_client; content:"GET"; http_method; content:"/5063ea"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875266/; classtype:trojan-activity;sid:84738366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875267)"; flow:established,from_client; content:"GET"; http_method; content:"/fcf84d"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875267/; classtype:trojan-activity;sid:84738367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875268)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkarm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"137.220.242.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875268/; classtype:trojan-activity;sid:84738368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875269)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"137.220.242.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875269/; classtype:trojan-activity;sid:84738369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875270)"; flow:established,from_client; content:"GET"; http_method; content:"/nshsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"137.220.242.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875270/; classtype:trojan-activity;sid:84738370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875271)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"137.220.242.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875271/; classtype:trojan-activity;sid:84738371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875272)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkmips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"137.220.242.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875272/; classtype:trojan-activity;sid:84738372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875273)"; flow:established,from_client; content:"GET"; http_method; content:"/fb54e5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875273/; classtype:trojan-activity;sid:84738373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875274)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"137.220.242.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875274/; classtype:trojan-activity;sid:84738374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875275)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"137.220.242.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875275/; classtype:trojan-activity;sid:84738375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875276)"; flow:established,from_client; content:"GET"; http_method; content:"/126fa5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875276/; classtype:trojan-activity;sid:84738376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875251)"; flow:established,from_client; content:"GET"; http_method; content:"/services.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"194.48.251.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875251/; classtype:trojan-activity;sid:84738351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875250)"; flow:established,from_client; content:"GET"; http_method; content:"/1746a7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875250/; classtype:trojan-activity;sid:84738350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.135.46.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875249/; classtype:trojan-activity;sid:84738349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875248)"; flow:established,from_client; content:"GET"; http_method; content:"/49.elf"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.89.163.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875248/; classtype:trojan-activity;sid:84738348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875214)"; flow:established,from_client; content:"GET"; http_method; content:"/ml"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"8.217.17.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875214/; classtype:trojan-activity;sid:84738314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.15.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875192/; classtype:trojan-activity;sid:84738292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.150.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875191/; classtype:trojan-activity;sid:84738291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875188)"; flow:established,from_client; content:"GET"; http_method; content:"/skakbar963-arch/arcraiders-fps-booster-2025-2026/raw/refs/heads/main/crymodynia/booster-arc-fp-raiders-3.5.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875188/; classtype:trojan-activity;sid:84738288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875189)"; flow:established,from_client; content:"GET"; http_method; content:"/smailikskywarsp4s/arcraiders-fps-booster-2025-2026/raw/refs/heads/main/booster.rar"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875189/; classtype:trojan-activity;sid:84738289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875190)"; flow:established,from_client; content:"GET"; http_method; content:"/kyle-liu-io1998l8/arcraiders-fps-booster/releases/download/download/setup-v3.1.6.7zeaponsmith.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875190/; classtype:trojan-activity;sid:84738290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875186)"; flow:established,from_client; content:"GET"; http_method; content:"/dutyfree-embroiderystitch433/arcraiderfpsboosterforgithub2026/raw/refs/heads/main/aly/hub_booster_raider_for_git_arc_fps_2.6-alpha.1.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875186/; classtype:trojan-activity;sid:84738286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875187)"; flow:established,from_client; content:"GET"; http_method; content:"/hackersex67.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875187/; classtype:trojan-activity;sid:84738287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875181)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_717ce1f261546251.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875181/; classtype:trojan-activity;sid:84738281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875182)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_f3c6c0ff5a0ca01b.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875182/; classtype:trojan-activity;sid:84738282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875183)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_98de8e9324af4477.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875183/; classtype:trojan-activity;sid:84738283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875184)"; flow:established,from_client; content:"GET"; http_method; content:"/desktop.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"192.3.177.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875184/; classtype:trojan-activity;sid:84738284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875185)"; flow:established,from_client; content:"GET"; http_method; content:"/desktop.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"192.3.177.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875185/; classtype:trojan-activity;sid:84738285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.31.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875180/; classtype:trojan-activity;sid:84738280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.106.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875179/; classtype:trojan-activity;sid:84738279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.31.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875178/; classtype:trojan-activity;sid:84738278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.125.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875177/; classtype:trojan-activity;sid:84738277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.144.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875176/; classtype:trojan-activity;sid:84738276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.29.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875175/; classtype:trojan-activity;sid:84738275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875174)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=6f69e3d4-5a26-4c31-883f-6c835d1eaa89"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"kyard07v.vip1xbet.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875174/; classtype:trojan-activity;sid:84738274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.29.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875173/; classtype:trojan-activity;sid:84738273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.249.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875172/; classtype:trojan-activity;sid:84738272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.77.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875171/; classtype:trojan-activity;sid:84738271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.150.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875170/; classtype:trojan-activity;sid:84738270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.208.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875169/; classtype:trojan-activity;sid:84738269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.189.165.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875168/; classtype:trojan-activity;sid:84738268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.77.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875167/; classtype:trojan-activity;sid:84738267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.126.86.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875166/; classtype:trojan-activity;sid:84738266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.126.86.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875165/; classtype:trojan-activity;sid:84738265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.78.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875164/; classtype:trojan-activity;sid:84738264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875163)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=c0e8fbe7-f1cd-4f79-ba02-2689487decea"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"arop4gtf.jetbt6.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875163/; classtype:trojan-activity;sid:84738263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875160)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875160/; classtype:trojan-activity;sid:84738260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875161)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875161/; classtype:trojan-activity;sid:84738261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875162)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875162/; classtype:trojan-activity;sid:84738262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875158)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875158/; classtype:trojan-activity;sid:84738258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875159)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875159/; classtype:trojan-activity;sid:84738259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875152)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875152/; classtype:trojan-activity;sid:84738252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875153)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875153/; classtype:trojan-activity;sid:84738253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875154)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875154/; classtype:trojan-activity;sid:84738254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875155)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875155/; classtype:trojan-activity;sid:84738255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875156)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875156/; classtype:trojan-activity;sid:84738256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875157)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875157/; classtype:trojan-activity;sid:84738257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875150)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875150/; classtype:trojan-activity;sid:84738250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875151)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875151/; classtype:trojan-activity;sid:84738251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.0.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875149/; classtype:trojan-activity;sid:84738249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.65.164.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875148/; classtype:trojan-activity;sid:84738248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.97.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875147/; classtype:trojan-activity;sid:84738247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.251.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875146/; classtype:trojan-activity;sid:84738246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.65.164.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875145/; classtype:trojan-activity;sid:84738245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.251.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875144/; classtype:trojan-activity;sid:84738244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.194.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875143/; classtype:trojan-activity;sid:84738243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.153.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875142/; classtype:trojan-activity;sid:84738242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.16.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875141/; classtype:trojan-activity;sid:84738241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.201.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875140/; classtype:trojan-activity;sid:84738240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.223.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875139/; classtype:trojan-activity;sid:84738239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.153.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875138/; classtype:trojan-activity;sid:84738238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.226.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875137/; classtype:trojan-activity;sid:84738237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.245.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875136/; classtype:trojan-activity;sid:84738236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.57.50.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875135/; classtype:trojan-activity;sid:84738235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.58.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875134/; classtype:trojan-activity;sid:84738234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.133.101.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875133/; classtype:trojan-activity;sid:84738233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.64.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875132/; classtype:trojan-activity;sid:84738232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.57.50.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875131/; classtype:trojan-activity;sid:84738231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.93.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875130/; classtype:trojan-activity;sid:84738230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.133.101.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875129/; classtype:trojan-activity;sid:84738229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875128)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b9d355f5-d822-4e31-a6ec-1e4d7b780b31"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"mszlnqlm.jetbet1.live"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875128/; classtype:trojan-activity;sid:84738228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.226.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875127/; classtype:trojan-activity;sid:84738227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.109.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875126/; classtype:trojan-activity;sid:84738226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.221.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875125/; classtype:trojan-activity;sid:84738225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.187.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875124/; classtype:trojan-activity;sid:84738224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.223.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875122/; classtype:trojan-activity;sid:84738222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.187.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875123/; classtype:trojan-activity;sid:84738223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.4.166"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875121/; classtype:trojan-activity;sid:84738221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.105.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875120/; classtype:trojan-activity;sid:84738220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875119)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=e4eb4459-9f9d-4323-86ba-acd71796216f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"vzhtsv4n.1x303.casino"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875119/; classtype:trojan-activity;sid:84738219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.29.46.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875118/; classtype:trojan-activity;sid:84738218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.105.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875117/; classtype:trojan-activity;sid:84738217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875116)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/jeiioql.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875116/; classtype:trojan-activity;sid:84738216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875115)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b7adadd3-bf63-4a27-a9d5-e1294e8d8cc7"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"p0d2virz.blackjacktipsnnt.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875115/; classtype:trojan-activity;sid:84738215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.183.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875114/; classtype:trojan-activity;sid:84738214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875113)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=370112d6-38db-4738-a39a-6e6f52d505db"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"e1fi2yi1.vip1x.bet"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875113/; classtype:trojan-activity;sid:84738213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.147.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875112/; classtype:trojan-activity;sid:84738212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.1.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875111/; classtype:trojan-activity;sid:84738211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.114.229.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875110/; classtype:trojan-activity;sid:84738210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.183.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875109/; classtype:trojan-activity;sid:84738209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.1.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875108/; classtype:trojan-activity;sid:84738208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.2.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875107/; classtype:trojan-activity;sid:84738207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.15.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875106/; classtype:trojan-activity;sid:84738206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.91.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875105/; classtype:trojan-activity;sid:84738205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.26.49.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875104/; classtype:trojan-activity;sid:84738204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.45.95.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875103/; classtype:trojan-activity;sid:84738203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.15.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875102/; classtype:trojan-activity;sid:84738202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.144.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875101/; classtype:trojan-activity;sid:84738201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.236.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875100/; classtype:trojan-activity;sid:84738200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/ipmiv2.xml"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875099/; classtype:trojan-activity;sid:84738199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.138.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875098/; classtype:trojan-activity;sid:84738198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875097/; classtype:trojan-activity;sid:84738197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875096/; classtype:trojan-activity;sid:84738196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.236.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875095/; classtype:trojan-activity;sid:84738195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.57.56.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875094/; classtype:trojan-activity;sid:84738194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.187.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875093/; classtype:trojan-activity;sid:84738193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.102.35.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875092/; classtype:trojan-activity;sid:84738192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875091)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=58592673-e4de-4377-9c8b-23149cf22a4a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bpyos3va.blackjack-x.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875091/; classtype:trojan-activity;sid:84738191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.187.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875090/; classtype:trojan-activity;sid:84738190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.57.56.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875089/; classtype:trojan-activity;sid:84738189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.223.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875088/; classtype:trojan-activity;sid:84738188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.127.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875087/; classtype:trojan-activity;sid:84738187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.112.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875086/; classtype:trojan-activity;sid:84738186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.197.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875085/; classtype:trojan-activity;sid:84738185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.197.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875084/; classtype:trojan-activity;sid:84738184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.127.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875083/; classtype:trojan-activity;sid:84738183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.205.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875082/; classtype:trojan-activity;sid:84738182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.216.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875080/; classtype:trojan-activity;sid:84738180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.225.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875081/; classtype:trojan-activity;sid:84738181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.141.129.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875079/; classtype:trojan-activity;sid:84738179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.19.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875078/; classtype:trojan-activity;sid:84738178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.48.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875076/; classtype:trojan-activity;sid:84738176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.97.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875077/; classtype:trojan-activity;sid:84738177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.201.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875075/; classtype:trojan-activity;sid:84738175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.19.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875074/; classtype:trojan-activity;sid:84738174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.225.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875073/; classtype:trojan-activity;sid:84738173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875070)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.79.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875070/; classtype:trojan-activity;sid:84738170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875071)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.121.79.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875071/; classtype:trojan-activity;sid:84738171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875072)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.79.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875072/; classtype:trojan-activity;sid:84738172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.141.129.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875069/; classtype:trojan-activity;sid:84738169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875068)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/ivrqvfp.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875068/; classtype:trojan-activity;sid:84738168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.201.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875067/; classtype:trojan-activity;sid:84738167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.148.240.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875066/; classtype:trojan-activity;sid:84738166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.249.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875065/; classtype:trojan-activity;sid:84738165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.148.240.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875064/; classtype:trojan-activity;sid:84738164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875063)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_cc1c1aabd55380d4.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875063/; classtype:trojan-activity;sid:84738163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.48.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875062/; classtype:trojan-activity;sid:84738162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875061)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/ivrqvfp.ps1"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875061/; classtype:trojan-activity;sid:84738161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875060)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/gyoeoud.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875060/; classtype:trojan-activity;sid:84738160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875059)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d8b4f87c-aa48-4fdd-a215-ea08f68ed6fe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"69xb4m1d.betmajic.cc"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875059/; classtype:trojan-activity;sid:84738159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875058)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=55ce4ecc-431f-4b5c-9237-45709215d541"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"8ra83hil.blackjackonlineplay83.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875058/; classtype:trojan-activity;sid:84738158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.176.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875057/; classtype:trojan-activity;sid:84738157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.176.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875056/; classtype:trojan-activity;sid:84738156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.82.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875055/; classtype:trojan-activity;sid:84738155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.253.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875054/; classtype:trojan-activity;sid:84738154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875053)"; flow:established,from_client; content:"GET"; http_method; content:"/nova.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meow.otval.cfd"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875053/; classtype:trojan-activity;sid:84738153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.23.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875052/; classtype:trojan-activity;sid:84738152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875051)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=3853f05d-c7f1-475b-a0e8-d8c72a0d9441"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"s7w5r3s2.onebet1x.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875051/; classtype:trojan-activity;sid:84738151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875050)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"155.138.195.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875050/; classtype:trojan-activity;sid:84738150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.253.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875049/; classtype:trojan-activity;sid:84738149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.23.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875048/; classtype:trojan-activity;sid:84738148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.73.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875046/; classtype:trojan-activity;sid:84738146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.95.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875047/; classtype:trojan-activity;sid:84738147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875045/; classtype:trojan-activity;sid:84738145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.28.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875044/; classtype:trojan-activity;sid:84738144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.38.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875043/; classtype:trojan-activity;sid:84738143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.144.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875042/; classtype:trojan-activity;sid:84738142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.145.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875041/; classtype:trojan-activity;sid:84738141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.93.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875040/; classtype:trojan-activity;sid:84738140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.38.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875039/; classtype:trojan-activity;sid:84738139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.86.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875038/; classtype:trojan-activity;sid:84738138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.199.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875037/; classtype:trojan-activity;sid:84738137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875036)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=ec391420-b068-4315-a1de-5093fb9483b3"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"mx8cw0rw.engelabeslami.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875036/; classtype:trojan-activity;sid:84738136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.37.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875035/; classtype:trojan-activity;sid:84738135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.107.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875034/; classtype:trojan-activity;sid:84738134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.174.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875033/; classtype:trojan-activity;sid:84738133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.241.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875032/; classtype:trojan-activity;sid:84738132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.248.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875031/; classtype:trojan-activity;sid:84738131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.4.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875030/; classtype:trojan-activity;sid:84738130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.174.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875029/; classtype:trojan-activity;sid:84738129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"155.138.206.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875028/; classtype:trojan-activity;sid:84738128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"155.138.206.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875027/; classtype:trojan-activity;sid:84738127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875025)"; flow:established,from_client; content:"GET"; http_method; content:"/q24i"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875025/; classtype:trojan-activity;sid:84738125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875026)"; flow:established,from_client; content:"GET"; http_method; content:"/jto"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875026/; classtype:trojan-activity;sid:84738126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"155.138.223.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875023/; classtype:trojan-activity;sid:84738123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"155.138.220.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875024/; classtype:trojan-activity;sid:84738124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.61.157.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875021/; classtype:trojan-activity;sid:84738121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.61.135.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875022/; classtype:trojan-activity;sid:84738122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.61.157.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875020/; classtype:trojan-activity;sid:84738120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.61.135.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875018/; classtype:trojan-activity;sid:84738118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.61.157.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875019/; classtype:trojan-activity;sid:84738119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.214.149.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875017/; classtype:trojan-activity;sid:84738117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"216.126.237.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875016/; classtype:trojan-activity;sid:84738116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"216.126.237.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875015/; classtype:trojan-activity;sid:84738115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.82.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875014/; classtype:trojan-activity;sid:84738114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"216.126.227.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875013/; classtype:trojan-activity;sid:84738113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"216.126.227.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875012/; classtype:trojan-activity;sid:84738112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.201.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875011/; classtype:trojan-activity;sid:84738111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.4.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875010/; classtype:trojan-activity;sid:84738110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.33.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875009/; classtype:trojan-activity;sid:84738109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.150.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875008/; classtype:trojan-activity;sid:84738108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.214.149.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875007/; classtype:trojan-activity;sid:84738107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.33.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875006/; classtype:trojan-activity;sid:84738106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.71.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875005/; classtype:trojan-activity;sid:84738105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875002)"; flow:established,from_client; content:"GET"; http_method; content:"/ertb"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875002/; classtype:trojan-activity;sid:84738102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875003)"; flow:established,from_client; content:"GET"; http_method; content:"/jkl"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875003/; classtype:trojan-activity;sid:84738103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875004)"; flow:established,from_client; content:"GET"; http_method; content:"/pfdy"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875004/; classtype:trojan-activity;sid:84738104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.71.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875001/; classtype:trojan-activity;sid:84738101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"216.126.227.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875000/; classtype:trojan-activity;sid:84738100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874999)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=76a085a2-bb73-40f7-ab15-c6477d426c3b"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"haqoakt0.elmolnafs.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874999/; classtype:trojan-activity;sid:84738099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"172.86.126.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874998/; classtype:trojan-activity;sid:84738098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"172.86.126.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874997/; classtype:trojan-activity;sid:84738097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.15.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874996/; classtype:trojan-activity;sid:84738096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.15.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874995/; classtype:trojan-activity;sid:84738095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.120.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874994/; classtype:trojan-activity;sid:84738094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.120.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874993/; classtype:trojan-activity;sid:84738093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.85.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874992/; classtype:trojan-activity;sid:84738092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"172.86.126.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874991/; classtype:trojan-activity;sid:84738091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"172.86.126.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874990/; classtype:trojan-activity;sid:84738090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874989)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=adb1975c-0f72-4c15-bfe6-bdd05374dfc9"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ygl9tk3l.ekhtelalattabrizi.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874989/; classtype:trojan-activity;sid:84738089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"172.86.117.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874988/; classtype:trojan-activity;sid:84738088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"172.86.117.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874987/; classtype:trojan-activity;sid:84738087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.25.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874986/; classtype:trojan-activity;sid:84738086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.125.230.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874985/; classtype:trojan-activity;sid:84738085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.85.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874984/; classtype:trojan-activity;sid:84738084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.91.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874983/; classtype:trojan-activity;sid:84738083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.29.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874982/; classtype:trojan-activity;sid:84738082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"167.88.166.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874981/; classtype:trojan-activity;sid:84738081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874979)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"police2306work.vercel.app"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874979/; classtype:trojan-activity;sid:84738079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.88.166.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874980/; classtype:trojan-activity;sid:84738080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874977)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.92.40.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874977/; classtype:trojan-activity;sid:84738077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874978)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"policecontrol.vercel.app"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874978/; classtype:trojan-activity;sid:84738078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874976)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_4ffaffade03d1c5e.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874976/; classtype:trojan-activity;sid:84738076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874974)"; flow:established,from_client; content:"GET"; http_method; content:"/gms_update.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.142.28.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874974/; classtype:trojan-activity;sid:84738074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874975)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"192.142.28.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874975/; classtype:trojan-activity;sid:84738075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874970)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.m68k"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"192.142.28.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874970/; classtype:trojan-activity;sid:84738070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874971)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.arc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"192.142.28.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874971/; classtype:trojan-activity;sid:84738071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874972)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.sh4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"192.142.28.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874972/; classtype:trojan-activity;sid:84738072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874973)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.arm"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"192.142.28.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874973/; classtype:trojan-activity;sid:84738073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874967)"; flow:established,from_client; content:"GET"; http_method; content:"/wl.xml"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.142.28.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874967/; classtype:trojan-activity;sid:84738067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874968)"; flow:established,from_client; content:"GET"; http_method; content:"/routereater"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"192.142.28.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874968/; classtype:trojan-activity;sid:84738068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874969)"; flow:established,from_client; content:"GET"; http_method; content:"/poc.xml"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"192.142.28.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874969/; classtype:trojan-activity;sid:84738069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874966)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"192.142.28.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874966/; classtype:trojan-activity;sid:84738066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874962)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"192.142.28.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874962/; classtype:trojan-activity;sid:84738062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874963)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"192.142.28.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874963/; classtype:trojan-activity;sid:84738063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874964)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"192.142.28.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874964/; classtype:trojan-activity;sid:84738064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874965)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"192.142.28.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874965/; classtype:trojan-activity;sid:84738065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.25.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874961/; classtype:trojan-activity;sid:84738061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.91.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874960/; classtype:trojan-activity;sid:84738060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874959)"; flow:established,from_client; content:"GET"; http_method; content:"/temp.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.107.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874959/; classtype:trojan-activity;sid:84738059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.29.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874958/; classtype:trojan-activity;sid:84738058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.111.130.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874957/; classtype:trojan-activity;sid:84738057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.244.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874956/; classtype:trojan-activity;sid:84738056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.198.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874955/; classtype:trojan-activity;sid:84738055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.85.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874954/; classtype:trojan-activity;sid:84738054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"167.88.166.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874953/; classtype:trojan-activity;sid:84738053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.88.166.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874952/; classtype:trojan-activity;sid:84738052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.244.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874951/; classtype:trojan-activity;sid:84738051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874950)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=1cad5ed2-bbff-4ad1-9f7d-ea9082c2d041"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dlsak5pv.megapariwin.bet"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874950/; classtype:trojan-activity;sid:84738050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874949)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=452f58ff-1213-4de7-a9f7-206d03e36b66"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"2k7d5hmd.one1xbet.win"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874949/; classtype:trojan-activity;sid:84738049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.94.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874948/; classtype:trojan-activity;sid:84738048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.253.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874947/; classtype:trojan-activity;sid:84738047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.116.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874946/; classtype:trojan-activity;sid:84738046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874943)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"191.96.94.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874943/; classtype:trojan-activity;sid:84738043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874944)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"191.96.94.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874944/; classtype:trojan-activity;sid:84738044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874945)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"191.96.94.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874945/; classtype:trojan-activity;sid:84738045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"167.88.166.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874942/; classtype:trojan-activity;sid:84738042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.88.166.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874941/; classtype:trojan-activity;sid:84738041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874939)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"191.96.94.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874939/; classtype:trojan-activity;sid:84738039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874940)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"191.96.94.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874940/; classtype:trojan-activity;sid:84738040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.85.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874938/; classtype:trojan-activity;sid:84738038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.210.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874937/; classtype:trojan-activity;sid:84738037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"153.75.83.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874936/; classtype:trojan-activity;sid:84738036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"153.75.83.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874935/; classtype:trojan-activity;sid:84738035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.210.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874934/; classtype:trojan-activity;sid:84738034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"144.172.99.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874933/; classtype:trojan-activity;sid:84738033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"144.172.99.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874932/; classtype:trojan-activity;sid:84738032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.237.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874931/; classtype:trojan-activity;sid:84738031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.117.148.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874930/; classtype:trojan-activity;sid:84738030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.8.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874929/; classtype:trojan-activity;sid:84738029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.116.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874928/; classtype:trojan-activity;sid:84738028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.129.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874927/; classtype:trojan-activity;sid:84738027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.237.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874926/; classtype:trojan-activity;sid:84738026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.70.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874925/; classtype:trojan-activity;sid:84738025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.29.46.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874924/; classtype:trojan-activity;sid:84738024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.129.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874923/; classtype:trojan-activity;sid:84738023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.8.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874922/; classtype:trojan-activity;sid:84738022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.93.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874921/; classtype:trojan-activity;sid:84738021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"144.172.99.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874920/; classtype:trojan-activity;sid:84738020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"144.172.99.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874919/; classtype:trojan-activity;sid:84738019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"144.172.98.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874918/; classtype:trojan-activity;sid:84738018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"144.172.98.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874917/; classtype:trojan-activity;sid:84738017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.70.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874916/; classtype:trojan-activity;sid:84738016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"144.172.94.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874914/; classtype:trojan-activity;sid:84738014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"144.172.96.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874915/; classtype:trojan-activity;sid:84738015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"144.172.96.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874912/; classtype:trojan-activity;sid:84738012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"144.172.94.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874913/; classtype:trojan-activity;sid:84738013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"144.172.84.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874911/; classtype:trojan-activity;sid:84738011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.71.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874910/; classtype:trojan-activity;sid:84738010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"144.172.84.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874909/; classtype:trojan-activity;sid:84738009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.35.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874906/; classtype:trojan-activity;sid:84738006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.170.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874907/; classtype:trojan-activity;sid:84738007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.29.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874908/; classtype:trojan-activity;sid:84738008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"144.172.117.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874905/; classtype:trojan-activity;sid:84738005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"144.172.117.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874904/; classtype:trojan-activity;sid:84738004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"144.172.116.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874902/; classtype:trojan-activity;sid:84738002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"144.172.116.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874903/; classtype:trojan-activity;sid:84738003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"144.172.115.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874901/; classtype:trojan-activity;sid:84738001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"144.172.115.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874900/; classtype:trojan-activity;sid:84738000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"144.172.114.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874899/; classtype:trojan-activity;sid:84737999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"144.172.114.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874898/; classtype:trojan-activity;sid:84737998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"144.172.110.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874897/; classtype:trojan-activity;sid:84737997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"144.172.110.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874896/; classtype:trojan-activity;sid:84737996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.170.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874895/; classtype:trojan-activity;sid:84737995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874894)"; flow:established,from_client; content:"GET"; http_method; content:"/pondescalator/nlp-quickbook-classification/releases/download/release/nlp_quickbook.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874894/; classtype:trojan-activity;sid:84737994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"144.172.109.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874893/; classtype:trojan-activity;sid:84737993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874892)"; flow:established,from_client; content:"GET"; http_method; content:"/chainbarberbear/roblox-client-tracker-versions/releases/download/release/roblox-client-tracker.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874892/; classtype:trojan-activity;sid:84737992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"144.172.109.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874891/; classtype:trojan-activity;sid:84737991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874890)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy2_pjewzxwjc50ycpab.php|3f|name=billing_statement_kredivo_jatuh_tempo.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"hostinghosting3.site"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874890/; classtype:trojan-activity;sid:84737990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"144.172.105.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874888/; classtype:trojan-activity;sid:84737988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"144.172.105.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874889/; classtype:trojan-activity;sid:84737989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"144.172.103.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874887/; classtype:trojan-activity;sid:84737987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874886)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=3e039423-8997-458a-8b17-e7f46a695833"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"l2ekym1s.megaparivip.vip"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874886/; classtype:trojan-activity;sid:84737986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.253.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874885/; classtype:trojan-activity;sid:84737985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.89.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874884/; classtype:trojan-activity;sid:84737984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.79.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874883/; classtype:trojan-activity;sid:84737983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.208.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874882/; classtype:trojan-activity;sid:84737982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.69.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874881/; classtype:trojan-activity;sid:84737981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874880)"; flow:established,from_client; content:"GET"; http_method; content:"/runtimebroker.msi"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"4.216.93.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874880/; classtype:trojan-activity;sid:84737980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.253.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874879/; classtype:trojan-activity;sid:84737979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.122.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874878/; classtype:trojan-activity;sid:84737978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.245.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874877/; classtype:trojan-activity;sid:84737977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"144.172.103.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874876/; classtype:trojan-activity;sid:84737976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"144.172.103.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874875/; classtype:trojan-activity;sid:84737975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874874)"; flow:established,from_client; content:"GET"; http_method; content:"/4444/16020572.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"27.124.40.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874874/; classtype:trojan-activity;sid:84737974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874872)"; flow:established,from_client; content:"GET"; http_method; content:"/444/chart.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"27.124.40.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874872/; classtype:trojan-activity;sid:84737972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874873)"; flow:established,from_client; content:"GET"; http_method; content:"/4444/chart.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"27.124.40.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874873/; classtype:trojan-activity;sid:84737973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"149.28.42.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874871/; classtype:trojan-activity;sid:84737971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.94.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874870/; classtype:trojan-activity;sid:84737970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.184.170.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874869/; classtype:trojan-activity;sid:84737969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.35.78.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874868/; classtype:trojan-activity;sid:84737968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.96.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874867/; classtype:trojan-activity;sid:84737967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.36.61.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874866/; classtype:trojan-activity;sid:84737966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.141.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874865/; classtype:trojan-activity;sid:84737965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"157.211.178.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874863/; classtype:trojan-activity;sid:84737963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.184.170.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874864/; classtype:trojan-activity;sid:84737964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874862)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=c3a07065-8e54-4976-92dd-0d1f14b3e07d"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"2b4zfudu.ekhtelalat.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874862/; classtype:trojan-activity;sid:84737962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.14.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874861/; classtype:trojan-activity;sid:84737961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.146.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874860/; classtype:trojan-activity;sid:84737960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.223.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874859/; classtype:trojan-activity;sid:84737959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.35.78.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874858/; classtype:trojan-activity;sid:84737958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.16.164.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874857/; classtype:trojan-activity;sid:84737957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874856)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=e9aae35f-7518-4b0c-b360-50a20b91c243"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"qze3e7uq.megaparivip.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874856/; classtype:trojan-activity;sid:84737956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.169.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874855/; classtype:trojan-activity;sid:84737955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.146.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874854/; classtype:trojan-activity;sid:84737954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.122.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874853/; classtype:trojan-activity;sid:84737953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.123.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874852/; classtype:trojan-activity;sid:84737952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.114.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874851/; classtype:trojan-activity;sid:84737951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874850)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"verification-claude-cdn.beer"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874850/; classtype:trojan-activity;sid:84737950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874848)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"code.verification-claude-cdn.beer"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874848/; classtype:trojan-activity;sid:84737948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874849)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"codecerification.beer"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874849/; classtype:trojan-activity;sid:84737949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874844)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"idverification-code.beer"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874844/; classtype:trojan-activity;sid:84737944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874845)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"cdn-2faclov.sbs"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874845/; classtype:trojan-activity;sid:84737945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874846)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"claudverification-id.beer"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874846/; classtype:trojan-activity;sid:84737946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874847)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"ethercdnns.beer"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874847/; classtype:trojan-activity;sid:84737947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874843)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"verification-code-js.beer"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874843/; classtype:trojan-activity;sid:84737943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874842)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"claudesave.beer"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874842/; classtype:trojan-activity;sid:84737942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874840)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"framesavecloudjs.beer"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874840/; classtype:trojan-activity;sid:84737940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874841)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_62b5e41d6225f9e5.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874841/; classtype:trojan-activity;sid:84737941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.234.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874839/; classtype:trojan-activity;sid:84737939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.234.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874838/; classtype:trojan-activity;sid:84737938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.74.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874837/; classtype:trojan-activity;sid:84737937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.169.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874836/; classtype:trojan-activity;sid:84737936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.196.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874835/; classtype:trojan-activity;sid:84737935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.123.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874834/; classtype:trojan-activity;sid:84737934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.74.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874833/; classtype:trojan-activity;sid:84737933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.196.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874832/; classtype:trojan-activity;sid:84737932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874831)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=75ae8a0c-7e51-4f2a-8c55-a6490d9b08a9"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"az6trzrx.one1xbet.vip"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874831/; classtype:trojan-activity;sid:84737931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.198.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874830/; classtype:trojan-activity;sid:84737930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.36.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874829/; classtype:trojan-activity;sid:84737929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"149.71.39.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874828/; classtype:trojan-activity;sid:84737928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.36.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874827/; classtype:trojan-activity;sid:84737927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.233.94.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874826/; classtype:trojan-activity;sid:84737926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.19.49.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874825/; classtype:trojan-activity;sid:84737925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.88.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874824/; classtype:trojan-activity;sid:84737924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874823)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=2ec2b287-b544-43d5-bb1c-5546e07d4fe0"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ordiljgt.entegaljerm.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874823/; classtype:trojan-activity;sid:84737923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.53.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874822/; classtype:trojan-activity;sid:84737922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.11.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874821/; classtype:trojan-activity;sid:84737921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.44.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874820/; classtype:trojan-activity;sid:84737920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.44.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874819/; classtype:trojan-activity;sid:84737919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874817)"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/stego_payload.png"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"mamigummy.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874817/; classtype:trojan-activity;sid:84737917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874818)"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/usgh.png"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"mamigummy.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874818/; classtype:trojan-activity;sid:84737918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874816)"; flow:established,from_client; content:"GET"; http_method; content:"/bhtg.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"chayadip.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874816/; classtype:trojan-activity;sid:84737916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874815)"; flow:established,from_client; content:"GET"; http_method; content:"/logs/pdf.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"tecmon.hr"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874815/; classtype:trojan-activity;sid:84737915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874812)"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/catpidbd.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mamigummy.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874812/; classtype:trojan-activity;sid:84737912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874813)"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/6r5df.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mamigummy.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874813/; classtype:trojan-activity;sid:84737913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874814)"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/fggfu.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mamigummy.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874814/; classtype:trojan-activity;sid:84737914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874805)"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/stego_payload%20(3).png"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"mamigummy.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874805/; classtype:trojan-activity;sid:84737905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874806)"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/stego_payload%20(31).png"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mamigummy.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874806/; classtype:trojan-activity;sid:84737906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874807)"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/spmid.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mamigummy.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874807/; classtype:trojan-activity;sid:84737907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874808)"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/htfd.png"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"mamigummy.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874808/; classtype:trojan-activity;sid:84737908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874809)"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/gdfytdy.png"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mamigummy.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874809/; classtype:trojan-activity;sid:84737909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874810)"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/stego_payload%20(6).png"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"mamigummy.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874810/; classtype:trojan-activity;sid:84737910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874811)"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/shshs.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mamigummy.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874811/; classtype:trojan-activity;sid:84737911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874804)"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/sgdh.png"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"mamigummy.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874804/; classtype:trojan-activity;sid:84737904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874802)"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/stego_payload%20(9).png"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"mamigummy.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874802/; classtype:trojan-activity;sid:84737902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874803)"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/erffh.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mamigummy.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874803/; classtype:trojan-activity;sid:84737903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.19.49.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874801/; classtype:trojan-activity;sid:84737901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874800)"; flow:established,from_client; content:"GET"; http_method; content:"/xmdlhntj/stub.ps1"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"day023.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874800/; classtype:trojan-activity;sid:84737900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874798)"; flow:established,from_client; content:"GET"; http_method; content:"/bb7e19"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874798/; classtype:trojan-activity;sid:84737898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874799)"; flow:established,from_client; content:"GET"; http_method; content:"/djc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874799/; classtype:trojan-activity;sid:84737899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874787)"; flow:established,from_client; content:"GET"; http_method; content:"/f8518e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874787/; classtype:trojan-activity;sid:84737887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874788)"; flow:established,from_client; content:"GET"; http_method; content:"/95c879"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874788/; classtype:trojan-activity;sid:84737888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874789)"; flow:established,from_client; content:"GET"; http_method; content:"/cac388"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874789/; classtype:trojan-activity;sid:84737889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874790)"; flow:established,from_client; content:"GET"; http_method; content:"/dcd1bd"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874790/; classtype:trojan-activity;sid:84737890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874791)"; flow:established,from_client; content:"GET"; http_method; content:"/85b314"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874791/; classtype:trojan-activity;sid:84737891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874792)"; flow:established,from_client; content:"GET"; http_method; content:"/a09a82"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874792/; classtype:trojan-activity;sid:84737892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874793)"; flow:established,from_client; content:"GET"; http_method; content:"/52d828"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874793/; classtype:trojan-activity;sid:84737893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874794)"; flow:established,from_client; content:"GET"; http_method; content:"/25ad59"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874794/; classtype:trojan-activity;sid:84737894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874795)"; flow:established,from_client; content:"GET"; http_method; content:"/ab5a00"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874795/; classtype:trojan-activity;sid:84737895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874796)"; flow:established,from_client; content:"GET"; http_method; content:"/e5a1f7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874796/; classtype:trojan-activity;sid:84737896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874797)"; flow:established,from_client; content:"GET"; http_method; content:"/5eab74"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874797/; classtype:trojan-activity;sid:84737897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874786)"; flow:established,from_client; content:"GET"; http_method; content:"/3a9685"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874786/; classtype:trojan-activity;sid:84737886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874779)"; flow:established,from_client; content:"GET"; http_method; content:"/b6077f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874779/; classtype:trojan-activity;sid:84737879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874780)"; flow:established,from_client; content:"GET"; http_method; content:"/76f105"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874780/; classtype:trojan-activity;sid:84737880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874781)"; flow:established,from_client; content:"GET"; http_method; content:"/xju"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874781/; classtype:trojan-activity;sid:84737881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874782)"; flow:established,from_client; content:"GET"; http_method; content:"/kao"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874782/; classtype:trojan-activity;sid:84737882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874783)"; flow:established,from_client; content:"GET"; http_method; content:"/7se"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874783/; classtype:trojan-activity;sid:84737883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874784)"; flow:established,from_client; content:"GET"; http_method; content:"/ml97"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874784/; classtype:trojan-activity;sid:84737884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874785)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874785/; classtype:trojan-activity;sid:84737885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874746)"; flow:established,from_client; content:"GET"; http_method; content:"/53718b"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874746/; classtype:trojan-activity;sid:84737846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874747)"; flow:established,from_client; content:"GET"; http_method; content:"/8b48e3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874747/; classtype:trojan-activity;sid:84737847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874748)"; flow:established,from_client; content:"GET"; http_method; content:"/259653"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874748/; classtype:trojan-activity;sid:84737848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874749)"; flow:established,from_client; content:"GET"; http_method; content:"/f9935e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874749/; classtype:trojan-activity;sid:84737849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874750)"; flow:established,from_client; content:"GET"; http_method; content:"/3a410b"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874750/; classtype:trojan-activity;sid:84737850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874751)"; flow:established,from_client; content:"GET"; http_method; content:"/213b67"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874751/; classtype:trojan-activity;sid:84737851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874752)"; flow:established,from_client; content:"GET"; http_method; content:"/d34e03"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874752/; classtype:trojan-activity;sid:84737852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874753)"; flow:established,from_client; content:"GET"; http_method; content:"/e1e6c9"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874753/; classtype:trojan-activity;sid:84737853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874754)"; flow:established,from_client; content:"GET"; http_method; content:"/b1b7f2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874754/; classtype:trojan-activity;sid:84737854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874755)"; flow:established,from_client; content:"GET"; http_method; content:"/028f6a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874755/; classtype:trojan-activity;sid:84737855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874756)"; flow:established,from_client; content:"GET"; http_method; content:"/37bdbc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874756/; classtype:trojan-activity;sid:84737856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874757)"; flow:established,from_client; content:"GET"; http_method; content:"/1453be"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874757/; classtype:trojan-activity;sid:84737857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874758)"; flow:established,from_client; content:"GET"; http_method; content:"/fa906b"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874758/; classtype:trojan-activity;sid:84737858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874759)"; flow:established,from_client; content:"GET"; http_method; content:"/21ab20"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874759/; classtype:trojan-activity;sid:84737859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874760)"; flow:established,from_client; content:"GET"; http_method; content:"/082fe9"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874760/; classtype:trojan-activity;sid:84737860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874761)"; flow:established,from_client; content:"GET"; http_method; content:"/ee85c3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874761/; classtype:trojan-activity;sid:84737861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874762)"; flow:established,from_client; content:"GET"; http_method; content:"/0d92bc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874762/; classtype:trojan-activity;sid:84737862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874763)"; flow:established,from_client; content:"GET"; http_method; content:"/4e4048"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874763/; classtype:trojan-activity;sid:84737863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874764)"; flow:established,from_client; content:"GET"; http_method; content:"/3dfa29"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874764/; classtype:trojan-activity;sid:84737864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874765)"; flow:established,from_client; content:"GET"; http_method; content:"/3127f9"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874765/; classtype:trojan-activity;sid:84737865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874766)"; flow:established,from_client; content:"GET"; http_method; content:"/d61626"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874766/; classtype:trojan-activity;sid:84737866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874767)"; flow:established,from_client; content:"GET"; http_method; content:"/a283cc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874767/; classtype:trojan-activity;sid:84737867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874768)"; flow:established,from_client; content:"GET"; http_method; content:"/1821a1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874768/; classtype:trojan-activity;sid:84737868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874769)"; flow:established,from_client; content:"GET"; http_method; content:"/2e28fb"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874769/; classtype:trojan-activity;sid:84737869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874770)"; flow:established,from_client; content:"GET"; http_method; content:"/15ce08"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874770/; classtype:trojan-activity;sid:84737870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874771)"; flow:established,from_client; content:"GET"; http_method; content:"/4a013d"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874771/; classtype:trojan-activity;sid:84737871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874772)"; flow:established,from_client; content:"GET"; http_method; content:"/c482f7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874772/; classtype:trojan-activity;sid:84737872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874773)"; flow:established,from_client; content:"GET"; http_method; content:"/ff6b53"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874773/; classtype:trojan-activity;sid:84737873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874774)"; flow:established,from_client; content:"GET"; http_method; content:"/b83c61"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874774/; classtype:trojan-activity;sid:84737874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874775)"; flow:established,from_client; content:"GET"; http_method; content:"/50b182"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874775/; classtype:trojan-activity;sid:84737875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874776)"; flow:established,from_client; content:"GET"; http_method; content:"/3b48c1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874776/; classtype:trojan-activity;sid:84737876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874777)"; flow:established,from_client; content:"GET"; http_method; content:"/7ceda2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874777/; classtype:trojan-activity;sid:84737877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874778)"; flow:established,from_client; content:"GET"; http_method; content:"/7634e8"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874778/; classtype:trojan-activity;sid:84737878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.208.112.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874745/; classtype:trojan-activity;sid:84737845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.149.107.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874744/; classtype:trojan-activity;sid:84737844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.11.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874743/; classtype:trojan-activity;sid:84737843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874742)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/img_130809.png"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"techosazteca.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874742/; classtype:trojan-activity;sid:84737842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874739)"; flow:established,from_client; content:"GET"; http_method; content:"/yyhgl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874739/; classtype:trojan-activity;sid:84737839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874740)"; flow:established,from_client; content:"GET"; http_method; content:"/ftm0-40po-ao28-g98e/img_qiql6d.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"blue-paper-f69f.acrypters.workers.dev"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874740/; classtype:trojan-activity;sid:84737840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874741)"; flow:established,from_client; content:"GET"; http_method; content:"/ftm0-40po-ao28-g98e/img_d3tsz1.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"blue-paper-f69f.acrypters.workers.dev"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874741/; classtype:trojan-activity;sid:84737841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874738)"; flow:established,from_client; content:"GET"; http_method; content:"/1.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"kzaa.co.za"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874738/; classtype:trojan-activity;sid:84737838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.71.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874737/; classtype:trojan-activity;sid:84737837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874736)"; flow:established,from_client; content:"GET"; http_method; content:"/dgof.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pub-1900be17f2994b5580d602f23eb7fb93.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874736/; classtype:trojan-activity;sid:84737836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874735)"; flow:established,from_client; content:"GET"; http_method; content:"/uifin"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874735/; classtype:trojan-activity;sid:84737835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874733)"; flow:established,from_client; content:"GET"; http_method; content:"/mbgex.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pub-3eb258fc94fd47cd88d3b4950dd66492.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874733/; classtype:trojan-activity;sid:84737833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874734)"; flow:established,from_client; content:"GET"; http_method; content:"/wexokcyu.png"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pub-6f0dab4f7243480ba98591e4c6e339f9.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874734/; classtype:trojan-activity;sid:84737834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.71.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874732/; classtype:trojan-activity;sid:84737832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.230.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874731/; classtype:trojan-activity;sid:84737831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.32.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874730/; classtype:trojan-activity;sid:84737830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874728)"; flow:established,from_client; content:"GET"; http_method; content:"/includes/taxii/richy.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"serverfile.click"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874728/; classtype:trojan-activity;sid:84737828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874729)"; flow:established,from_client; content:"GET"; http_method; content:"/includes/taxii/optimizedrump.png"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"serverfile.click"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874729/; classtype:trojan-activity;sid:84737829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874727)"; flow:established,from_client; content:"GET"; http_method; content:"/includes/taxii/dbk.png"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"serverfile.click"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874727/; classtype:trojan-activity;sid:84737827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.137.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874726/; classtype:trojan-activity;sid:84737826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.137.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874725/; classtype:trojan-activity;sid:84737825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.60.214.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874724/; classtype:trojan-activity;sid:84737824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.41.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874723/; classtype:trojan-activity;sid:84737823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.91.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874722/; classtype:trojan-activity;sid:84737822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.223.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874721/; classtype:trojan-activity;sid:84737821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874720)"; flow:established,from_client; content:"GET"; http_method; content:"/23x06x2026_x64.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.107.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874720/; classtype:trojan-activity;sid:84737820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874719)"; flow:established,from_client; content:"GET"; http_method; content:"/client4.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"yettyagency.tz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874719/; classtype:trojan-activity;sid:84737819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"172.86.107.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874718/; classtype:trojan-activity;sid:84737818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874716)"; flow:established,from_client; content:"GET"; http_method; content:"/ojstub.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mail.avicennaalliedhealthinstitute.org"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874716/; classtype:trojan-activity;sid:84737816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874717)"; flow:established,from_client; content:"GET"; http_method; content:"/stubmy.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mail.avicennaalliedhealthinstitute.org"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874717/; classtype:trojan-activity;sid:84737817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874715)"; flow:established,from_client; content:"GET"; http_method; content:"/therecruiter809876/liquidbounce/master/nexusclient-1.21.1-v2.0.4.jar"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874715/; classtype:trojan-activity;sid:84737815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874714)"; flow:established,from_client; content:"GET"; http_method; content:"/hunterdevops/cs2-training-toolkit/releases/download/cs2/c2ware.by.hunterdevops.v3.1.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874714/; classtype:trojan-activity;sid:84737814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874713)"; flow:established,from_client; content:"GET"; http_method; content:"/kworker"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"168.222.254.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874713/; classtype:trojan-activity;sid:84737813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.120.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874708/; classtype:trojan-activity;sid:84737808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874709)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"police2026work2106.vercel.app"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874709/; classtype:trojan-activity;sid:84737809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874710)"; flow:established,from_client; content:"GET"; http_method; content:"/dl/wuwsjfijjqus/svchost.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"tmpfiles.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874710/; classtype:trojan-activity;sid:84737810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874711)"; flow:established,from_client; content:"GET"; http_method; content:"/tealweaponsmith/arc-raiders-fps-optimizer-ai/releases/download/optimizer-booster/arkoptimizerfps+.by.xxgamecoder.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874711/; classtype:trojan-activity;sid:84737811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874712)"; flow:established,from_client; content:"GET"; http_method; content:"/crahulam/arc_raiders_fps_booster/releases/download/v2.3.3/arc_raiders_fps_booster.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874712/; classtype:trojan-activity;sid:84737812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874704)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.i686"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"192.142.28.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874704/; classtype:trojan-activity;sid:84737804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874705)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.x86_64"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"192.142.28.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874705/; classtype:trojan-activity;sid:84737805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874706)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"192.142.28.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874706/; classtype:trojan-activity;sid:84737806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874707)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"192.142.28.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874707/; classtype:trojan-activity;sid:84737807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874702)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_67f5cec408166426.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874702/; classtype:trojan-activity;sid:84737802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874703)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_4c46142d9f2fb57c.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874703/; classtype:trojan-activity;sid:84737803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.125.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874701/; classtype:trojan-activity;sid:84737801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.91.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874700/; classtype:trojan-activity;sid:84737800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874699)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=5a7e45b0-bbc7-4b87-a60f-d043508040bd"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"m3f7xwi4.ensandareslam.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874699/; classtype:trojan-activity;sid:84737799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.65.77.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874698/; classtype:trojan-activity;sid:84737798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.10.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874697/; classtype:trojan-activity;sid:84737797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.136.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874696/; classtype:trojan-activity;sid:84737796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.196.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874695/; classtype:trojan-activity;sid:84737795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874694)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=ec8085ba-a62a-497b-9c3e-ee8eb13146b3"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"jxsf8qrc.edareumumi.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874694/; classtype:trojan-activity;sid:84737794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.8.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874693/; classtype:trojan-activity;sid:84737793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.214.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874692/; classtype:trojan-activity;sid:84737792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.212.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874691/; classtype:trojan-activity;sid:84737791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.212.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874690/; classtype:trojan-activity;sid:84737790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.89.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874689/; classtype:trojan-activity;sid:84737789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.228.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874688/; classtype:trojan-activity;sid:84737788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.8.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874687/; classtype:trojan-activity;sid:84737787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.89.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874686/; classtype:trojan-activity;sid:84737786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"164.163.25.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874685/; classtype:trojan-activity;sid:84737785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.129.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874684/; classtype:trojan-activity;sid:84737784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.129.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874683/; classtype:trojan-activity;sid:84737783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.28.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874682/; classtype:trojan-activity;sid:84737782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.142.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874681/; classtype:trojan-activity;sid:84737781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874679)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=c53a6582-4b18-4206-ae2b-8a45c190560f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"foorar9u.megapariwin.poker"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874679/; classtype:trojan-activity;sid:84737779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874680)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=521ee65b-b9c7-4244-939c-cefd892636e3"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"yw1tz6yc.englishekhtesasi.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874680/; classtype:trojan-activity;sid:84737780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.28.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874678/; classtype:trojan-activity;sid:84737778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.152.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874676/; classtype:trojan-activity;sid:84737776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.152.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874677/; classtype:trojan-activity;sid:84737777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.205.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874675/; classtype:trojan-activity;sid:84737775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.205.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874674/; classtype:trojan-activity;sid:84737774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.173.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874673/; classtype:trojan-activity;sid:84737773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.90.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874672/; classtype:trojan-activity;sid:84737772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.86.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874671/; classtype:trojan-activity;sid:84737771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.90.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874670/; classtype:trojan-activity;sid:84737770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.198.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874669/; classtype:trojan-activity;sid:84737769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.173.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874668/; classtype:trojan-activity;sid:84737768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.75.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874667/; classtype:trojan-activity;sid:84737767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.99.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874666/; classtype:trojan-activity;sid:84737766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.193.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874665/; classtype:trojan-activity;sid:84737765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.38.24.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874664/; classtype:trojan-activity;sid:84737764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.75.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874663/; classtype:trojan-activity;sid:84737763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874662)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=997b9b09-ae25-4915-a91e-5ce18e1b35f0"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"xgj65td7.engelabshafifar.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874662/; classtype:trojan-activity;sid:84737762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.232.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874661/; classtype:trojan-activity;sid:84737761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.0.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874660/; classtype:trojan-activity;sid:84737760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.10.133.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874659/; classtype:trojan-activity;sid:84737759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.38.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874658/; classtype:trojan-activity;sid:84737758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.72.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874656/; classtype:trojan-activity;sid:84737756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.186.230.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874657/; classtype:trojan-activity;sid:84737757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.38.24.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874655/; classtype:trojan-activity;sid:84737755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.7.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874654/; classtype:trojan-activity;sid:84737754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.107.102.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874653/; classtype:trojan-activity;sid:84737753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.38.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874652/; classtype:trojan-activity;sid:84737752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.186.230.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874651/; classtype:trojan-activity;sid:84737751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.14.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874650/; classtype:trojan-activity;sid:84737750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.7.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874649/; classtype:trojan-activity;sid:84737749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.161.252.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874648/; classtype:trojan-activity;sid:84737748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.111.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874646/; classtype:trojan-activity;sid:84737746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.103.68.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874647/; classtype:trojan-activity;sid:84737747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.161.252.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874645/; classtype:trojan-activity;sid:84737745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.79.160.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874644/; classtype:trojan-activity;sid:84737744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.203.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874643/; classtype:trojan-activity;sid:84737743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.147.81.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874642/; classtype:trojan-activity;sid:84737742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874641)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=11c80a8d-a4ee-45a0-b177-da3886af882f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"d52cv625.ahkam.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874641/; classtype:trojan-activity;sid:84737741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.147.81.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874640/; classtype:trojan-activity;sid:84737740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.203.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874639/; classtype:trojan-activity;sid:84737739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.112.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874637/; classtype:trojan-activity;sid:84737737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.112.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874638/; classtype:trojan-activity;sid:84737738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.233.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874636/; classtype:trojan-activity;sid:84737736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874635)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=54e076b1-cc67-4ddf-a6a9-c8086a591c25"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"nqw33qaj.engelabiran.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874635/; classtype:trojan-activity;sid:84737735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.163.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874634/; classtype:trojan-activity;sid:84737734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.83.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874633/; classtype:trojan-activity;sid:84737733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.83.128.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874632/; classtype:trojan-activity;sid:84737732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.40.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874631/; classtype:trojan-activity;sid:84737731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874628)"; flow:established,from_client; content:"GET"; http_method; content:"/oix"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874628/; classtype:trojan-activity;sid:84737728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874629)"; flow:established,from_client; content:"GET"; http_method; content:"/3kje"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874629/; classtype:trojan-activity;sid:84737729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874630)"; flow:established,from_client; content:"GET"; http_method; content:"/lil"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874630/; classtype:trojan-activity;sid:84737730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.65.77.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874627/; classtype:trojan-activity;sid:84737727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.163.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874626/; classtype:trojan-activity;sid:84737726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.123.205.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874625/; classtype:trojan-activity;sid:84737725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.112.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874624/; classtype:trojan-activity;sid:84737724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.83.128.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874623/; classtype:trojan-activity;sid:84737723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.90.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874622/; classtype:trojan-activity;sid:84737722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.108.230.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874621/; classtype:trojan-activity;sid:84737721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.40.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874620/; classtype:trojan-activity;sid:84737720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874619)"; flow:established,from_client; content:"GET"; http_method; content:"/nwk"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874619/; classtype:trojan-activity;sid:84737719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874618)"; flow:established,from_client; content:"GET"; http_method; content:"/qic"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874618/; classtype:trojan-activity;sid:84737718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874617)"; flow:established,from_client; content:"GET"; http_method; content:"/9db9"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874617/; classtype:trojan-activity;sid:84737717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874616)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=9eaa09f5-33b4-4401-9884-4a9888757417"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"1iubqhod.megapariwin.casino"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874616/; classtype:trojan-activity;sid:84737716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.34.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874615/; classtype:trojan-activity;sid:84737715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.88.136.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874614/; classtype:trojan-activity;sid:84737714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.123.205.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874613/; classtype:trojan-activity;sid:84737713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874612)"; flow:established,from_client; content:"GET"; http_method; content:"/larm4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874612/; classtype:trojan-activity;sid:84737712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874610)"; flow:established,from_client; content:"GET"; http_method; content:"/larm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874610/; classtype:trojan-activity;sid:84737710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874611)"; flow:established,from_client; content:"GET"; http_method; content:"/larm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874611/; classtype:trojan-activity;sid:84737711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874606)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.60.251.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874606/; classtype:trojan-activity;sid:84737706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874607)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.60.251.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874607/; classtype:trojan-activity;sid:84737707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874608)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.60.251.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874608/; classtype:trojan-activity;sid:84737708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874609)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"62.60.251.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874609/; classtype:trojan-activity;sid:84737709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874604)"; flow:established,from_client; content:"GET"; http_method; content:"/lmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874604/; classtype:trojan-activity;sid:84737704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874605)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"62.60.251.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874605/; classtype:trojan-activity;sid:84737705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.141.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874603/; classtype:trojan-activity;sid:84737703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.136.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874602/; classtype:trojan-activity;sid:84737702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.74.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874601/; classtype:trojan-activity;sid:84737701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.195.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874600/; classtype:trojan-activity;sid:84737700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.53.231.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874599/; classtype:trojan-activity;sid:84737699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.136.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874598/; classtype:trojan-activity;sid:84737698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.76.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874597/; classtype:trojan-activity;sid:84737697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874596)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=ab1ec46c-a270-4fe6-935f-c25902be4d72"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"3bds554w.megaparivip.vip"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874596/; classtype:trojan-activity;sid:84737696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.183.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874595/; classtype:trojan-activity;sid:84737695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.28.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874593/; classtype:trojan-activity;sid:84737693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.168.126.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874594/; classtype:trojan-activity;sid:84737694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.74.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874592/; classtype:trojan-activity;sid:84737692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.195.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874591/; classtype:trojan-activity;sid:84737691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.53.231.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874590/; classtype:trojan-activity;sid:84737690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.168.126.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874589/; classtype:trojan-activity;sid:84737689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.250.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874588/; classtype:trojan-activity;sid:84737688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.28.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874587/; classtype:trojan-activity;sid:84737687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.138.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874586/; classtype:trojan-activity;sid:84737686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874585)"; flow:established,from_client; content:"GET"; http_method; content:"/tron13/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874585/; classtype:trojan-activity;sid:84737685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874584)"; flow:established,from_client; content:"GET"; http_method; content:"/tron12/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874584/; classtype:trojan-activity;sid:84737684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.91.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874583/; classtype:trojan-activity;sid:84737683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.138.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874582/; classtype:trojan-activity;sid:84737682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.226.3.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874581/; classtype:trojan-activity;sid:84737681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.124.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874580/; classtype:trojan-activity;sid:84737680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.21.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874579/; classtype:trojan-activity;sid:84737679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.53.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874578/; classtype:trojan-activity;sid:84737678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.155.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874577/; classtype:trojan-activity;sid:84737677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874576/; classtype:trojan-activity;sid:84737676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.226.3.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874575/; classtype:trojan-activity;sid:84737675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.218.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874574/; classtype:trojan-activity;sid:84737674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.21.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874573/; classtype:trojan-activity;sid:84737673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.34.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874572/; classtype:trojan-activity;sid:84737672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.16.164.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874571/; classtype:trojan-activity;sid:84737671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.123.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874570/; classtype:trojan-activity;sid:84737670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.226.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874569/; classtype:trojan-activity;sid:84737669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874568)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=bd56dd9b-803f-4a4b-8124-5ce6355ff5af"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"xbf6th7x.megaparicom.poker"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874568/; classtype:trojan-activity;sid:84737668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.89.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874567/; classtype:trojan-activity;sid:84737667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.218.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874566/; classtype:trojan-activity;sid:84737666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.93.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874565/; classtype:trojan-activity;sid:84737665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.255.254.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874564/; classtype:trojan-activity;sid:84737664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.103.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874563/; classtype:trojan-activity;sid:84737663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.141.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874562/; classtype:trojan-activity;sid:84737662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.202.65.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874561/; classtype:trojan-activity;sid:84737661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.178.39.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874560/; classtype:trojan-activity;sid:84737660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.36.61.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874559/; classtype:trojan-activity;sid:84737659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.61.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874558/; classtype:trojan-activity;sid:84737658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.168.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874557/; classtype:trojan-activity;sid:84737657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874556)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=ecee7dc8-1d49-415e-be42-d124f4e7efa9"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"92a3tm8e.1x303.casino"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874556/; classtype:trojan-activity;sid:84737656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.61.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874555/; classtype:trojan-activity;sid:84737655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874554/; classtype:trojan-activity;sid:84737654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.93.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874553/; classtype:trojan-activity;sid:84737653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.41.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874552/; classtype:trojan-activity;sid:84737652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.60.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874551/; classtype:trojan-activity;sid:84737651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874550)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_124ebea06ddce2ed.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874550/; classtype:trojan-activity;sid:84737650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.65.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874549/; classtype:trojan-activity;sid:84737649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.94.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874548/; classtype:trojan-activity;sid:84737648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874547/; classtype:trojan-activity;sid:84737647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.18.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874546/; classtype:trojan-activity;sid:84737646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.13.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874545/; classtype:trojan-activity;sid:84737645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.83.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874544/; classtype:trojan-activity;sid:84737644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.115.102.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874543/; classtype:trojan-activity;sid:84737643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.18.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874542/; classtype:trojan-activity;sid:84737642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874541)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_0e1ac68890c06603.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874541/; classtype:trojan-activity;sid:84737641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.180.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874540/; classtype:trojan-activity;sid:84737640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.13.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874539/; classtype:trojan-activity;sid:84737639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.85.98.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874538/; classtype:trojan-activity;sid:84737638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.153.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874537/; classtype:trojan-activity;sid:84737637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874536)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=7f25e7d5-3866-4df3-bd96-2d9d8244039b"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"1di0v3ei.one1xbetfa.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874536/; classtype:trojan-activity;sid:84737636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874535)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=a7593533-0a50-4239-9252-fc77efd4d0b5"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"o8eyo1vo.megaparivip.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874535/; classtype:trojan-activity;sid:84737635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.102.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874534/; classtype:trojan-activity;sid:84737634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.115.102.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874533/; classtype:trojan-activity;sid:84737633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.193.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874532/; classtype:trojan-activity;sid:84737632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.180.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874531/; classtype:trojan-activity;sid:84737631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.118.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874530/; classtype:trojan-activity;sid:84737630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.231.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874529/; classtype:trojan-activity;sid:84737629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.118.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874528/; classtype:trojan-activity;sid:84737628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.193.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874527/; classtype:trojan-activity;sid:84737627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874526)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_964a41c5ea52bfc9.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874526/; classtype:trojan-activity;sid:84737626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.89.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874525/; classtype:trojan-activity;sid:84737625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.181.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874524/; classtype:trojan-activity;sid:84737624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.231.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874523/; classtype:trojan-activity;sid:84737623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.253.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874522/; classtype:trojan-activity;sid:84737622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.147.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874521/; classtype:trojan-activity;sid:84737621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.193.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874520/; classtype:trojan-activity;sid:84737620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.118.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874519/; classtype:trojan-activity;sid:84737619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874518)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/resmushit-image-optimizer/stego_payload.png"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"ach-sa.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874518/; classtype:trojan-activity;sid:84737618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.183.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874517/; classtype:trojan-activity;sid:84737617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874516)"; flow:established,from_client; content:"GET"; http_method; content:"/maiv/stego_payloads.png"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"lb.nigsv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874516/; classtype:trojan-activity;sid:84737616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874515)"; flow:established,from_client; content:"GET"; http_method; content:"/ch.bat"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"stockholm-pump-aged-truck.trycloudflare.com"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874515/; classtype:trojan-activity;sid:84737615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.137.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874514/; classtype:trojan-activity;sid:84737614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874513)"; flow:established,from_client; content:"GET"; http_method; content:"/enter/stego_payload1.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"latinaria.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874513/; classtype:trojan-activity;sid:84737613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874512)"; flow:established,from_client; content:"GET"; http_method; content:"/pred.inf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"grantexx.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874512/; classtype:trojan-activity;sid:84737612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.54.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874511/; classtype:trojan-activity;sid:84737611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874510)"; flow:established,from_client; content:"GET"; http_method; content:"/ffsa3b.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874510/; classtype:trojan-activity;sid:84737610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874509)"; flow:established,from_client; content:"GET"; http_method; content:"/qtibs"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874509/; classtype:trojan-activity;sid:84737609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.112.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874508/; classtype:trojan-activity;sid:84737608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874507)"; flow:established,from_client; content:"GET"; http_method; content:"/4444.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"royalcare-sy.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874507/; classtype:trojan-activity;sid:84737607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874505)"; flow:established,from_client; content:"GET"; http_method; content:"/tilsee.cur"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"grantexx.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874505/; classtype:trojan-activity;sid:84737605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874506)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=14gdct9n0frg_0j3dk1zhxjpkhkfhsbvz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874506/; classtype:trojan-activity;sid:84737606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.1.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874504/; classtype:trojan-activity;sid:84737604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874503)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1y-dqcn3frltuh1cxovts2t3ufa9mziid"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874503/; classtype:trojan-activity;sid:84737603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874502)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=e423e311-1b73-4e5d-8e0a-f97e10651d87"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"c4cxraym.megaparicom.poker"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874502/; classtype:trojan-activity;sid:84737602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.253.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874501/; classtype:trojan-activity;sid:84737601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874500)"; flow:established,from_client; content:"GET"; http_method; content:"/ftm0-40po-ao28-g98e/img_eqjdyx.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"blue-paper-f69f.acrypters.workers.dev"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874500/; classtype:trojan-activity;sid:84737600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874499)"; flow:established,from_client; content:"GET"; http_method; content:"/ftm0-40po-ao28-g98e/img_kgeewt.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"blue-paper-f69f.acrypters.workers.dev"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874499/; classtype:trojan-activity;sid:84737599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874498)"; flow:established,from_client; content:"GET"; http_method; content:"/258/ec/weneedbestthingseverandeveryforagoodlifetolive.hta"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"192.3.140.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874498/; classtype:trojan-activity;sid:84737598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874497)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"fogotten17.vercel.app"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874497/; classtype:trojan-activity;sid:84737597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.114.178.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874495/; classtype:trojan-activity;sid:84737595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874494)"; flow:established,from_client; content:"GET"; http_method; content:"/dragonballs76ace.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874494/; classtype:trojan-activity;sid:84737594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874493)"; flow:established,from_client; content:"GET"; http_method; content:"/reviwe/|3f|download=built_stub.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"teams.alfredcore.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874493/; classtype:trojan-activity;sid:84737593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874491)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1dtywbqrnaaz461tdks7kdnvynowyffwr"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874491/; classtype:trojan-activity;sid:84737591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874492)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gk9hapmb_ndvvxxd3fhc_e4zwrlac1a3"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874492/; classtype:trojan-activity;sid:84737592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874489)"; flow:established,from_client; content:"GET"; http_method; content:"/kjhgl.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"chayadip.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874489/; classtype:trojan-activity;sid:84737589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874490)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10tjumz7wfvneb23uabg9anqmgiwrgrkp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874490/; classtype:trojan-activity;sid:84737590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874487)"; flow:established,from_client; content:"GET"; http_method; content:"/nuvbsuvtfwdqpdpwneqwtiiy49.bin"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"pub-364c6b3011ca492cab2354176cfaf3f0.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874487/; classtype:trojan-activity;sid:84737587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874488)"; flow:established,from_client; content:"GET"; http_method; content:"/skrivem.ocx"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pub-364c6b3011ca492cab2354176cfaf3f0.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874488/; classtype:trojan-activity;sid:84737588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874484)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1dauzhsh6c6crvrfn_1fexszwzazbto-c"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874484/; classtype:trojan-activity;sid:84737584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874485)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=11ikhhvbecrxqda9a2rj8jrytsrufrspk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874485/; classtype:trojan-activity;sid:84737585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874486)"; flow:established,from_client; content:"GET"; http_method; content:"/3x8a-dnvi-pdbo-ij36/img_ppk8bt.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"blue-paper-f69f.acrypters.workers.dev"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874486/; classtype:trojan-activity;sid:84737586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874483)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cpbzbcb7zpagfgdwfyjlghgc8hfb0dfh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874483/; classtype:trojan-activity;sid:84737583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874481)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1b0pghvrgyztii2exegimja9evlgsz8z5"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874481/; classtype:trojan-activity;sid:84737581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874482)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hi6c_o2qikubsb17ehzh5kux7l6rk9_b"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874482/; classtype:trojan-activity;sid:84737582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874480)"; flow:established,from_client; content:"GET"; http_method; content:"/3x8a-dnvi-pdbo-ij36/img_swerkg.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"blue-paper-f69f.acrypters.workers.dev"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874480/; classtype:trojan-activity;sid:84737580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874479)"; flow:established,from_client; content:"GET"; http_method; content:"/etagevasks.mso"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pub-364c6b3011ca492cab2354176cfaf3f0.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874479/; classtype:trojan-activity;sid:84737579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874478)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k2"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"217.60.241.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874478/; classtype:trojan-activity;sid:84737578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874472)"; flow:established,from_client; content:"GET"; http_method; content:"/arm_soft3"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.241.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874472/; classtype:trojan-activity;sid:84737572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874473)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.241.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874473/; classtype:trojan-activity;sid:84737573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874474)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.241.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874474/; classtype:trojan-activity;sid:84737574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874475)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.60.241.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874475/; classtype:trojan-activity;sid:84737575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874476)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.60.241.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874476/; classtype:trojan-activity;sid:84737576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874477)"; flow:established,from_client; content:"GET"; http_method; content:"/arm_soft2"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.241.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874477/; classtype:trojan-activity;sid:84737577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874469)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.241.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874469/; classtype:trojan-activity;sid:84737569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874470)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.60.241.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874470/; classtype:trojan-activity;sid:84737570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874471)"; flow:established,from_client; content:"GET"; http_method; content:"/arm_soft"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.60.241.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874471/; classtype:trojan-activity;sid:84737571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874466)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.60.241.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874466/; classtype:trojan-activity;sid:84737566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874467)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.60.241.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874467/; classtype:trojan-activity;sid:84737567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874468)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc2"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.241.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874468/; classtype:trojan-activity;sid:84737568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.192.7.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874464/; classtype:trojan-activity;sid:84737564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.137.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874465/; classtype:trojan-activity;sid:84737565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874463)"; flow:established,from_client; content:"GET"; http_method; content:"/3tpo-g4n0-u714-l9kx/img_8bcbsz.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"blue-paper-f69f.acrypters.workers.dev"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874463/; classtype:trojan-activity;sid:84737563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874462)"; flow:established,from_client; content:"GET"; http_method; content:"/fowap"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874462/; classtype:trojan-activity;sid:84737562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.147.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874461/; classtype:trojan-activity;sid:84737561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874460)"; flow:established,from_client; content:"GET"; http_method; content:"/sass/djorigin.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"brenmayasociados.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874460/; classtype:trojan-activity;sid:84737560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874457)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"max-add-mobile.vercel.app"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874457/; classtype:trojan-activity;sid:84737557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874458)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"police2206work.vercel.app"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874458/; classtype:trojan-activity;sid:84737558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874459)"; flow:established,from_client; content:"GET"; http_method; content:"/ogodii.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gaiadeqi.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874459/; classtype:trojan-activity;sid:84737559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874456)"; flow:established,from_client; content:"GET"; http_method; content:"/3/ipmhdfm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"216.9.224.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874456/; classtype:trojan-activity;sid:84737556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.54.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874455/; classtype:trojan-activity;sid:84737555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874452)"; flow:established,from_client; content:"GET"; http_method; content:"/schi.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pub-1900be17f2994b5580d602f23eb7fb93.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874452/; classtype:trojan-activity;sid:84737552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874453)"; flow:established,from_client; content:"GET"; http_method; content:"/actv.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pub-1900be17f2994b5580d602f23eb7fb93.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874453/; classtype:trojan-activity;sid:84737553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874454)"; flow:established,from_client; content:"GET"; http_method; content:"/bidiasd.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pub-493b0aca469342c292decf02cdb24f6d.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874454/; classtype:trojan-activity;sid:84737554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874451)"; flow:established,from_client; content:"GET"; http_method; content:"/saucvvg.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pub-8d59738861b849e5a38b795cc17b1019.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874451/; classtype:trojan-activity;sid:84737551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874450)"; flow:established,from_client; content:"GET"; http_method; content:"/config/stubz.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ventnor.com.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874450/; classtype:trojan-activity;sid:84737550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874449)"; flow:established,from_client; content:"GET"; http_method; content:"/hjbmu"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874449/; classtype:trojan-activity;sid:84737549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874448)"; flow:established,from_client; content:"GET"; http_method; content:"/aww.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pub-3bc1de741f8149f49bdbafa703067f24.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874448/; classtype:trojan-activity;sid:84737548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.114.178.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874447/; classtype:trojan-activity;sid:84737547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.44.136.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874446/; classtype:trojan-activity;sid:84737546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.221.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874445/; classtype:trojan-activity;sid:84737545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874444)"; flow:established,from_client; content:"GET"; http_method; content:"/n"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.191.60.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874444/; classtype:trojan-activity;sid:84737544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874443)"; flow:established,from_client; content:"GET"; http_method; content:"/b.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.191.60.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874443/; classtype:trojan-activity;sid:84737543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874441)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.191.60.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874441/; classtype:trojan-activity;sid:84737541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874442)"; flow:established,from_client; content:"GET"; http_method; content:"/d"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.191.60.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874442/; classtype:trojan-activity;sid:84737542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874440)"; flow:established,from_client; content:"GET"; http_method; content:"/auto.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"107.191.60.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874440/; classtype:trojan-activity;sid:84737540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.192.7.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874439/; classtype:trojan-activity;sid:84737539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874438)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.115.102.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874438/; classtype:trojan-activity;sid:84737538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874437)"; flow:established,from_client; content:"GET"; http_method; content:"/bak.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.241.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874437/; classtype:trojan-activity;sid:84737537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874433)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.241.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874433/; classtype:trojan-activity;sid:84737533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874434)"; flow:established,from_client; content:"GET"; http_method; content:"/d"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.241.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874434/; classtype:trojan-activity;sid:84737534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874435)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.241.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874435/; classtype:trojan-activity;sid:84737535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874436)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.241.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874436/; classtype:trojan-activity;sid:84737536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874431)"; flow:established,from_client; content:"GET"; http_method; content:"/ocde/1.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"brantfordconventioncentre.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874431/; classtype:trojan-activity;sid:84737531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874432)"; flow:established,from_client; content:"GET"; http_method; content:"/3/sfgrska.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"216.9.224.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874432/; classtype:trojan-activity;sid:84737532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874430)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_d6532cf8de02f986.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874430/; classtype:trojan-activity;sid:84737530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874429)"; flow:established,from_client; content:"GET"; http_method; content:"/css/optimized_une22.png"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"brenmayasociados.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874429/; classtype:trojan-activity;sid:84737529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874427)"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/acme-challenge/images/thisweekisnlessedwithriches.png"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"www.controliumbt.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874427/; classtype:trojan-activity;sid:84737527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874428)"; flow:established,from_client; content:"GET"; http_method; content:"/css/yu2weeks.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"brenmayasociados.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874428/; classtype:trojan-activity;sid:84737528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874426)"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/acme-challenge/images/thenewweekisblessed.png"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"kits.frog.tw"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874426/; classtype:trojan-activity;sid:84737526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874425)"; flow:established,from_client; content:"GET"; http_method; content:"/rmx12.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliquelogistics.com.pk"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874425/; classtype:trojan-activity;sid:84737525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.168.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874424/; classtype:trojan-activity;sid:84737524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.53.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874423/; classtype:trojan-activity;sid:84737523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874422)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/text/diff/engine/thimble.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"cronicasdelcentro.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874422/; classtype:trojan-activity;sid:84737522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874421)"; flow:established,from_client; content:"GET"; http_method; content:"/index.ps1"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.143.1.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874421/; classtype:trojan-activity;sid:84737521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.145.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874420/; classtype:trojan-activity;sid:84737520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874419)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.60.241.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874419/; classtype:trojan-activity;sid:84737519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.248.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874418/; classtype:trojan-activity;sid:84737518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.125.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874417/; classtype:trojan-activity;sid:84737517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.199.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874416/; classtype:trojan-activity;sid:84737516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874413)"; flow:established,from_client; content:"GET"; http_method; content:"/88/givenbestthingswithbetterplacesinotknowbetter.hta"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"46.183.223.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874413/; classtype:trojan-activity;sid:84737513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874414)"; flow:established,from_client; content:"GET"; http_method; content:"/90/ecv/sweetnessgivenmebestthingsforever.hta"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"46.183.223.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874414/; classtype:trojan-activity;sid:84737514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874415)"; flow:established,from_client; content:"GET"; http_method; content:"/90/wegivingbestsolutionsforbetterplaces.js"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"46.183.223.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874415/; classtype:trojan-activity;sid:84737515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874412/; classtype:trojan-activity;sid:84737512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.162.197.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874411/; classtype:trojan-activity;sid:84737511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.248.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874410/; classtype:trojan-activity;sid:84737510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874409/; classtype:trojan-activity;sid:84737509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874408)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d5331822-c203-44c0-9ec7-03ef8fac86f9"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"25yiumhh.rahnemayenegaresh.site"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874408/; classtype:trojan-activity;sid:84737508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.142.54.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874407/; classtype:trojan-activity;sid:84737507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.53.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874405/; classtype:trojan-activity;sid:84737505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"192.142.54.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874406/; classtype:trojan-activity;sid:84737506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"108.61.136.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874404/; classtype:trojan-activity;sid:84737504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"104.238.186.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874403/; classtype:trojan-activity;sid:84737503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"104.238.186.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874402/; classtype:trojan-activity;sid:84737502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.184.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874401/; classtype:trojan-activity;sid:84737501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874400)"; flow:established,from_client; content:"GET"; http_method; content:"/bg/xl.ps1"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"onyx-ae.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874400/; classtype:trojan-activity;sid:84737500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874399)"; flow:established,from_client; content:"GET"; http_method; content:"/bg/stub.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"onyx-ae.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874399/; classtype:trojan-activity;sid:84737499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874398)"; flow:established,from_client; content:"GET"; http_method; content:"/bg/la.ps1"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"onyx-ae.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874398/; classtype:trojan-activity;sid:84737498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.162.197.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874397/; classtype:trojan-activity;sid:84737497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874396)"; flow:established,from_client; content:"GET"; http_method; content:"/test.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.191.37.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874396/; classtype:trojan-activity;sid:84737496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874394)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ovrydnwekzvqonwzqkivykyn28.bin"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"vaneijkprojecten.nl"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874394/; classtype:trojan-activity;sid:84737494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874395)"; flow:established,from_client; content:"GET"; http_method; content:"/alkhudarigroupuae/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874395/; classtype:trojan-activity;sid:84737495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874381)"; flow:established,from_client; content:"GET"; http_method; content:"/helena-maia/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874381/; classtype:trojan-activity;sid:84737481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874382)"; flow:established,from_client; content:"GET"; http_method; content:"/seh4835/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874382/; classtype:trojan-activity;sid:84737482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874383)"; flow:established,from_client; content:"GET"; http_method; content:"/abhishek-dungen/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874383/; classtype:trojan-activity;sid:84737483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874384)"; flow:established,from_client; content:"GET"; http_method; content:"/khinekhinelin/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874384/; classtype:trojan-activity;sid:84737484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874385)"; flow:established,from_client; content:"GET"; http_method; content:"/githublsy/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874385/; classtype:trojan-activity;sid:84737485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874386)"; flow:established,from_client; content:"GET"; http_method; content:"/priyanshu14077/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874386/; classtype:trojan-activity;sid:84737486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874387)"; flow:established,from_client; content:"GET"; http_method; content:"/theabhishekar/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874387/; classtype:trojan-activity;sid:84737487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874388)"; flow:established,from_client; content:"GET"; http_method; content:"/enriquefgf86/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874388/; classtype:trojan-activity;sid:84737488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874389)"; flow:established,from_client; content:"GET"; http_method; content:"/kewayne/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874389/; classtype:trojan-activity;sid:84737489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874390)"; flow:established,from_client; content:"GET"; http_method; content:"/hbddevos/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874390/; classtype:trojan-activity;sid:84737490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874391)"; flow:established,from_client; content:"GET"; http_method; content:"/muneeb1097m/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874391/; classtype:trojan-activity;sid:84737491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874392)"; flow:established,from_client; content:"GET"; http_method; content:"/captain236/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874392/; classtype:trojan-activity;sid:84737492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874393)"; flow:established,from_client; content:"GET"; http_method; content:"/ugbeh/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874393/; classtype:trojan-activity;sid:84737493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874373)"; flow:established,from_client; content:"GET"; http_method; content:"/haruharuharuby/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874373/; classtype:trojan-activity;sid:84737473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874374)"; flow:established,from_client; content:"GET"; http_method; content:"/jackchen-code/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874374/; classtype:trojan-activity;sid:84737474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874375)"; flow:established,from_client; content:"GET"; http_method; content:"/javidrashid/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874375/; classtype:trojan-activity;sid:84737475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874376)"; flow:established,from_client; content:"GET"; http_method; content:"/harsukh21/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874376/; classtype:trojan-activity;sid:84737476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874377)"; flow:established,from_client; content:"GET"; http_method; content:"/abizerjafferjee/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874377/; classtype:trojan-activity;sid:84737477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874378)"; flow:established,from_client; content:"GET"; http_method; content:"/edouard-larroche/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874378/; classtype:trojan-activity;sid:84737478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874379)"; flow:established,from_client; content:"GET"; http_method; content:"/costenar0/miaozhu/main/frontend/src/api/software-1.0.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874379/; classtype:trojan-activity;sid:84737479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874380)"; flow:established,from_client; content:"GET"; http_method; content:"/leejtom/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874380/; classtype:trojan-activity;sid:84737480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874372)"; flow:established,from_client; content:"GET"; http_method; content:"/romanticisationphallales546/openrgb-scripts/main/staphylinid/scripts-openrgb-2.2-alpha.2.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874372/; classtype:trojan-activity;sid:84737472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874371)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=3abb1aba-8942-43f3-ae09-edb228b3c253"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"um4y0jp5.megaparicom.casino"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874371/; classtype:trojan-activity;sid:84737471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874363)"; flow:established,from_client; content:"GET"; http_method; content:"/unavowed-easternchurch142/telegram-to-obsidian/main/config/workspace/skills/obsidian/obsidian_to_telegram_1.3.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874363/; classtype:trojan-activity;sid:84737463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874364)"; flow:established,from_client; content:"GET"; http_method; content:"/waweruv170/by-binds-yourself/main/completions/by-binds-yourself_1.4.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874364/; classtype:trojan-activity;sid:84737464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874365)"; flow:established,from_client; content:"GET"; http_method; content:"/tradmousebutton692/flussonic-exporter/main/deploy/prometheus/flussonic_exporter_1.8.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874365/; classtype:trojan-activity;sid:84737465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874366)"; flow:established,from_client; content:"GET"; http_method; content:"/hacker193/cmtat-icma-tokenized-bonds/main/contracts/cmtat_tokenized_icma_bonds_3.2.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874366/; classtype:trojan-activity;sid:84737466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874367)"; flow:established,from_client; content:"GET"; http_method; content:"/alpercepni/gommit/main/internal/install/software-2.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874367/; classtype:trojan-activity;sid:84737467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874368)"; flow:established,from_client; content:"GET"; http_method; content:"/holocentrusascensionisbadegg868/pantheon/main/patterns/carve-at-joints/adapters/software_1.3.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874368/; classtype:trojan-activity;sid:84737468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874369)"; flow:established,from_client; content:"GET"; http_method; content:"/rotund-episcopate534/hotkeys/main/flowerpecker/software_2.8.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874369/; classtype:trojan-activity;sid:84737469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874370)"; flow:established,from_client; content:"GET"; http_method; content:"/krissiesmudgy575/aip-foundry-themis-starter/main/scripts/aip-themis-foundry-starter-1.6.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874370/; classtype:trojan-activity;sid:84737470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874348)"; flow:established,from_client; content:"GET"; http_method; content:"/luiselius/streamd/main/diglottist/software_v1.5.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874348/; classtype:trojan-activity;sid:84737448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874349)"; flow:established,from_client; content:"GET"; http_method; content:"/kaydenplayz/agent-skills-guide/main/aportoise/guide-skills-agent-1.7.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874349/; classtype:trojan-activity;sid:84737449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874350)"; flow:established,from_client; content:"GET"; http_method; content:"/indrasurya12/theme_changing_template/main/components/card/theme_changing_template_2.6.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874350/; classtype:trojan-activity;sid:84737450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874351)"; flow:established,from_client; content:"GET"; http_method; content:"/sah-arch/legalysis/main/legalysis/software-3.9.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874351/; classtype:trojan-activity;sid:84737451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874352)"; flow:established,from_client; content:"GET"; http_method; content:"/timesukkumnerd/resonant-archive/main/skills/archive_resonant_3.0.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874352/; classtype:trojan-activity;sid:84737452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874353)"; flow:established,from_client; content:"GET"; http_method; content:"/65y6650/hermes-lcm/main/scripts/hermes_lcm_v1.2.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874353/; classtype:trojan-activity;sid:84737453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874354)"; flow:established,from_client; content:"GET"; http_method; content:"/ammarahmed12/ai-resume-analyzer/main/puparium/ai_analyzer_resume_1.9.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874354/; classtype:trojan-activity;sid:84737454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874355)"; flow:established,from_client; content:"GET"; http_method; content:"/rainbowlight-pixel/claude-cowork-content-plugin/main/content-repurposing/skills/twitter-thread/content-plugin-claude-cowork-v1.1-beta.1.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874355/; classtype:trojan-activity;sid:84737455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874356)"; flow:established,from_client; content:"GET"; http_method; content:"/isletkreisler490/rawq/main/upwell/software-3.7-beta.2.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874356/; classtype:trojan-activity;sid:84737456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874357)"; flow:established,from_client; content:"GET"; http_method; content:"/fauniethermal3522/agentic-dart/main/examples/sample-evidence/web/var/www/html/agentic_dart_v3.4.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874357/; classtype:trojan-activity;sid:84737457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874358)"; flow:established,from_client; content:"GET"; http_method; content:"/elpit0grande/awesome-free-movies/main/ramfeezled/movies-awesome-free-v2.9.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874358/; classtype:trojan-activity;sid:84737458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874359)"; flow:established,from_client; content:"GET"; http_method; content:"/filiberto97/iptv-streamwatcher/main/src/iptv_monitor/watcher-ipt-stream-2.4.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874359/; classtype:trojan-activity;sid:84737459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874360)"; flow:established,from_client; content:"GET"; http_method; content:"/resolvable-glia938/annexa/main/iceland/software_2.7.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874360/; classtype:trojan-activity;sid:84737460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874361)"; flow:established,from_client; content:"GET"; http_method; content:"/gittysb10/movie_recommend/main/data/recommend_movie_v3.5.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874361/; classtype:trojan-activity;sid:84737461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874362)"; flow:established,from_client; content:"GET"; http_method; content:"/ashu1436/amazon-scraper/main/ogum/scraper-amazon-1.8.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874362/; classtype:trojan-activity;sid:84737462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874343)"; flow:established,from_client; content:"GET"; http_method; content:"/naltalib/isumsoft-cloner-repack/main/preinsert/i_cloner_sumsoft_repack_v2.7.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874343/; classtype:trojan-activity;sid:84737443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874344)"; flow:established,from_client; content:"GET"; http_method; content:"/wwwsegunogundeji11-stack/gpt-voyager/main/src/content/gp-voyager-v1.9.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874344/; classtype:trojan-activity;sid:84737444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874345)"; flow:established,from_client; content:"GET"; http_method; content:"/pachydermatous-teuton9386/api-manager/main/rules/api_manager_v2.2-beta.1.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874345/; classtype:trojan-activity;sid:84737445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874346)"; flow:established,from_client; content:"GET"; http_method; content:"/twylatrumpetlike730/pi-psst/main/extensions/psst_pi_v1.8.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874346/; classtype:trojan-activity;sid:84737446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874347)"; flow:established,from_client; content:"GET"; http_method; content:"/lannascreaming580/flowscroll/main/flowscroll/locales/scroll-flow-v1.9.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874347/; classtype:trojan-activity;sid:84737447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874342)"; flow:established,from_client; content:"GET"; http_method; content:"/daynastraight594/portfolio-template/main/screenshots/portfolio_template_1.2.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874342/; classtype:trojan-activity;sid:84737442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874341)"; flow:established,from_client; content:"GET"; http_method; content:"/senjusenpai18/javascript-interview/main/undesirousness/javascript_interview_v3.6.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874341/; classtype:trojan-activity;sid:84737441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874340)"; flow:established,from_client; content:"GET"; http_method; content:"/misterioul/jobs/main/src/api/services/software-v3.6.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874340/; classtype:trojan-activity;sid:84737440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874338)"; flow:established,from_client; content:"GET"; http_method; content:"/rust8709/tourino/main/src/software_1.8-beta.4.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874338/; classtype:trojan-activity;sid:84737438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874339)"; flow:established,from_client; content:"GET"; http_method; content:"/socrates19/cloudflare-hono-starter/main/node_modules/reveal.js/test/starter_cloudflare_hono_1.3.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874339/; classtype:trojan-activity;sid:84737439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874335)"; flow:established,from_client; content:"GET"; http_method; content:"/smmdalavi/trezor-wallet-suite-core-hardware-mcu-desing-adress-validator/main/trezor-wallet/nuget/wallet_trezor_suite_core_adress_mcu_hardware_desing_validator_v2.3-beta.2.zip"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874335/; classtype:trojan-activity;sid:84737435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874336)"; flow:established,from_client; content:"GET"; http_method; content:"/afefnayeem/menustow/main/menustow/menubar/search/software_v3.7.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874336/; classtype:trojan-activity;sid:84737436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874337)"; flow:established,from_client; content:"GET"; http_method; content:"/zohaib-0/computer-vision-deep-learning-stack/main/implead/deep-computer-vision-learning-stack-2.7.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874337/; classtype:trojan-activity;sid:84737437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874329)"; flow:established,from_client; content:"GET"; http_method; content:"/osbertbilled424/macros-log/main/celibacy/log-macros-v2.7.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874329/; classtype:trojan-activity;sid:84737429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874330)"; flow:established,from_client; content:"GET"; http_method; content:"/connieverbal484/anthropic_hackathon/main/spongoid/hackathon_anthropic_v2.1.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874330/; classtype:trojan-activity;sid:84737430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874331)"; flow:established,from_client; content:"GET"; http_method; content:"/svmiizzz/conventional-commit-batcher/main/agents/batcher-commit-conventional-v1.8.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874331/; classtype:trojan-activity;sid:84737431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874332)"; flow:established,from_client; content:"GET"; http_method; content:"/unwatchful-conservativism274/personaplex/main/client/src/pages/conversation/components/software_v1.9.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874332/; classtype:trojan-activity;sid:84737432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.66.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874333/; classtype:trojan-activity;sid:84737433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874334)"; flow:established,from_client; content:"GET"; http_method; content:"/maumanto/jenkins-mcp-server/main/laborant/mcp-server-jenkins-3.2.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874334/; classtype:trojan-activity;sid:84737434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874328)"; flow:established,from_client; content:"GET"; http_method; content:"/rampant-zionism337/phoenix-framework/main/src/core/phoenix-framework-v3.7-alpha.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874328/; classtype:trojan-activity;sid:84737428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874327)"; flow:established,from_client; content:"GET"; http_method; content:"/purpletrainwreck/complete-guide-for-secure-boot-on-arch-linux-with-refind/main/summons/arch_ind_with_secure_guide_ef_linux_boot_r_complete_for_on_v3.8-alpha.1.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874327/; classtype:trojan-activity;sid:84737427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874323)"; flow:established,from_client; content:"GET"; http_method; content:"/lucas-camilo-dados/linkme/main/themes/software_1.5.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874323/; classtype:trojan-activity;sid:84737423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874324)"; flow:established,from_client; content:"GET"; http_method; content:"/bigcola2020/openclaw-jarvis-memory/main/skills/mem-redis/openclaw_memory_jarvis_2.3.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874324/; classtype:trojan-activity;sid:84737424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874325)"; flow:established,from_client; content:"GET"; http_method; content:"/ordered-tincture209/open-zeu/main/ui/open_zeu_3.6.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874325/; classtype:trojan-activity;sid:84737425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874326)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowy-screed33/mindful-trail/main/laang/trail-mindful-1.1-alpha.2.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874326/; classtype:trojan-activity;sid:84737426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874319)"; flow:established,from_client; content:"GET"; http_method; content:"/sdhsdfgjh/nestify-project/main/public/css/nestify_project_1.0.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874319/; classtype:trojan-activity;sid:84737419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874320)"; flow:established,from_client; content:"GET"; http_method; content:"/catengue/stillepost/main/python_code/software-v3.0.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874320/; classtype:trojan-activity;sid:84737420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874321)"; flow:established,from_client; content:"GET"; http_method; content:"/neocortical-one877/ts-quality/main/packages/legitimacy/ts-quality-v3.6.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874321/; classtype:trojan-activity;sid:84737421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874322)"; flow:established,from_client; content:"GET"; http_method; content:"/justdvp/claude-code-templates/main/cli-tool/src/analytics/utils/templates_code_claude_1.8.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874322/; classtype:trojan-activity;sid:84737422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874315)"; flow:established,from_client; content:"GET"; http_method; content:"/secretresell/ai-finance-trading-agent/main/oppugnant/agent_trading_finance_ai_v2.8.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874315/; classtype:trojan-activity;sid:84737415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874316)"; flow:established,from_client; content:"GET"; http_method; content:"/bayvapourisable154/stratum/main/klipfish/software_v2.4-alpha.2.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874316/; classtype:trojan-activity;sid:84737416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874317)"; flow:established,from_client; content:"GET"; http_method; content:"/rudge0/dynamo-rl/main/examples/sft/multiturn/dyna-m-rl-v1.2-alpha.5.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874317/; classtype:trojan-activity;sid:84737417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874318)"; flow:established,from_client; content:"GET"; http_method; content:"/oscine-mustercall181/advanced-excel-retail-sales-analysis/main/cutworm/advanced-sales-analysis-retail-excel-v3.6.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874318/; classtype:trojan-activity;sid:84737418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874310)"; flow:established,from_client; content:"GET"; http_method; content:"/kermithermit/agentic-commerce-protocol/main/changelog/agentic_commerce_protocol_v3.6-beta.5.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874310/; classtype:trojan-activity;sid:84737410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874311)"; flow:established,from_client; content:"GET"; http_method; content:"/ikramahmadmemon13/grant-thinking-skill/main/agents/skill_thinking_grant_v3.1.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874311/; classtype:trojan-activity;sid:84737411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874312)"; flow:established,from_client; content:"GET"; http_method; content:"/lakshmi2655/myclaw/main/assets/my_claw_1.6.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874312/; classtype:trojan-activity;sid:84737412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874313)"; flow:established,from_client; content:"GET"; http_method; content:"/annonymouskali10/redbookskills/main/nucleohyaloplasma/red_book_skills_2.2.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874313/; classtype:trojan-activity;sid:84737413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874314)"; flow:established,from_client; content:"GET"; http_method; content:"/bachekuni/ohshit.spc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"192.142.28.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874314/; classtype:trojan-activity;sid:84737414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874308)"; flow:established,from_client; content:"GET"; http_method; content:"/aloneboyktk1/medical-resource-simulator/main/.devcontainer/medical-resource-simulator-v1.7.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874308/; classtype:trojan-activity;sid:84737408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874309)"; flow:established,from_client; content:"GET"; http_method; content:"/scorjr1/envirowatch/main/components/ui/watch-enviro-v3.4.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874309/; classtype:trojan-activity;sid:84737409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874307)"; flow:established,from_client; content:"GET"; http_method; content:"/benxt512/bsutils/main/stream/utils-bs-2.5.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874307/; classtype:trojan-activity;sid:84737407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874302)"; flow:established,from_client; content:"GET"; http_method; content:"/dessert9431/awesome-ai-friendly-cli/main/presuperficially/friendly-awesome-ai-cli-v2.9.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874302/; classtype:trojan-activity;sid:84737402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874303)"; flow:established,from_client; content:"GET"; http_method; content:"/bbk-man/claude-code-owasp/main/.claude/skills/owasp_code_claude_v1.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874303/; classtype:trojan-activity;sid:84737403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874304)"; flow:established,from_client; content:"GET"; http_method; content:"/alzoube103/openkit/main/examples/styles/software_v3.2.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874304/; classtype:trojan-activity;sid:84737404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874305)"; flow:established,from_client; content:"GET"; http_method; content:"/uncorrected-nova574/playtranslate/main/app/src/main/res/software-v3.1-alpha.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874305/; classtype:trojan-activity;sid:84737405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874306)"; flow:established,from_client; content:"GET"; http_method; content:"/duahmcclean/erp-selenium-qa/main/docs/qa_selenium_erp_1.3.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874306/; classtype:trojan-activity;sid:84737406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874297)"; flow:established,from_client; content:"GET"; http_method; content:"/helanzhiyi/audio-annotation-platform/main/examples/audio_platform_annotation_v2.4-beta.5.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874297/; classtype:trojan-activity;sid:84737397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874298)"; flow:established,from_client; content:"GET"; http_method; content:"/arigotek/auto_cythonizer_tests/main/cython_cache/build_lib/fibonacci/auto_cythonizer_tests_2.7-alpha.3.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874298/; classtype:trojan-activity;sid:84737398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874299)"; flow:established,from_client; content:"GET"; http_method; content:"/notboiii/walletgpt-ai-copilot-for-wallets/main/repineful/for-wallet-wallets-gp-copilot-a-v3.7.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874299/; classtype:trojan-activity;sid:84737399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874300)"; flow:established,from_client; content:"GET"; http_method; content:"/jjvm2000/terminal-mcp/main/src/terminal/terminal_mcp_2.3.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874300/; classtype:trojan-activity;sid:84737400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874301)"; flow:established,from_client; content:"GET"; http_method; content:"/chance6969-hue/__2025_07_08_tvdi_crawler__/main/lesson7/tvdi-crawler-v3.8.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874301/; classtype:trojan-activity;sid:84737401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874295)"; flow:established,from_client; content:"GET"; http_method; content:"/anathi-c/backup-linux/main/troutflower/linux-backup-3.7.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874295/; classtype:trojan-activity;sid:84737395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874296)"; flow:established,from_client; content:"GET"; http_method; content:"/footbathfungusgnat32/ghostty-cursor-shaders/main/isodurene/ghostty-cursor-shaders-1.3-beta.1.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874296/; classtype:trojan-activity;sid:84737396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874292)"; flow:established,from_client; content:"GET"; http_method; content:"/toonjn123456789/constants-float16-eulergamma/main/docs/types/constants-eulergamma-float-v3.8.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874292/; classtype:trojan-activity;sid:84737392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874293)"; flow:established,from_client; content:"GET"; http_method; content:"/tophole-alphabetizer167/fino/main/client/src/test/software-v2.3.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874293/; classtype:trojan-activity;sid:84737393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874294)"; flow:established,from_client; content:"GET"; http_method; content:"/prentisskiplingesque84/focustask/main/public/task_focus_1.4.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874294/; classtype:trojan-activity;sid:84737394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874290)"; flow:established,from_client; content:"GET"; http_method; content:"/denis-arc/is4310-232m4_user_manual/main/rovet/manual_i_user_v1.1.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874290/; classtype:trojan-activity;sid:84737390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874291)"; flow:established,from_client; content:"GET"; http_method; content:"/filearsip/wapp/main/helices/software_v3.5-beta.2.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874291/; classtype:trojan-activity;sid:84737391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874288)"; flow:established,from_client; content:"GET"; http_method; content:"/qboosttt/awesome-openclaw/main/docs/blog/openclaw-awesome-3.5-alpha.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874288/; classtype:trojan-activity;sid:84737388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874289)"; flow:established,from_client; content:"GET"; http_method; content:"/ramaritacreations/sql-injection-attack-detection/main/dataset/sql_attack_detection_injection_v1.8.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874289/; classtype:trojan-activity;sid:84737389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874285)"; flow:established,from_client; content:"GET"; http_method; content:"/amansuthar0/microapi-hub/main/clients/web/lib/hub_microapi_2.2-beta.1.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874285/; classtype:trojan-activity;sid:84737385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874286)"; flow:established,from_client; content:"GET"; http_method; content:"/ra7701/aulite/main/dashboard/src/lib/software_1.6.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874286/; classtype:trojan-activity;sid:84737386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874287)"; flow:established,from_client; content:"GET"; http_method; content:"/conceited-watergillyflower311/meilisearch-desktop/main/src/pages/project/meilisearch-desktop-2.6.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874287/; classtype:trojan-activity;sid:84737387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874284)"; flow:established,from_client; content:"GET"; http_method; content:"/montycongolese277/awesome-ai-pulse-georgia/main/assets/awesome_ai_pulse_georgia_2.1-beta.3.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874284/; classtype:trojan-activity;sid:84737384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874279)"; flow:established,from_client; content:"GET"; http_method; content:"/koxov/comfyui-ayang_node/main/undescribably/node-comfyui-ayang-v1.5.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874279/; classtype:trojan-activity;sid:84737379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874280)"; flow:established,from_client; content:"GET"; http_method; content:"/ozii-z/zx-ddos/main/file/do_z_d_s_v2.4.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874280/; classtype:trojan-activity;sid:84737380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874281)"; flow:established,from_client; content:"GET"; http_method; content:"/marizdacusan/slopsmith/main/tests/software_2.6.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874281/; classtype:trojan-activity;sid:84737381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874282)"; flow:established,from_client; content:"GET"; http_method; content:"/lucasoil1234799/online-course-pricing-eda-analysis/main/poly/analysis-online-pricing-course-eda-v3.2.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874282/; classtype:trojan-activity;sid:84737382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874283)"; flow:established,from_client; content:"GET"; http_method; content:"/jesnn123/vibe/main/examples/software-v2.7.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874283/; classtype:trojan-activity;sid:84737383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874277)"; flow:established,from_client; content:"GET"; http_method; content:"/marinhodomingosm/post-stroke-aphasia-risk-analysis/main/github-pages/src/.observablehq/cache/_npm/aphasia-stroke-analysis-post-risk-1.4-beta.3.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874277/; classtype:trojan-activity;sid:84737377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874278)"; flow:established,from_client; content:"GET"; http_method; content:"/akroutabdelrrezak/dht11/main/guiser/dh_v3.8.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874278/; classtype:trojan-activity;sid:84737378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874273)"; flow:established,from_client; content:"GET"; http_method; content:"/phongvthanh/discord-bot/main/startlingly/bot_discord_v2.8.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874273/; classtype:trojan-activity;sid:84737373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874274)"; flow:established,from_client; content:"GET"; http_method; content:"/fastks/wedding-photography-web/main/griffade/web_wedding_photography_v2.0.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874274/; classtype:trojan-activity;sid:84737374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874275)"; flow:established,from_client; content:"GET"; http_method; content:"/emperormode/starus-data-restore-pack-latest-patch/main/berrugate/latest-patch-restore-starus-pack-data-v2.2.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874275/; classtype:trojan-activity;sid:84737375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874276)"; flow:established,from_client; content:"GET"; http_method; content:"/eror5/visionos-ui-framework/main/documentation/u_o_framework_vision_v2.3.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874276/; classtype:trojan-activity;sid:84737376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874265)"; flow:established,from_client; content:"GET"; http_method; content:"/immunogenic-prismspectroscope589/blender_mcp/main/scripts/quality/mcp-blender-v1.7.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874265/; classtype:trojan-activity;sid:84737365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874266)"; flow:established,from_client; content:"GET"; http_method; content:"/unfavorable-sutra74/apl-evs/main/headchair/apl-evs_1.2.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874266/; classtype:trojan-activity;sid:84737366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874267)"; flow:established,from_client; content:"GET"; http_method; content:"/cane4ka777/qwer/main/.devcontainer/software-v1.3.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874267/; classtype:trojan-activity;sid:84737367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874268)"; flow:established,from_client; content:"GET"; http_method; content:"/zeynepornek/.github/main/profile/github_v1.8-beta.5.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874268/; classtype:trojan-activity;sid:84737368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874269)"; flow:established,from_client; content:"GET"; http_method; content:"/adidashyperspace-lab/geosilo/main/scripts/software_v2.4.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874269/; classtype:trojan-activity;sid:84737369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874270)"; flow:established,from_client; content:"GET"; http_method; content:"/gitovamb/trackers/main/logo/software_v1.1.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874270/; classtype:trojan-activity;sid:84737370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874271)"; flow:established,from_client; content:"GET"; http_method; content:"/amynedev/ai-gesture-christmas-tree/main/decarbonization/christmas_tree_gesture_ai_v2.1.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874271/; classtype:trojan-activity;sid:84737371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874272)"; flow:established,from_client; content:"GET"; http_method; content:"/logiiiii/unity-agent-skills/main/skills/jahro-logging/skills-agent-unity-v3.9-alpha.2.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874272/; classtype:trojan-activity;sid:84737372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874262)"; flow:established,from_client; content:"GET"; http_method; content:"/paul-selvi/impellersharp/main/build/scripts/impeller_sharp_1.5-alpha.5.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874262/; classtype:trojan-activity;sid:84737362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874263)"; flow:established,from_client; content:"GET"; http_method; content:"/ieroglifgd/notabeen-ai-email-assistant/main/src/app/privacy-policy/ai_notabeen_assistant_email_3.0.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874263/; classtype:trojan-activity;sid:84737363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874264)"; flow:established,from_client; content:"GET"; http_method; content:"/klkape6358/mouse-p.i.-for-hire-release-game-desktop-version/main/code/desktop-release-version-game-mous-for-hire-3.3-beta.1.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874264/; classtype:trojan-activity;sid:84737364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874261)"; flow:established,from_client; content:"GET"; http_method; content:"/mr-mrs-xx1/claude-watch/main/dashboard/claude-watch-1.5.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874261/; classtype:trojan-activity;sid:84737361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874260)"; flow:established,from_client; content:"GET"; http_method; content:"/bvuz/django-multi-tenant-saas-starter-template/main/apps/authentication/tests/template-multi-saa-starter-django-tenant-1.9.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874260/; classtype:trojan-activity;sid:84737360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874255)"; flow:established,from_client; content:"GET"; http_method; content:"/thainereflecting360/otexum-pulse/main/properties/publishprofiles/otexum_pulse_v1.8-alpha.3.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874255/; classtype:trojan-activity;sid:84737355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874256)"; flow:established,from_client; content:"GET"; http_method; content:"/bhuiyan17/ai-novel-editor/main/src/gui/viewer/novel-ai-editor-v1.8-beta.3.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874256/; classtype:trojan-activity;sid:84737356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874257)"; flow:established,from_client; content:"GET"; http_method; content:"/caudalappendagemarmite540/tarantool-bzw/main/jun/tarantool-bzw_v1.0.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874257/; classtype:trojan-activity;sid:84737357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874258)"; flow:established,from_client; content:"GET"; http_method; content:"/significancemoloch680/driftcheck/main/internal/driftcheck/software-v3.9.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874258/; classtype:trojan-activity;sid:84737358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874259)"; flow:established,from_client; content:"GET"; http_method; content:"/1nashiw2/nioh3-trainer-2026/main/src/trainer-nioh-v1.9.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874259/; classtype:trojan-activity;sid:84737359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874254)"; flow:established,from_client; content:"GET"; http_method; content:"/isabre5796/mlb-the-show-26-pc/main/portable-port/ml-show-pc-the-3.4-beta.1.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874254/; classtype:trojan-activity;sid:84737354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874251)"; flow:established,from_client; content:"GET"; http_method; content:"/panoptic-septuagenarian481/oscp-notes/main/autodiffusion/notes_osc_2.5.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874251/; classtype:trojan-activity;sid:84737351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874252)"; flow:established,from_client; content:"GET"; http_method; content:"/cldestiny/key-maestro/main/growingupness/key-maestro-2.3-alpha.2.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874252/; classtype:trojan-activity;sid:84737352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874253)"; flow:established,from_client; content:"GET"; http_method; content:"/discernible-racoon7161/sql-shield/main/examples/sql_shield_v2.0-beta.5.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874253/; classtype:trojan-activity;sid:84737353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874247)"; flow:established,from_client; content:"GET"; http_method; content:"/persona-net/rag-pipeline-dashboard/main/frontend/tests/dashboard-rag-pipeline-3.8.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874247/; classtype:trojan-activity;sid:84737347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.145.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874248/; classtype:trojan-activity;sid:84737348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874249)"; flow:established,from_client; content:"GET"; http_method; content:"/soggyfy/sharingan/main/weep/software_v1.4.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874249/; classtype:trojan-activity;sid:84737349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874250)"; flow:established,from_client; content:"GET"; http_method; content:"/sayto97j/detectron2/main/detectron2/layers/csrc/roialignrotated/detectron_v3.7.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874250/; classtype:trojan-activity;sid:84737350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874243)"; flow:established,from_client; content:"GET"; http_method; content:"/idkidk02020202/claude-opus-4.6-prompt-optimizer/main/mnt/user-data/optimizer-prompt-opus-claude-1.6.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874243/; classtype:trojan-activity;sid:84737343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874244)"; flow:established,from_client; content:"GET"; http_method; content:"/hirak123github/rebecca-minkoff-scraper/main/exhalant/scraper-rebecca-minkoff-v2.8.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874244/; classtype:trojan-activity;sid:84737344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874245)"; flow:established,from_client; content:"GET"; http_method; content:"/el4rjoun/python-noadmin/main/scripts/admin-python-no-1.8-alpha.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874245/; classtype:trojan-activity;sid:84737345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874246)"; flow:established,from_client; content:"GET"; http_method; content:"/rommai123/rodel.player.public/main/assets/public-rodel-player-v3.4.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874246/; classtype:trojan-activity;sid:84737346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874237)"; flow:established,from_client; content:"GET"; http_method; content:"/repirate/asset-recovery-tool/main/novemnervate/recovery-asset-tool-2.6-alpha.4.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874237/; classtype:trojan-activity;sid:84737337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874238)"; flow:established,from_client; content:"GET"; http_method; content:"/dhanush-td/loginorreg/main/src/or-login-reg-2.7.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874238/; classtype:trojan-activity;sid:84737338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874239)"; flow:established,from_client; content:"GET"; http_method; content:"/yjariwala78/lintara/main/frontend/src/pages/software-v1.0.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874239/; classtype:trojan-activity;sid:84737339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874240)"; flow:established,from_client; content:"GET"; http_method; content:"/rightsideup-rubiales387/airca-fractal-decision-architecture/main/docs/fractal-decision-making/fractal-decision-airca-architecture-v3.7-beta.5.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874240/; classtype:trojan-activity;sid:84737340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874241)"; flow:established,from_client; content:"GET"; http_method; content:"/ritik250505/tokenfirewall/main/src/core/software-v2.3.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874241/; classtype:trojan-activity;sid:84737341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874242)"; flow:established,from_client; content:"GET"; http_method; content:"/joicesmart40/yii2-vscode-bridge/main/src/vscode_bridge_yii_3.9.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874242/; classtype:trojan-activity;sid:84737342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874234)"; flow:established,from_client; content:"GET"; http_method; content:"/xpiderservice/mvggt/main/mvggt/models/__pycache__/software-v3.9.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874234/; classtype:trojan-activity;sid:84737334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874235)"; flow:established,from_client; content:"GET"; http_method; content:"/zenialeaky136/live-to-100-skills/main/live-to-100/agents/live_to_skills_v1.8.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874235/; classtype:trojan-activity;sid:84737335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874236)"; flow:established,from_client; content:"GET"; http_method; content:"/allans4635/memctx/main/lib/api-spec/software-1.7.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874236/; classtype:trojan-activity;sid:84737336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874231)"; flow:established,from_client; content:"GET"; http_method; content:"/fresh-mexicanrevolution306/clearly/main/website/software_v2.8.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874231/; classtype:trojan-activity;sid:84737331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874232)"; flow:established,from_client; content:"GET"; http_method; content:"/duffelcoatterpsichore141/iam-lite/main/tests/iam-lite-v2.1.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874232/; classtype:trojan-activity;sid:84737332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874233)"; flow:established,from_client; content:"GET"; http_method; content:"/evansamarh/stm32-led-button-ctrl-register-coding-method/main/drivers/cmsis/device/st/stm32f4xx/st_butto_ctr_method_le_register_coding_1.8.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874233/; classtype:trojan-activity;sid:84737333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874228)"; flow:established,from_client; content:"GET"; http_method; content:"/naungphyo/ecoai-environmental-intelligence-agent/main/screenshots/a-eco-environmental-intelligence-agent-3.5.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874228/; classtype:trojan-activity;sid:84737328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874229)"; flow:established,from_client; content:"GET"; http_method; content:"/jeckef/unnamed_game_1_v2/main/epidictical/game-unnamed-v-1.3-beta.4.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874229/; classtype:trojan-activity;sid:84737329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874230)"; flow:established,from_client; content:"GET"; http_method; content:"/entity107/rlmgw/main/docs/src/components/software-2.6.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874230/; classtype:trojan-activity;sid:84737330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874225)"; flow:established,from_client; content:"GET"; http_method; content:"/kouroshkhan50/aurora-dx-dmhuisma/main/recipes/aurora-dx-dmhuisma-v3.4-beta.4.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874225/; classtype:trojan-activity;sid:84737325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874226)"; flow:established,from_client; content:"GET"; http_method; content:"/pearltelluric497/adobe-lightroom-professional/main/eunomy/adobe-lightroom-professional-v2.1.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874226/; classtype:trojan-activity;sid:84737326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874227)"; flow:established,from_client; content:"GET"; http_method; content:"/darryltoroidal630/ninjaripper-210-freeversion/main/paradoxicalness/ninja_free_version_ripper_1.1.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874227/; classtype:trojan-activity;sid:84737327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874224)"; flow:established,from_client; content:"GET"; http_method; content:"/dezmuz93/atom-ui/main/src/components/ato-ui-2.3.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874224/; classtype:trojan-activity;sid:84737324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874223)"; flow:established,from_client; content:"GET"; http_method; content:"/lookdawn1337/agentic-github-code-reviewer/main/agents/hub-code-git-agentic-reviewer-3.0.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874223/; classtype:trojan-activity;sid:84737323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874220)"; flow:established,from_client; content:"GET"; http_method; content:"/incensecedarthreepointswitch884/moda/main/libs/moda_triton/fla/models/mamba/da-mo-v1.4.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874220/; classtype:trojan-activity;sid:84737320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874221)"; flow:established,from_client; content:"GET"; http_method; content:"/0klartkarlsson/ode-comfyui-wanvideowrapper/main/wanvideo/schedulers/wrapper_video_ode_u_wan_comfy_1.5.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874221/; classtype:trojan-activity;sid:84737321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874222)"; flow:established,from_client; content:"GET"; http_method; content:"/r1ghtoo/firefox-fingerprint-analyzer/main/bilsh/analyzer-print-firefox-finger-3.1.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874222/; classtype:trojan-activity;sid:84737322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874216)"; flow:established,from_client; content:"GET"; http_method; content:"/theeterminetor21811/notploy-website/main/skidder/website_notploy_v1.9.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874216/; classtype:trojan-activity;sid:84737316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874217)"; flow:established,from_client; content:"GET"; http_method; content:"/akshay1010567/tp_final_pulseras_inteligentes/main/pulseras_inteligentes/datawarehouse/tp_pulseras_inteligentes_final_1.1-beta.2.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874217/; classtype:trojan-activity;sid:84737317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874218)"; flow:established,from_client; content:"GET"; http_method; content:"/amazo5385/lfn/main/docs/software_v3.3.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874218/; classtype:trojan-activity;sid:84737318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874219)"; flow:established,from_client; content:"GET"; http_method; content:"/rpsandygaming/awesome-terminal-for-ai/main/docs/assets/ai_terminal_for_awesome_1.8.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874219/; classtype:trojan-activity;sid:84737319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874213)"; flow:established,from_client; content:"GET"; http_method; content:"/nobita5609/mcp.zig/main/docs/guide/mcp-zig-v2.6.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874213/; classtype:trojan-activity;sid:84737313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874214)"; flow:established,from_client; content:"GET"; http_method; content:"/teresinatrackless687/gamineai/main/homeland/ai_gamine_v2.9.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874214/; classtype:trojan-activity;sid:84737314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874215)"; flow:established,from_client; content:"GET"; http_method; content:"/gainesvillefamilyenterobacteriaceae551/dmarc-parser/main/src/components/ui/dmarc_parser_2.9-beta.4.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874215/; classtype:trojan-activity;sid:84737315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874211)"; flow:established,from_client; content:"GET"; http_method; content:"/janemcfadden1090/110-sequence-detector/main/gansey/sequence_detector_v3.6-alpha.5.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874211/; classtype:trojan-activity;sid:84737311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874212)"; flow:established,from_client; content:"GET"; http_method; content:"/hermiogg-arch/product_picker/main/blog/.vitepress/theme/product_picker_v3.5.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874212/; classtype:trojan-activity;sid:84737312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874209)"; flow:established,from_client; content:"GET"; http_method; content:"/greenap7654/trendingcontent-agent/main/examples/trendingcontent-agent-3.6.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874209/; classtype:trojan-activity;sid:84737309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874210)"; flow:established,from_client; content:"GET"; http_method; content:"/jakemonomon/twin.fun/main/tigerish/twin.fun_1.8.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874210/; classtype:trojan-activity;sid:84737310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874205)"; flow:established,from_client; content:"GET"; http_method; content:"/basketmakerfaitaccompli622/awesome-claude-code-security/main/diovular/claude-security-code-awesome-v1.4.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874205/; classtype:trojan-activity;sid:84737305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874206)"; flow:established,from_client; content:"GET"; http_method; content:"/kopoku-69/dashboard-1771921898-3/main/pkg/dashboard-2.7.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874206/; classtype:trojan-activity;sid:84737306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874207)"; flow:established,from_client; content:"GET"; http_method; content:"/willz1/ai-config-search-guide/main/blithebread/guide-ai-search-config-v1.0.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874207/; classtype:trojan-activity;sid:84737307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874208)"; flow:established,from_client; content:"GET"; http_method; content:"/hassan1829/sigil-dfir/main/backend/tools/dfir-sigil-1.9-beta.3.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874208/; classtype:trojan-activity;sid:84737308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874203)"; flow:established,from_client; content:"GET"; http_method; content:"/ironputtycreditworthiness366/asoplay/main/sql/software_3.6.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874203/; classtype:trojan-activity;sid:84737303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874204)"; flow:established,from_client; content:"GET"; http_method; content:"/kotty2998/claude-plugins-official/main/external_plugins/laravel-boost/.claude-plugin/claude-official-plugins-1.1.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874204/; classtype:trojan-activity;sid:84737304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874195)"; flow:established,from_client; content:"GET"; http_method; content:"/bko2023/bliss_browser_pep8/main/regionary/pep-browser-bliss-3.4.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874195/; classtype:trojan-activity;sid:84737295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874196)"; flow:established,from_client; content:"GET"; http_method; content:"/themountainboy19/dojops/main/packages/skill-registry/src/software_v2.4.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874196/; classtype:trojan-activity;sid:84737296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874197)"; flow:established,from_client; content:"GET"; http_method; content:"/rudra1653v/fonelab-fonetrans-for-ios-working/main/denticulately/fonelab-fonetrans-for-ios-working_v3.8-beta.1.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874197/; classtype:trojan-activity;sid:84737297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874198)"; flow:established,from_client; content:"GET"; http_method; content:"/commutable-poilu834/parlor/main/artifacts/software_v1.5.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874198/; classtype:trojan-activity;sid:84737298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874199)"; flow:established,from_client; content:"GET"; http_method; content:"/ukiyooooo/multimodal-rag-engine/main/myeloencephalitis/engine-multimodal-rag-v2.0.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874199/; classtype:trojan-activity;sid:84737299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874200)"; flow:established,from_client; content:"GET"; http_method; content:"/nguyenphammc/whisperer/main/bin/software-v2.1.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874200/; classtype:trojan-activity;sid:84737300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874201)"; flow:established,from_client; content:"GET"; http_method; content:"/torresantm12/poof/main/sources/poof/resources/software_3.2.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874201/; classtype:trojan-activity;sid:84737301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874202)"; flow:established,from_client; content:"GET"; http_method; content:"/burhansaleem1961/axie-infinity/main/amnionic/axie_infinity_v1.4.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874202/; classtype:trojan-activity;sid:84737302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874193)"; flow:established,from_client; content:"GET"; http_method; content:"/manishrathore12/astro-preact-typescript-tailwind-boilerplate/main/src/pages/tailwind-typescript-boilerplate-preact-astro-v2.2.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874193/; classtype:trojan-activity;sid:84737293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874194)"; flow:established,from_client; content:"GET"; http_method; content:"/ziiyoung/macro-recorder/main/src/macro_recorder/observers/recorder-macro-v1.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874194/; classtype:trojan-activity;sid:84737294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874191)"; flow:established,from_client; content:"GET"; http_method; content:"/itsvis9313/logifadefix/main/coadjutress/fade-logi-fix-v3.0.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874191/; classtype:trojan-activity;sid:84737291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874192)"; flow:established,from_client; content:"GET"; http_method; content:"/rifkialmahdi/archivist-project-denoiser/main/archived_2024/archivist_denoiser_project_v2.7.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874192/; classtype:trojan-activity;sid:84737292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874189)"; flow:established,from_client; content:"GET"; http_method; content:"/equalizerklystron781/research-mode/main/commands/research-mode-v3.4.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874189/; classtype:trojan-activity;sid:84737289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874190)"; flow:established,from_client; content:"GET"; http_method; content:"/iqrama2006/black-usdt/main/cycloscope/black_usdt_v2.4.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874190/; classtype:trojan-activity;sid:84737290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874188)"; flow:established,from_client; content:"GET"; http_method; content:"/nevatry6660/telbot/main/telkomsel/software_1.0-alpha.5.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874188/; classtype:trojan-activity;sid:84737288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874187)"; flow:established,from_client; content:"GET"; http_method; content:"/kmen4/lvgl9-sdl2-windows-simulator/main/screenshots/lvgl-windows-sdl-simulator-v3.3-beta.2.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874187/; classtype:trojan-activity;sid:84737287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874183)"; flow:established,from_client; content:"GET"; http_method; content:"/abdelazizfouad/internshala-ds-projects/main/internshala-pgc-tableau/internshala_ds_projects_1.6-beta.3.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874183/; classtype:trojan-activity;sid:84737283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874184)"; flow:established,from_client; content:"GET"; http_method; content:"/christatantalising631/nimble/main/stdlib/software_2.6.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874184/; classtype:trojan-activity;sid:84737284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874185)"; flow:established,from_client; content:"GET"; http_method; content:"/skippermain626/rust-cheat-2026-best-aim-esp-no-recoil-misc-visuals-for-pc/main/zymolyis/best_pc_misc_cheat_no_esp_recoil_aim_visuals_rust_for_3.1.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874185/; classtype:trojan-activity;sid:84737285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874186)"; flow:established,from_client; content:"GET"; http_method; content:"/chizzy04062003/aws-lex-cloud-chatbot/main/images/aw_chatbot_lex_cloud_v3.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874186/; classtype:trojan-activity;sid:84737286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874182)"; flow:established,from_client; content:"GET"; http_method; content:"/edmundm9/stemlab/main/src/core/lab-stem-1.9.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874182/; classtype:trojan-activity;sid:84737282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874181)"; flow:established,from_client; content:"GET"; http_method; content:"/lucaducapuca/alibabacloud-bigdata-skills/main/skills/dataworks/alibabacloud-skills-bigdata-v1.7.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874181/; classtype:trojan-activity;sid:84737281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874178)"; flow:established,from_client; content:"GET"; http_method; content:"/salmajibeh/brutal/main/assets/software_1.6.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874178/; classtype:trojan-activity;sid:84737278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874179)"; flow:established,from_client; content:"GET"; http_method; content:"/hih24337/tabb2/main/routes/tabb_1.5.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874179/; classtype:trojan-activity;sid:84737279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874180)"; flow:established,from_client; content:"GET"; http_method; content:"/bradro/ict-infrastructure-monitoring-splunk/main/crabbed/splunk_ic_infrastructure_monitoring_3.5.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874180/; classtype:trojan-activity;sid:84737280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.86.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874177/; classtype:trojan-activity;sid:84737277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874176)"; flow:established,from_client; content:"GET"; http_method; content:"/ricarddefensive803/caveman-skill/main/windsurf/caveman-skill-2.2-beta.3.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874176/; classtype:trojan-activity;sid:84737276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874174)"; flow:established,from_client; content:"GET"; http_method; content:"/nshutidev/clojure-vsr/main/uncluttered/clojure-vsr-3.1-alpha.2.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874174/; classtype:trojan-activity;sid:84737274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874175)"; flow:established,from_client; content:"GET"; http_method; content:"/krkrrom5/opendoor/main/opendoor/io_layer/software-3.5.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874175/; classtype:trojan-activity;sid:84737275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874171)"; flow:established,from_client; content:"GET"; http_method; content:"/valedictory-tundra426/iot-prd-generator/main/assets/templates/prd-iot-generator-v2.9-beta.3.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874171/; classtype:trojan-activity;sid:84737271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874172)"; flow:established,from_client; content:"GET"; http_method; content:"/ajfrrr/cryptoschema-extractor/main/cryptoschema_extractor/cryptoschema_extractor_3.4.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874172/; classtype:trojan-activity;sid:84737272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874173)"; flow:established,from_client; content:"GET"; http_method; content:"/rokia258/luminara-cookie-jar/main/test-cli/tests/luminara-cookie-jar_v2.9.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874173/; classtype:trojan-activity;sid:84737273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874167)"; flow:established,from_client; content:"GET"; http_method; content:"/nmerr2212/iv4rbone-source/main/reboundable/iv4rbone-source-3.7.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874167/; classtype:trojan-activity;sid:84737267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874168)"; flow:established,from_client; content:"GET"; http_method; content:"/naserhajipour/dupefinder/main/lib/dupe-finder-3.5-beta.4.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874168/; classtype:trojan-activity;sid:84737268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874169)"; flow:established,from_client; content:"GET"; http_method; content:"/matrixneoexpressionism381/inframon/main/equiprobabilism/infra_mon_3.9-beta.5.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874169/; classtype:trojan-activity;sid:84737269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874170)"; flow:established,from_client; content:"GET"; http_method; content:"/magneticlineofforceplaymaker9843/shi-yigong-skill/main/references/research/yigong-skill-shi-2.6.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874170/; classtype:trojan-activity;sid:84737270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874155)"; flow:established,from_client; content:"GET"; http_method; content:"/auntara-toma/envcrypt/main/libs/rust/src/software-v1.2.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874155/; classtype:trojan-activity;sid:84737255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874156)"; flow:established,from_client; content:"GET"; http_method; content:"/corryrevokable963/claude-code-book/main/throatily/claude_book_code_v3.5.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874156/; classtype:trojan-activity;sid:84737256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874157)"; flow:established,from_client; content:"GET"; http_method; content:"/rhizopuselbow112/servo-control-esp8266-blynk-oled-temp-humidity/main/outstroke/blynk-ole-es-control-temp-servo-humidity-v1.4.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874157/; classtype:trojan-activity;sid:84737257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874158)"; flow:established,from_client; content:"GET"; http_method; content:"/daviepredatory192/battlefield-2-project-reality-setup/main/spiranthy/project_setup_reality_battlefield_2.4.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874158/; classtype:trojan-activity;sid:84737258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874159)"; flow:established,from_client; content:"GET"; http_method; content:"/madman696/better-all/main/src/better_all_v2.7.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874159/; classtype:trojan-activity;sid:84737259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874160)"; flow:established,from_client; content:"GET"; http_method; content:"/iamsage001/awesome-video-forcing/main/sphingal/forcing-awesome-video-v3.5.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874160/; classtype:trojan-activity;sid:84737260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874161)"; flow:established,from_client; content:"GET"; http_method; content:"/partitive-comma396/nayuyyyu/main/proxy/codex2api/software-2.3.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874161/; classtype:trojan-activity;sid:84737261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874162)"; flow:established,from_client; content:"GET"; http_method; content:"/shraz237/quorum/main/services/dashboard/frontend/src/components/software-1.1.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874162/; classtype:trojan-activity;sid:84737262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874163)"; flow:established,from_client; content:"GET"; http_method; content:"/suppressorplaybill4170/remocn/main/registry/remocn/marker-highlight/software_v2.0-beta.3.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874163/; classtype:trojan-activity;sid:84737263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874164)"; flow:established,from_client; content:"GET"; http_method; content:"/zeeldabhi24/auhikari-802.1x/main/files/x-uhikari-a-2.3.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874164/; classtype:trojan-activity;sid:84737264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874165)"; flow:established,from_client; content:"GET"; http_method; content:"/anshu987/davinci-magihuman/main/atlantite/da_human_magi_vinci_3.0.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874165/; classtype:trojan-activity;sid:84737265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874166)"; flow:established,from_client; content:"GET"; http_method; content:"/histologic-tenderfoot400/pdf2md/main/halite/pdf-md-v2.6.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874166/; classtype:trojan-activity;sid:84737266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874152)"; flow:established,from_client; content:"GET"; http_method; content:"/nguyengiabinh23-prog/tadpole/main/packages/ts-config/software_3.5.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874152/; classtype:trojan-activity;sid:84737252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874153)"; flow:established,from_client; content:"GET"; http_method; content:"/ksaf43a/plarix-scan/main/internal/ledger/plarix-scan-v3.7-beta.3.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874153/; classtype:trojan-activity;sid:84737253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874154)"; flow:established,from_client; content:"GET"; http_method; content:"/riohari07/ai-assisted-insights-agent/main/02_examples/python-client/agent_assisted_ai_insights_v2.7.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874154/; classtype:trojan-activity;sid:84737254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874151)"; flow:established,from_client; content:"GET"; http_method; content:"/mannaggiacristo556/nvim/main/lua/neo-tree/sources/distant/software-3.6.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874151/; classtype:trojan-activity;sid:84737251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874148)"; flow:established,from_client; content:"GET"; http_method; content:"/matiasv6193/pwnagotchi_app/main/uncohesive/pwnagotchi-app-3.1.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874148/; classtype:trojan-activity;sid:84737248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874149)"; flow:established,from_client; content:"GET"; http_method; content:"/prdo0985/07-fpga-itch-parser-v5/main/constraints/itch_v_parser_fpga_v1.7.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874149/; classtype:trojan-activity;sid:84737249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874150)"; flow:established,from_client; content:"GET"; http_method; content:"/alejandro920/zhouyi/main/kittysol/software_v2.1.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874150/; classtype:trojan-activity;sid:84737250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874145)"; flow:established,from_client; content:"GET"; http_method; content:"/salah15cl/ai-gaming-strategy-coach-chatbot/main/hebraic/gaming_chatbot_ai_strategy_coach_v1.7.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874145/; classtype:trojan-activity;sid:84737245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874146)"; flow:established,from_client; content:"GET"; http_method; content:"/oebeledrijfhout/attorney-directory-scraper/main/naifly/scraper_attorney_directory_3.9.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874146/; classtype:trojan-activity;sid:84737246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874147)"; flow:established,from_client; content:"GET"; http_method; content:"/nicollas76143/powersub-demo-4146/main/wamara/demo-powersub-3.4.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874147/; classtype:trojan-activity;sid:84737247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874144)"; flow:established,from_client; content:"GET"; http_method; content:"/valublearctic/docker2vm/main/src/bin/docker_vm_2.4.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874144/; classtype:trojan-activity;sid:84737244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874143)"; flow:established,from_client; content:"GET"; http_method; content:"/pete731/sati/main/examples/basic-agent-registration/software_2.9.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874143/; classtype:trojan-activity;sid:84737243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874141)"; flow:established,from_client; content:"GET"; http_method; content:"/wijewardhanagayashi/awesome-dotnet/main/impersonize/awesome-dotnet-v2.9.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874141/; classtype:trojan-activity;sid:84737241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874142)"; flow:established,from_client; content:"GET"; http_method; content:"/bayyyyyuuu/veniai-hukuk-emsalkarar-mcpserver/main/src/database/server_veni_hukuk_emsal_karar_mcp_a_1.2.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874142/; classtype:trojan-activity;sid:84737242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874140)"; flow:established,from_client; content:"GET"; http_method; content:"/mohdmahsoof/ii-researcher/main/ii_researcher/ii_researcher_2.6-beta.5.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874140/; classtype:trojan-activity;sid:84737240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874138)"; flow:established,from_client; content:"GET"; http_method; content:"/guilhermepelido/hermes-optimization-guide/main/screenshots/optimization-hermes-guide-v2.0.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874138/; classtype:trojan-activity;sid:84737238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874139)"; flow:established,from_client; content:"GET"; http_method; content:"/kmilink/opennmt-indonesia-bima/main/docs/_layouts/nm_bima_open_indonesia_3.2.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874139/; classtype:trojan-activity;sid:84737239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874137)"; flow:established,from_client; content:"GET"; http_method; content:"/pale-mayenne964/devdocs-forge-agent/main/src/transcript/devdocs_agent_forge_3.5.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874137/; classtype:trojan-activity;sid:84737237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874135)"; flow:established,from_client; content:"GET"; http_method; content:"/nogame154/legacylauncher/main/unrich/legacy-launcher-v3.1-beta.3.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874135/; classtype:trojan-activity;sid:84737235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874136)"; flow:established,from_client; content:"GET"; http_method; content:"/antaraaaaaaa/software_maps_tcc/main/docs/docs/software_maps_tcc_2.6.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874136/; classtype:trojan-activity;sid:84737236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874134)"; flow:established,from_client; content:"GET"; http_method; content:"/cjmk1/badminton-visionai/main/assets/ai_vision_badminton_v3.1.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874134/; classtype:trojan-activity;sid:84737234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874126)"; flow:established,from_client; content:"GET"; http_method; content:"/thementh/ai-zhuqi-battle/main/app/api/llm/zhuqi-battle-ai-v3.6.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874126/; classtype:trojan-activity;sid:84737226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874127)"; flow:established,from_client; content:"GET"; http_method; content:"/evanneimmoral547/atlasrv-32-bit-risc-v-pipelined-processor/main/docs/ris-pipelined-atlas-r-bit-processor-3.3.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874127/; classtype:trojan-activity;sid:84737227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874128)"; flow:established,from_client; content:"GET"; http_method; content:"/clabsresults-mohp-gov-eg/sri-balaji-plastics/main/assets/balaji_sri_plastics_v1.8.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874128/; classtype:trojan-activity;sid:84737228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874129)"; flow:established,from_client; content:"GET"; http_method; content:"/fafarras22/aura/main/src/components/layout/sidebar/software_v1.5.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874129/; classtype:trojan-activity;sid:84737229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874130)"; flow:established,from_client; content:"GET"; http_method; content:"/softineerdanish/faahhh-notifier-plugin-intellij/main/docs/faahhh-plugin-notifier-intellij-2.7.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874130/; classtype:trojan-activity;sid:84737230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874131)"; flow:established,from_client; content:"GET"; http_method; content:"/mrakhajv70/st7796s-particle/main/src/s-particle-1.6.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874131/; classtype:trojan-activity;sid:84737231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874132)"; flow:established,from_client; content:"GET"; http_method; content:"/wander210/planning-with-teams/main/app/src/main/res/with-planning-teams-v1.5.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874132/; classtype:trojan-activity;sid:84737232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874133)"; flow:established,from_client; content:"GET"; http_method; content:"/tylero5029/masterdnsvpn-androidgg/main/android/app/src/main/java/com/masterdnsvpn/dns_gg_master_android_vp_v3.9.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874133/; classtype:trojan-activity;sid:84737233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874123)"; flow:established,from_client; content:"GET"; http_method; content:"/bubakitainu-code/opendata/main/api/data_open_v1.3.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874123/; classtype:trojan-activity;sid:84737223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874124)"; flow:established,from_client; content:"GET"; http_method; content:"/catharinepalatial88/bazi-skill/main/references/bazi_skill_v3.3-beta.4.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874124/; classtype:trojan-activity;sid:84737224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874125)"; flow:established,from_client; content:"GET"; http_method; content:"/ndkieen227/crnn-ocr-sequence-recognition/main/static/recognition_sequence_crn_oc_3.5.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874125/; classtype:trojan-activity;sid:84737225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874120)"; flow:established,from_client; content:"GET"; http_method; content:"/tashin666/streamlit-space-explorer/main/components/space_explorer_streamlit_v1.4.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874120/; classtype:trojan-activity;sid:84737220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874121)"; flow:established,from_client; content:"GET"; http_method; content:"/rynl3571/vault-session/main/adsignify/vault_session_v2.5.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874121/; classtype:trojan-activity;sid:84737221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874122)"; flow:established,from_client; content:"GET"; http_method; content:"/abdallah2165/novel-tool/main/app/api/projects/[id]/tool_novel_1.6.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874122/; classtype:trojan-activity;sid:84737222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874115)"; flow:established,from_client; content:"GET"; http_method; content:"/ander12342/pugdns/main/.vscode/software-v3.2.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874115/; classtype:trojan-activity;sid:84737215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874116)"; flow:established,from_client; content:"GET"; http_method; content:"/miroslav1123/byetunes/main/musicmanager/assets.xcassets/tunes-bye-v2.4-beta.4.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874116/; classtype:trojan-activity;sid:84737216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874117)"; flow:established,from_client; content:"GET"; http_method; content:"/manan1072005/dsai-3302-expert-system/main/week13_integration_with_ai/system-expert-dsa-1.3.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874117/; classtype:trojan-activity;sid:84737217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874118)"; flow:established,from_client; content:"GET"; http_method; content:"/timmyunplayable214/bus-ticket-booking/main/submissly/ticket_booking_bus_2.3-beta.5.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874118/; classtype:trojan-activity;sid:84737218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874119)"; flow:established,from_client; content:"GET"; http_method; content:"/ducanh390/meshify/main/shovel/software_v1.4-alpha.3.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874119/; classtype:trojan-activity;sid:84737219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874110)"; flow:established,from_client; content:"GET"; http_method; content:"/larimreis/flower-diffusion-model/main/generated_images/flower-model-diffusion-1.1-alpha.3.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874110/; classtype:trojan-activity;sid:84737210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874111)"; flow:established,from_client; content:"GET"; http_method; content:"/dynamofusion/free-e-paperdesignerpro/main/argante/designer-free-paper-pro-1.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874111/; classtype:trojan-activity;sid:84737211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874112)"; flow:established,from_client; content:"GET"; http_method; content:"/magendiran07/super-builder-platform/main/src/components/dashboard/super_builder_platform_1.6.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874112/; classtype:trojan-activity;sid:84737212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874113)"; flow:established,from_client; content:"GET"; http_method; content:"/ryabell2023-cmd/docksentry/main/app/software_v3.3.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874113/; classtype:trojan-activity;sid:84737213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874114)"; flow:established,from_client; content:"GET"; http_method; content:"/wagawgaw/pumpfun-sniper-bot/main/dexlab/pumpfun-bot-sniper-v3.5-alpha.4.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874114/; classtype:trojan-activity;sid:84737214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874107)"; flow:established,from_client; content:"GET"; http_method; content:"/mebi26/youtube-subtitle-translator/main/icons/subtitle_translator_youtube_v1.4.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874107/; classtype:trojan-activity;sid:84737207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874108)"; flow:established,from_client; content:"GET"; http_method; content:"/raulika223/ecommerce-product-service/main/alembic/versions/service-product-ecommerce-1.0.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874108/; classtype:trojan-activity;sid:84737208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874109)"; flow:established,from_client; content:"GET"; http_method; content:"/jeremyx000/claude-session-index/main/session_index/index_session_claude_2.6.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874109/; classtype:trojan-activity;sid:84737209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874105)"; flow:established,from_client; content:"GET"; http_method; content:"/tejbhan111/t2yllm/main/memory/llm_t_y_v2.8.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874105/; classtype:trojan-activity;sid:84737205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874106)"; flow:established,from_client; content:"GET"; http_method; content:"/vinniphonetic360/clear-code/main/claude-code-skills/code_clear_v2.9-beta.5.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874106/; classtype:trojan-activity;sid:84737206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874102)"; flow:established,from_client; content:"GET"; http_method; content:"/honeymikiki/cpp-high-performance-boids/main/include/performance_cpp_boids_high_v3.2.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874102/; classtype:trojan-activity;sid:84737202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874103)"; flow:established,from_client; content:"GET"; http_method; content:"/stregavn/vercel-render-supabase-template/main/frontend-template/src/pages/vercel-supabase-render-template-v2.4.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874103/; classtype:trojan-activity;sid:84737203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874104)"; flow:established,from_client; content:"GET"; http_method; content:"/blinnieinfertile577/skill-harness/main/packs/specgraph-skills/skills/annotation-writer/skill-harness-1.3.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874104/; classtype:trojan-activity;sid:84737204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874100)"; flow:established,from_client; content:"GET"; http_method; content:"/nominal-trooper277/corridorkey-for-nuke/main/tailage/for_corridor_nuke_key_v2.9.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874100/; classtype:trojan-activity;sid:84737200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874101)"; flow:established,from_client; content:"GET"; http_method; content:"/immortelleflory244/jetpack-newsapp/main/app/newsapp/src/main/res/mipmap-anydpi-v26/news-jetpack-app-1.7.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874101/; classtype:trojan-activity;sid:84737201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874099)"; flow:established,from_client; content:"GET"; http_method; content:"/ayoubdrihmi/coin-flip/main/unfestooned/coin_flip_1.4.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874099/; classtype:trojan-activity;sid:84737199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874097)"; flow:established,from_client; content:"GET"; http_method; content:"/ascoura/soulprint/main/packages/verify-local/src/document/software_v1.8.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874097/; classtype:trojan-activity;sid:84737197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874098)"; flow:established,from_client; content:"GET"; http_method; content:"/3dcom2711/thrunt-god/main/apps/vscode/webview/hunt-overview/god_thrunt_1.9.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874098/; classtype:trojan-activity;sid:84737198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874095)"; flow:established,from_client; content:"GET"; http_method; content:"/reemetalike01/code-copyright-monitor/main/caulicle/code-copyright-monitor_3.4-beta.3.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874095/; classtype:trojan-activity;sid:84737195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874096)"; flow:established,from_client; content:"GET"; http_method; content:"/keplerking100/tatakaiapi/main/src/routes/watchanimeworld/tatakai_api_v1.6.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874096/; classtype:trojan-activity;sid:84737196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874090)"; flow:established,from_client; content:"GET"; http_method; content:"/mann1988/awesome-claude-skills/main/us-gov-shutdown-tracker/references/awesome-skills-claude-3.3.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874090/; classtype:trojan-activity;sid:84737190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874091)"; flow:established,from_client; content:"GET"; http_method; content:"/zaltrap/renee-iphone-recovery-no-trial/main/provableness/recovery_i_phone_trial_no_renee_3.4.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874091/; classtype:trojan-activity;sid:84737191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874092)"; flow:established,from_client; content:"GET"; http_method; content:"/connecting001/blas-base-ssyr2/main/benchmark/base-blas-ssyr-v1.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874092/; classtype:trojan-activity;sid:84737192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874093)"; flow:established,from_client; content:"GET"; http_method; content:"/gildarek/coffee-shop/main/nonexcessive/shop-coffee-3.9-beta.5.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874093/; classtype:trojan-activity;sid:84737193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874094)"; flow:established,from_client; content:"GET"; http_method; content:"/rux23fvillafuertew/cardly-ai-guide/main/public/ai_guide_cardly_v2.8.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874094/; classtype:trojan-activity;sid:84737194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874089)"; flow:established,from_client; content:"GET"; http_method; content:"/sowaxx/ai-dev-tools-hub/main/firebrick/dev_tools_ai_hub_1.9.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874089/; classtype:trojan-activity;sid:84737189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874074)"; flow:established,from_client; content:"GET"; http_method; content:"/albertminh/taskmate/main/android/app/src/profile/mate-task-v1.6.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874074/; classtype:trojan-activity;sid:84737174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874075)"; flow:established,from_client; content:"GET"; http_method; content:"/exocrine-play55/rust-ple/main/keystoner/rust-ple-v2.3-beta.2.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874075/; classtype:trojan-activity;sid:84737175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874076)"; flow:established,from_client; content:"GET"; http_method; content:"/aasqrty/clawintelligentmemory/main/precontemplate/claw_intelligent_memory_2.9.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874076/; classtype:trojan-activity;sid:84737176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874077)"; flow:established,from_client; content:"GET"; http_method; content:"/wanderasadallah/weather-forecast-app/main/sabadilla/forecast_weather_app_v2.4.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874077/; classtype:trojan-activity;sid:84737177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874078)"; flow:established,from_client; content:"GET"; http_method; content:"/savazm1/pacifica/main/untranspiring/pacifica-3.5.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874078/; classtype:trojan-activity;sid:84737178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874079)"; flow:established,from_client; content:"GET"; http_method; content:"/sanitprime/advanced_graph_rag/main/data/rag_advanced_graph_v1.0.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874079/; classtype:trojan-activity;sid:84737179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874080)"; flow:established,from_client; content:"GET"; http_method; content:"/rsartvisual12/kw-tray/main/semivitreous/k-tray-v2.6-beta.1.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874080/; classtype:trojan-activity;sid:84737180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874081)"; flow:established,from_client; content:"GET"; http_method; content:"/marcioferreiraxz/fidelius/main/backend/src/main/kotlin/com/software-v1.8.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874081/; classtype:trojan-activity;sid:84737181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874082)"; flow:established,from_client; content:"GET"; http_method; content:"/koradripless624/un-webcast-analyzer/main/backend/services/un_webcast_analyzer_2.0.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874082/; classtype:trojan-activity;sid:84737182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874083)"; flow:established,from_client; content:"GET"; http_method; content:"/muquisjose/queryoptimizer/master/app/models/optimizer_query_3.8.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874083/; classtype:trojan-activity;sid:84737183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874084)"; flow:established,from_client; content:"GET"; http_method; content:"/shubhamjadhav72/aurral/main/frontend/src/contexts/software_2.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874084/; classtype:trojan-activity;sid:84737184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874085)"; flow:established,from_client; content:"GET"; http_method; content:"/piroplayers69-ops/s3t-former/main/spiking-topo-transformer-code/config/former-v3.4.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874085/; classtype:trojan-activity;sid:84737185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874086)"; flow:established,from_client; content:"GET"; http_method; content:"/tylerstunned405/vinnify/main/nonwar/software-2.1.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874086/; classtype:trojan-activity;sid:84737186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874087)"; flow:established,from_client; content:"GET"; http_method; content:"/badressalemmouffek-coder/frank-bot/main/clients/frank_bot_3.3.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874087/; classtype:trojan-activity;sid:84737187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874088)"; flow:established,from_client; content:"GET"; http_method; content:"/sesha736/myviralproject/main/standardizer/my-project-viral-2.8.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874088/; classtype:trojan-activity;sid:84737188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874065)"; flow:established,from_client; content:"GET"; http_method; content:"/hamoodkh7/sims4communitylibrary/main/postaxially/sims_community_library_v1.6.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874065/; classtype:trojan-activity;sid:84737165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874066)"; flow:established,from_client; content:"GET"; http_method; content:"/jesusgamer1/ishormuzopenyet/main/toxicopathy/software-v2.8.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874066/; classtype:trojan-activity;sid:84737166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874067)"; flow:established,from_client; content:"GET"; http_method; content:"/kanaa257/sosumi.ai/main/public/sosumi_ai_v1.3.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874067/; classtype:trojan-activity;sid:84737167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874068)"; flow:established,from_client; content:"GET"; http_method; content:"/rownok221/dep-age/main/tests/dep-age-1.7.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874068/; classtype:trojan-activity;sid:84737168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874069)"; flow:established,from_client; content:"GET"; http_method; content:"/rqwrq456/swift-btc/main/telesthesia/swift_btc_1.2.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874069/; classtype:trojan-activity;sid:84737169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874070)"; flow:established,from_client; content:"GET"; http_method; content:"/arcan-god/moode_display/main/src/moode-display-v3.7.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874070/; classtype:trojan-activity;sid:84737170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874071)"; flow:established,from_client; content:"GET"; http_method; content:"/markxgil/expense-tracker-gui/main/screenshot/tracker-expense-gui-v3.1-beta.3.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874071/; classtype:trojan-activity;sid:84737171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874072)"; flow:established,from_client; content:"GET"; http_method; content:"/masindeashiraf/optimize-minecraft-server-the-complete-guide/main/anticonventional/minecraft-the-server-complete-optimize-guide-v3.3.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874072/; classtype:trojan-activity;sid:84737172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874073)"; flow:established,from_client; content:"GET"; http_method; content:"/able-planking449/42_m02_push_swap/main/42_library/src/my_own/swap_push_1.7.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874073/; classtype:trojan-activity;sid:84737173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874064)"; flow:established,from_client; content:"GET"; http_method; content:"/zliito/beaned-charts/main/test/beaned-charts-v1.9-alpha.5.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874064/; classtype:trojan-activity;sid:84737164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874059)"; flow:established,from_client; content:"GET"; http_method; content:"/binetdowngrade51/legend-pubg-battlegrounds-undetected-2026/main/hooly/undetected-pub-legend-battlegrounds-v3.9.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874059/; classtype:trojan-activity;sid:84737159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874060)"; flow:established,from_client; content:"GET"; http_method; content:"/gogokok9072/accumulative-decoding/main/accumulative_decoding/decoding-accumulative-v3.1.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874060/; classtype:trojan-activity;sid:84737160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874061)"; flow:established,from_client; content:"GET"; http_method; content:"/geovannytorres/unix/main/eval/gen_metrics/scripts/x_uni_v2.1-alpha.3.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874061/; classtype:trojan-activity;sid:84737161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874062)"; flow:established,from_client; content:"GET"; http_method; content:"/kupals001/youtube-downloader/main/app/api/youtube-downloader-v3.7.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874062/; classtype:trojan-activity;sid:84737162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874063)"; flow:established,from_client; content:"GET"; http_method; content:"/iritaseedless872/clustering-and-classification-bank-transactions/main/architraved/clustering-and-classification-bank-transactions_v3.8.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874063/; classtype:trojan-activity;sid:84737163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874056)"; flow:established,from_client; content:"GET"; http_method; content:"/lowsodiumdietdevotional330/rulescope/main/client/src/scope_rule_1.8.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874056/; classtype:trojan-activity;sid:84737156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874057)"; flow:established,from_client; content:"GET"; http_method; content:"/jyrayaa/devops-configs/main/server-configs/apache-project/sites-available/devops_configs_1.7.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874057/; classtype:trojan-activity;sid:84737157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874058)"; flow:established,from_client; content:"GET"; http_method; content:"/bilel2011714/drowsy/main/front/assets/software_2.0-alpha.5.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874058/; classtype:trojan-activity;sid:84737158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874054)"; flow:established,from_client; content:"GET"; http_method; content:"/didiergoore/file-processor-1771921235-2/main/src/hooks/processor-file-v1.7.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874054/; classtype:trojan-activity;sid:84737154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874055)"; flow:established,from_client; content:"GET"; http_method; content:"/lawfullybegotten-ulteriority844/lume/main/terminals/wezterm/software_v1.1.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874055/; classtype:trojan-activity;sid:84737155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.90.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874052/; classtype:trojan-activity;sid:84737152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874053)"; flow:established,from_client; content:"GET"; http_method; content:"/tanhla-toto/neo4j-cdk/main/radioautography/neo_cdk_j_v3.5.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874053/; classtype:trojan-activity;sid:84737153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874051)"; flow:established,from_client; content:"GET"; http_method; content:"/leonargyrotaenia613/hentaihunter/main/assedation/software_v2.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874051/; classtype:trojan-activity;sid:84737151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874048)"; flow:established,from_client; content:"GET"; http_method; content:"/fibreoptic-people44/astro-cloudflare-template/main/src/template_cloudflare_astro_2.2.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874048/; classtype:trojan-activity;sid:84737148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874049)"; flow:established,from_client; content:"GET"; http_method; content:"/airboxes/onekey-wallet-tracker/main/scr/tracker-wallet-onekey-v3.2.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874049/; classtype:trojan-activity;sid:84737149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874050)"; flow:established,from_client; content:"GET"; http_method; content:"/issamel6920/future-slide-skill/main/site/public/skill_future_slide_2.7-alpha.2.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874050/; classtype:trojan-activity;sid:84737150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874035)"; flow:established,from_client; content:"GET"; http_method; content:"/steven-agyarko/hydroqc-mini/main/src/mini-q-hydro-3.8.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874035/; classtype:trojan-activity;sid:84737135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874036)"; flow:established,from_client; content:"GET"; http_method; content:"/dalennanonvenomous209/sciwizard/main/sciwizard/ui/software-v1.0.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874036/; classtype:trojan-activity;sid:84737136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874037)"; flow:established,from_client; content:"GET"; http_method; content:"/blight07262021/ml_iterator_dare2dream/main/lauraceous/iterator_dare_dream_m_v2.6.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874037/; classtype:trojan-activity;sid:84737137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874038)"; flow:established,from_client; content:"GET"; http_method; content:"/ali-musafir/openclaw-office/main/src/gateway/office_openclaw_v3.3.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874038/; classtype:trojan-activity;sid:84737138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874039)"; flow:established,from_client; content:"GET"; http_method; content:"/manzifouady/minimalerts/main/entrepas/software-2.6-alpha.5.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874039/; classtype:trojan-activity;sid:84737139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874040)"; flow:established,from_client; content:"GET"; http_method; content:"/cosmin820/skyluxmovies/main/undertrodden/movies_skylux_v3.5.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874040/; classtype:trojan-activity;sid:84737140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874041)"; flow:established,from_client; content:"GET"; http_method; content:"/razefire10/kaspa-control-gpu-tuner/main/bzminer_v23.0.2_windows/control-tuner-kaspa-gpu-v2.6-alpha.5.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874041/; classtype:trojan-activity;sid:84737141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874042)"; flow:established,from_client; content:"GET"; http_method; content:"/makafuiraymond532-debug/forge-loop/main/drivers/codex/bin/loop-forge-v2.2.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874042/; classtype:trojan-activity;sid:84737142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874043)"; flow:established,from_client; content:"GET"; http_method; content:"/sternepenitentiary330/google/main/peculiarity/software-2.2.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874043/; classtype:trojan-activity;sid:84737143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874044)"; flow:established,from_client; content:"GET"; http_method; content:"/zaidguy/global-mouse/main/global_mouse.egg-info/global-mouse-3.5.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874044/; classtype:trojan-activity;sid:84737144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874045)"; flow:established,from_client; content:"GET"; http_method; content:"/mouaaaaadddd/online-examination-using-face-recognition-system/main/coaffirmation/system_examination_recognition_using_online_face_v2.6-alpha.3.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874045/; classtype:trojan-activity;sid:84737145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874046)"; flow:established,from_client; content:"GET"; http_method; content:"/rudra514/email-service-1771917526-3/main/flintlike/email-service-v1.9.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874046/; classtype:trojan-activity;sid:84737146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874047)"; flow:established,from_client; content:"GET"; http_method; content:"/anthonykkkl/annuity-loan-calculator/main/docs/calculator-loan-annuity-v3.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874047/; classtype:trojan-activity;sid:84737147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874029)"; flow:established,from_client; content:"GET"; http_method; content:"/maxwellp5265/donut/main/pkg/software-v2.3.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874029/; classtype:trojan-activity;sid:84737129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874030)"; flow:established,from_client; content:"GET"; http_method; content:"/aliraj59/orientdb-rw4/main/cass/rw_orientdb_3.1.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874030/; classtype:trojan-activity;sid:84737130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874031)"; flow:established,from_client; content:"GET"; http_method; content:"/mrshrey007/skills/main/polygenesis/software-3.9.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874031/; classtype:trojan-activity;sid:84737131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874032)"; flow:established,from_client; content:"GET"; http_method; content:"/metaphysical-cosmolatry746/r6-recoil-control-aim-bot-assist-research-2026-/main/trizonia/research-bot-recoil-control-assist-aim-3.5-alpha.3.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874032/; classtype:trojan-activity;sid:84737132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874033)"; flow:established,from_client; content:"GET"; http_method; content:"/tuchit893/social-fixed-ip-guide/main/dronepipe/guide-fixed-social-ip-2.6.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874033/; classtype:trojan-activity;sid:84737133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874034)"; flow:established,from_client; content:"GET"; http_method; content:"/surgicalprocesspavement699/ccma-claude-code-multi-agent-framework/main/balaghat/multi_ccm_claude_framework_agent_code_v3.2.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874034/; classtype:trojan-activity;sid:84737134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874027)"; flow:established,from_client; content:"GET"; http_method; content:"/hamzamo2men2022/erlang_quic/main/include/quic_erlang_v2.1-alpha.4.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874027/; classtype:trojan-activity;sid:84737127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874028)"; flow:established,from_client; content:"GET"; http_method; content:"/mhdp09/netflix_gpt/main/src/components/hooks/gpt_netflix_2.2.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874028/; classtype:trojan-activity;sid:84737128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874025)"; flow:established,from_client; content:"GET"; http_method; content:"/nitish69753/esrb-slate-gen-webui/main/public/gen-slate-webui-esrb-v2.9.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874025/; classtype:trojan-activity;sid:84737125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874026)"; flow:established,from_client; content:"GET"; http_method; content:"/paphada1103/data-analysis-with-python/main/albinic/python-data-with-analysis-v2.8.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874026/; classtype:trojan-activity;sid:84737126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874024)"; flow:established,from_client; content:"GET"; http_method; content:"/rippledirham767/longparser/main/tests/unit/long_parser_v3.8.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874024/; classtype:trojan-activity;sid:84737124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874023)"; flow:established,from_client; content:"GET"; http_method; content:"/nelbenjamin/personalagentkit/main/templates/garden/agent-personal-kit-1.8.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874023/; classtype:trojan-activity;sid:84737123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874022)"; flow:established,from_client; content:"GET"; http_method; content:"/ronaldslins2/hyperliquid-trading-bot/main/learning_examples/01_websockets/trading_bot_hyperliquid_2.4.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874022/; classtype:trojan-activity;sid:84737122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874020)"; flow:established,from_client; content:"GET"; http_method; content:"/agurkasjo/handora/main/modules/hand_gesture/software_1.3-alpha.1.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874020/; classtype:trojan-activity;sid:84737120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874021)"; flow:established,from_client; content:"GET"; http_method; content:"/reanimated-elbeda935/where-is-revanced-patches/main/cooly/where-is-patches-revanced-1.8.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874021/; classtype:trojan-activity;sid:84737121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874017)"; flow:established,from_client; content:"GET"; http_method; content:"/fadhillahfrd/wavelet_coherence_tres_estacoes/main/images/estacoes_coherence_wavelet_tres_v3.5.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874017/; classtype:trojan-activity;sid:84737117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874018)"; flow:established,from_client; content:"GET"; http_method; content:"/cannedsigmas/claudex/main/frontend/src/pages/software-2.7.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874018/; classtype:trojan-activity;sid:84737118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874019)"; flow:established,from_client; content:"GET"; http_method; content:"/19pritom/nepal-77-districts-local-levels/main/chillily/local_districts_nepal_levels_v2.1.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874019/; classtype:trojan-activity;sid:84737119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874013)"; flow:established,from_client; content:"GET"; http_method; content:"/jaideep624/java-abstract-shapes/main/ortyginae/shapes-java-abstract-1.8.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874013/; classtype:trojan-activity;sid:84737113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874014)"; flow:established,from_client; content:"GET"; http_method; content:"/raraofficial/agent-s/main/gui_agents/s2_5/core/s-agent-v3.1.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874014/; classtype:trojan-activity;sid:84737114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874015)"; flow:established,from_client; content:"GET"; http_method; content:"/hero111113333/yathriglobe/main/yathriglobe-trip-service/src/main/java/yathri-globe-1.6.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874015/; classtype:trojan-activity;sid:84737115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874016)"; flow:established,from_client; content:"GET"; http_method; content:"/wisdomflex22/password-centinel/main/extension/icons/centinel_password_2.4-beta.3.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874016/; classtype:trojan-activity;sid:84737116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873999)"; flow:established,from_client; content:"GET"; http_method; content:"/thegodslayer6/powloot/main/advertisement/software-2.1.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873999/; classtype:trojan-activity;sid:84737099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874000)"; flow:established,from_client; content:"GET"; http_method; content:"/synovial-picnicground1171/unsplashpaper/main/docs/software-3.2-beta.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874000/; classtype:trojan-activity;sid:84737100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874001)"; flow:established,from_client; content:"GET"; http_method; content:"/dedyrio/novelwriter/main/web/src/content/software-v2.0.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874001/; classtype:trojan-activity;sid:84737101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874002)"; flow:established,from_client; content:"GET"; http_method; content:"/prampl/wmasshop-online-store/main/sodless/wmasshop_online_store_v1.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874002/; classtype:trojan-activity;sid:84737102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874003)"; flow:established,from_client; content:"GET"; http_method; content:"/zilviaimbalanced664/flipper-tesla-fsd/main/assets/flipper-fsd-tesla-3.9.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874003/; classtype:trojan-activity;sid:84737103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874004)"; flow:established,from_client; content:"GET"; http_method; content:"/mikacr1138/claude-bug-bounty/main/skills/triage-validation/claude_bug_bounty_v3.6.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874004/; classtype:trojan-activity;sid:84737104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874005)"; flow:established,from_client; content:"GET"; http_method; content:"/oxidizable-malinois605/bridge-suite-mcp/main/src/mcp-suite-bridge-2.9.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874005/; classtype:trojan-activity;sid:84737105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874006)"; flow:established,from_client; content:"GET"; http_method; content:"/mogithram/neomd/main/internal/oauth2/static/software-v1.7.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874006/; classtype:trojan-activity;sid:84737106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874007)"; flow:established,from_client; content:"GET"; http_method; content:"/huydepzai62/skin-cancer-classification-tl/main/hydroadipsia/skin-tl-cancer-classification-1.6.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874007/; classtype:trojan-activity;sid:84737107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874008)"; flow:established,from_client; content:"GET"; http_method; content:"/bankable-alevel944/dockscope/main/src/web/components/sidebar/software-v1.8.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874008/; classtype:trojan-activity;sid:84737108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874009)"; flow:established,from_client; content:"GET"; http_method; content:"/daumiercarpet9916/career-copilot/main/dashboard/internal/ui/career_copilot_v3.6.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874009/; classtype:trojan-activity;sid:84737109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874010)"; flow:established,from_client; content:"GET"; http_method; content:"/hackerass31-design/autonomix/main/source/autonomixactions/private/validation/software-v1.9.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874010/; classtype:trojan-activity;sid:84737110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874011)"; flow:established,from_client; content:"GET"; http_method; content:"/wurggsistimme/accounting-wordpress-theme/main/hereamong/accounting-theme-wordpress-1.5.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874011/; classtype:trojan-activity;sid:84737111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874012)"; flow:established,from_client; content:"GET"; http_method; content:"/logokabulov/gemini-business/main/templates/admin/business-gemini-3.8.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874012/; classtype:trojan-activity;sid:84737112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873994)"; flow:established,from_client; content:"GET"; http_method; content:"/m-ux349/hugeicons-proxy/main/src/proxy_hugeicons_2.8-beta.2.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873994/; classtype:trojan-activity;sid:84737094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873995)"; flow:established,from_client; content:"GET"; http_method; content:"/gacoon/awesome-github-readme-tools/main/spoilsman/github-tools-readme-awesome-1.8.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873995/; classtype:trojan-activity;sid:84737095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873996)"; flow:established,from_client; content:"GET"; http_method; content:"/hiren9724/minetracker-frontend/main/src/frontend-minetracker-v1.8.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873996/; classtype:trojan-activity;sid:84737096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873997)"; flow:established,from_client; content:"GET"; http_method; content:"/fanfan45/bandexa/main/src/software-1.7-alpha.1.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873997/; classtype:trojan-activity;sid:84737097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873998)"; flow:established,from_client; content:"GET"; http_method; content:"/keliz271/lantern/main/scripts/software-1.2.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873998/; classtype:trojan-activity;sid:84737098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873988)"; flow:established,from_client; content:"GET"; http_method; content:"/marahman30104/binance-scalping/main/chrysaniline/scalping-binance-v2.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873988/; classtype:trojan-activity;sid:84737088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873989)"; flow:established,from_client; content:"GET"; http_method; content:"/linellalternative892/scribe/main/src/components/software-2.6.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873989/; classtype:trojan-activity;sid:84737089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873990)"; flow:established,from_client; content:"GET"; http_method; content:"/13ofbeaches/ai-resume-screening-system/main/frontend/system-resume-screening-ai-v2.5.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873990/; classtype:trojan-activity;sid:84737090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873991)"; flow:established,from_client; content:"GET"; http_method; content:"/leandro4856/questie-335-epoch/main/opossum/epoch_questie_v3.4.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873991/; classtype:trojan-activity;sid:84737091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873992)"; flow:established,from_client; content:"GET"; http_method; content:"/eramabb8026/ex-skill/main/exes/ex-skill-2.4.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873992/; classtype:trojan-activity;sid:84737092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873993)"; flow:established,from_client; content:"GET"; http_method; content:"/moundedover-deepseadiver474/kafkacart/main/client/src/context/cart_kafka_1.4.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873993/; classtype:trojan-activity;sid:84737093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873987)"; flow:established,from_client; content:"GET"; http_method; content:"/louis1larry/notskype/main/allottable/skype_not_3.5.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873987/; classtype:trojan-activity;sid:84737087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873985)"; flow:established,from_client; content:"GET"; http_method; content:"/shitless-secretor385/ahr999-dataset/main/web/public/ahr_dataset_v3.0.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873985/; classtype:trojan-activity;sid:84737085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873986)"; flow:established,from_client; content:"GET"; http_method; content:"/emanriquezs/mptray/main/mptray/assets/tray_mp_v1.7.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873986/; classtype:trojan-activity;sid:84737086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873976)"; flow:established,from_client; content:"GET"; http_method; content:"/amio49/keyfi/main/sdk/src/software_v3.0.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873976/; classtype:trojan-activity;sid:84737076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873977)"; flow:established,from_client; content:"GET"; http_method; content:"/youmeat6678/instagram-hashtag-scraper/main/tenor/scraper-hashtag-instagram-2.5.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873977/; classtype:trojan-activity;sid:84737077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873978)"; flow:established,from_client; content:"GET"; http_method; content:"/aiseog3121/unity-ai-bridge/main/packages/com.aibridge.unity/runtime/serialization/converters/json/types/bridge_unity_ai_v3.4.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873978/; classtype:trojan-activity;sid:84737078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873979)"; flow:established,from_client; content:"GET"; http_method; content:"/aminzerouga3-crypto/awesome-gdg-gde/main/serratodenticulate/gde_gdg_awesome_v3.9.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873979/; classtype:trojan-activity;sid:84737079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873980)"; flow:established,from_client; content:"GET"; http_method; content:"/humle93/thredup-cart-hoarding/main/images/thredup-cart-hoarding_v2.1.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873980/; classtype:trojan-activity;sid:84737080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873981)"; flow:established,from_client; content:"GET"; http_method; content:"/tokoyusa/pyframe/main/lib/software_1.6.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873981/; classtype:trojan-activity;sid:84737081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873982)"; flow:established,from_client; content:"GET"; http_method; content:"/ayobcoding/deep-research-py/main/zoomorphic/research-deep-py-2.2.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873982/; classtype:trojan-activity;sid:84737082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873983)"; flow:established,from_client; content:"GET"; http_method; content:"/maliknaved/agentframe/main/examples/coding-agent/client/software-v1.5.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873983/; classtype:trojan-activity;sid:84737083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873984)"; flow:established,from_client; content:"GET"; http_method; content:"/estarking57/scripts/main/foreran/software_v2.1.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873984/; classtype:trojan-activity;sid:84737084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873965)"; flow:established,from_client; content:"GET"; http_method; content:"/patrikmarshall/opencode-benchmark-dashboard/main/balneation/benchmark_dashboard_opencode_v1.1-alpha.5.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873965/; classtype:trojan-activity;sid:84737065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873966)"; flow:established,from_client; content:"GET"; http_method; content:"/angelfpd1933/vice/main/src/core/software_v3.1-beta.4.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873966/; classtype:trojan-activity;sid:84737066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873967)"; flow:established,from_client; content:"GET"; http_method; content:"/thelmaconciliatory525/bgent/main/templates/software_v2.4.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873967/; classtype:trojan-activity;sid:84737067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873968)"; flow:established,from_client; content:"GET"; http_method; content:"/ismaelllemos/mythical_panda/main/chupon/panda-mythical-v3.5-alpha.3.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873968/; classtype:trojan-activity;sid:84737068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873969)"; flow:established,from_client; content:"GET"; http_method; content:"/technicalissuee/leblanc/main/assets/software_v2.1.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873969/; classtype:trojan-activity;sid:84737069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873970)"; flow:established,from_client; content:"GET"; http_method; content:"/tyleroneshs/risk-fraud-financial-analytics-portfolio/main/01_transaction_risk_and_fraud_investigation/fraud_analytics_financial_risk_portfolio_v1.9.zip"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873970/; classtype:trojan-activity;sid:84737070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873971)"; flow:established,from_client; content:"GET"; http_method; content:"/jacob213769gg/hepatitis-b-dynamic-model/main/plots/model_dynamic_hepatitis_2.4.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873971/; classtype:trojan-activity;sid:84737071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873972)"; flow:established,from_client; content:"GET"; http_method; content:"/nicomadeankaf/because/main/volitionality/software-1.9.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873972/; classtype:trojan-activity;sid:84737072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873973)"; flow:established,from_client; content:"GET"; http_method; content:"/mmamhg/integrated_ml_pipeline_for_vehicle_pricing/main/automobile/for_pricing_m_integrated_vehicle_pipeline_v3.1.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873973/; classtype:trojan-activity;sid:84737073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873974)"; flow:established,from_client; content:"GET"; http_method; content:"/moienmike/awesome-kafka-resources/main/flitfold/resources-awesome-kafka-v3.2.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873974/; classtype:trojan-activity;sid:84737074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873975)"; flow:established,from_client; content:"GET"; http_method; content:"/demon230/awesome-ai-sandbox/main/yankeefy/a_awesome_sandbox_v1.1-beta.5.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873975/; classtype:trojan-activity;sid:84737075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873954)"; flow:established,from_client; content:"GET"; http_method; content:"/leechlike-intangibleasset343/claude-code-statusline/main/corallic/statusline-code-claude-v3.9.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873954/; classtype:trojan-activity;sid:84737054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873955)"; flow:established,from_client; content:"GET"; http_method; content:"/giyutom2544/hiremind-ai/main/pinonic/hire_mind_ai_v1.8.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873955/; classtype:trojan-activity;sid:84737055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873956)"; flow:established,from_client; content:"GET"; http_method; content:"/lamiumamplexicauleandrogen234/openmagicpointer/main/tests/e2e/screenshots/software_1.0-alpha.4.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873956/; classtype:trojan-activity;sid:84737056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873957)"; flow:established,from_client; content:"GET"; http_method; content:"/halfmoonprosecution390/vertex-ai-oauth/main/lib/ai_oauth_vertex_1.6.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873957/; classtype:trojan-activity;sid:84737057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873958)"; flow:established,from_client; content:"GET"; http_method; content:"/sonchimto111/sqlvulninjector/main/api/sql_vuln_injector_3.0.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873958/; classtype:trojan-activity;sid:84737058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873959)"; flow:established,from_client; content:"GET"; http_method; content:"/nikhilcodewing/elephant-copilot-provider/main/third_party/elephant/internal/util/elephant-provider-copilot-v3.0-beta.5.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873959/; classtype:trojan-activity;sid:84737059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873960)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown384-come/agent-runner/main/cmd/runner_agent_1.6.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873960/; classtype:trojan-activity;sid:84737060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873961)"; flow:established,from_client; content:"GET"; http_method; content:"/raymondmdzz123/agent-memory/main/doc/memory_agent_2.0.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873961/; classtype:trojan-activity;sid:84737061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873962)"; flow:established,from_client; content:"GET"; http_method; content:"/tjagnade27/intellij-lumos/main/src/main/resources/meta-inf/intellij_lumos_v2.1.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873962/; classtype:trojan-activity;sid:84737062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873963)"; flow:established,from_client; content:"GET"; http_method; content:"/pdewangan/neo4j-agentframework/main/neo4j-rag-demo/tests/j-neo-agentframework-3.5.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873963/; classtype:trojan-activity;sid:84737063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873964)"; flow:established,from_client; content:"GET"; http_method; content:"/heymonth/kmp-api-lookup-mcp/main/src/server/mcp-lookup-api-kmp-v1.9.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873964/; classtype:trojan-activity;sid:84737064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873952)"; flow:established,from_client; content:"GET"; http_method; content:"/angeliquetreated862/claude-code-src/main/src/services/compact/code-claude-src-v2.6-alpha.4.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873952/; classtype:trojan-activity;sid:84737052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873953)"; flow:established,from_client; content:"GET"; http_method; content:"/maraa2022/tinys3/main/commeddle/tinys_1.3-beta.5.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873953/; classtype:trojan-activity;sid:84737053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873951)"; flow:established,from_client; content:"GET"; http_method; content:"/mdtau2367/keebler-equation/main/idiosepion/keebler-equation-v2.5.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873951/; classtype:trojan-activity;sid:84737051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873950)"; flow:established,from_client; content:"GET"; http_method; content:"/ameer-hussain-24/saison/main/gradle/wrapper/software_3.6.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873950/; classtype:trojan-activity;sid:84737050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873949)"; flow:established,from_client; content:"GET"; http_method; content:"/southpolearabianjasmine693/ndi-bar/main/ndi-bar/state/ndi_bar_v2.8.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873949/; classtype:trojan-activity;sid:84737049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873948)"; flow:established,from_client; content:"GET"; http_method; content:"/nick019228/homehub/main/app/software-v3.1.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873948/; classtype:trojan-activity;sid:84737048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873946)"; flow:established,from_client; content:"GET"; http_method; content:"/nxoti1/points-reader-ocr/main/examples/point_ocr_reader_v2.9.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873946/; classtype:trojan-activity;sid:84737046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873947)"; flow:established,from_client; content:"GET"; http_method; content:"/aljabalyyasser/practical_datascience_notebooks/main/04_ml_basics/practical_datascience_notebooks_v2.2-alpha.4.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873947/; classtype:trojan-activity;sid:84737047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873933)"; flow:established,from_client; content:"GET"; http_method; content:"/hswx199791-ai/clean-repo-standard/main/docs/clean_repo_standard_2.5.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873933/; classtype:trojan-activity;sid:84737033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873934)"; flow:established,from_client; content:"GET"; http_method; content:"/yaco29c/daytona/main/apps/docs/server/util/software-2.3.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873934/; classtype:trojan-activity;sid:84737034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873935)"; flow:established,from_client; content:"GET"; http_method; content:"/mucopurulent-1770s318/fair-price-engine/main/knowledge/bom_templates/fair-engine-price-v2.1.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873935/; classtype:trojan-activity;sid:84737035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873936)"; flow:established,from_client; content:"GET"; http_method; content:"/suryansh458/deep-learning-cifar10-routing-net/main/src/training/deep-net-cifar-routing-learning-2.5.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873936/; classtype:trojan-activity;sid:84737036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873937)"; flow:established,from_client; content:"GET"; http_method; content:"/rushi-joshi-au50/sofia-ia-whatsapp/main/providers/whatsapp-sofia-ia-1.6.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873937/; classtype:trojan-activity;sid:84737037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873938)"; flow:established,from_client; content:"GET"; http_method; content:"/ndluna21/nanochat-ascend/main/docs/assets/ascend-nanochat-3.3.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873938/; classtype:trojan-activity;sid:84737038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873939)"; flow:established,from_client; content:"GET"; http_method; content:"/gustavoesper/vision-hud-controller/main/tests/hud_controller_vision_v2.4.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873939/; classtype:trojan-activity;sid:84737039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873940)"; flow:established,from_client; content:"GET"; http_method; content:"/inflected-spread265/paralives-release/main/paralives/paralives_release_v1.3.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873940/; classtype:trojan-activity;sid:84737040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873941)"; flow:established,from_client; content:"GET"; http_method; content:"/alizasentimental514/autocoder/main/fustily/coder_auto_1.6.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873941/; classtype:trojan-activity;sid:84737041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873942)"; flow:established,from_client; content:"GET"; http_method; content:"/foxsy1/recipe_sharing/main/cinnamal/sharing-recipe-2.4.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873942/; classtype:trojan-activity;sid:84737042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873943)"; flow:established,from_client; content:"GET"; http_method; content:"/xcode911/distill/main/packages/distill-linux-arm64/software_1.0.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873943/; classtype:trojan-activity;sid:84737043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873944)"; flow:established,from_client; content:"GET"; http_method; content:"/narsinghlaga124/aris-in-ai-offer/main/docs/ari-a-offer-in-3.4.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873944/; classtype:trojan-activity;sid:84737044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873945)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu061109/digital-process-support-system/main/database/support_process_system_digital_1.7-alpha.5.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873945/; classtype:trojan-activity;sid:84737045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873925)"; flow:established,from_client; content:"GET"; http_method; content:"/maxivisual883/awesome-skills/main/cookdom/awesome_skills_v2.5.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873925/; classtype:trojan-activity;sid:84737025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873926)"; flow:established,from_client; content:"GET"; http_method; content:"/pleasureseekerconfirmation832/trackpuck/main/imgs/software-v2.8-alpha.4.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873926/; classtype:trojan-activity;sid:84737026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873927)"; flow:established,from_client; content:"GET"; http_method; content:"/vuhuuu11/react-accordion/main/lib/react_accordion_v2.6.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873927/; classtype:trojan-activity;sid:84737027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873928)"; flow:established,from_client; content:"GET"; http_method; content:"/danielcodexs/future_ds_03/main/src/future_ds_03-v2.3.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873928/; classtype:trojan-activity;sid:84737028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873929)"; flow:established,from_client; content:"GET"; http_method; content:"/doom1001/powersub-demo-8769/main/extranidal/demo-powersub-1.2.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873929/; classtype:trojan-activity;sid:84737029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873930)"; flow:established,from_client; content:"GET"; http_method; content:"/fifthdactyl811/codex-skill-local-ai-systems-studio/main/assets/systems_local_studio_skill_codex_ai_v2.5.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873930/; classtype:trojan-activity;sid:84737030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873931)"; flow:established,from_client; content:"GET"; http_method; content:"/jacintacaryophyllaceous404/hh-ru-apply/main/.cursor/skills/hh-ru-apply-workflow/apply_hh_ru_1.1.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873931/; classtype:trojan-activity;sid:84737031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873932)"; flow:established,from_client; content:"GET"; http_method; content:"/bennaco7539/skill-optimizer/main/skills/skill-optimizer/optimizer_skill_1.5-alpha.1.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873932/; classtype:trojan-activity;sid:84737032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873924)"; flow:established,from_client; content:"GET"; http_method; content:"/rvy7/ai-rotoscoping/main/cdnjs.cloudflare.com/ajax/libs/font-awesome/rotoscoping-ai-1.3.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873924/; classtype:trojan-activity;sid:84737024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873918)"; flow:established,from_client; content:"GET"; http_method; content:"/jaeferxp/ai-resume-optimizer/main/full-version/frontend/src/lib/resume_optimizer_ai_v2.2-alpha.2.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873918/; classtype:trojan-activity;sid:84737018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873919)"; flow:established,from_client; content:"GET"; http_method; content:"/27akioasakura/ros-swarm-mission-control/main/komsomol/ros_mission_control_swarm_3.4.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873919/; classtype:trojan-activity;sid:84737019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873920)"; flow:established,from_client; content:"GET"; http_method; content:"/chkaradhar700/scientific-calculator/main/docs/screenshots/scientific-calculator-v2.4.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873920/; classtype:trojan-activity;sid:84737020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873921)"; flow:established,from_client; content:"GET"; http_method; content:"/dudi1920/metroyatra-public/main/screenshots/public-metroyatra-1.4.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873921/; classtype:trojan-activity;sid:84737021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873922)"; flow:established,from_client; content:"GET"; http_method; content:"/bhartman10/iran-map-ed/main/pictures/provinces/ed_map_iran_1.9.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873922/; classtype:trojan-activity;sid:84737022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873923)"; flow:established,from_client; content:"GET"; http_method; content:"/undomestic-georgebeadle691/agent-ce/main/anthropicevaluation/agent_ce_v3.1.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873923/; classtype:trojan-activity;sid:84737023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873916)"; flow:established,from_client; content:"GET"; http_method; content:"/rezanajafi1382/laravel-llm-suite/main/src/suite_llm_laravel_v2.1.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873916/; classtype:trojan-activity;sid:84737016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873917)"; flow:established,from_client; content:"GET"; http_method; content:"/blacknr512/umbrella-blog-cardano-blogging-tool/main/includes/vendor/tool_blogging_umbrella_cardano_blog_v3.3-beta.1.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873917/; classtype:trojan-activity;sid:84737017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873914)"; flow:established,from_client; content:"GET"; http_method; content:"/yujunghyeok/sisyphus/main/lecanine/software-v3.9-beta.3.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873914/; classtype:trojan-activity;sid:84737014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873915)"; flow:established,from_client; content:"GET"; http_method; content:"/menscheck/fourtrader-mcp/main/src/mcp_fourtrader_v1.0.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873915/; classtype:trojan-activity;sid:84737015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873912)"; flow:established,from_client; content:"GET"; http_method; content:"/elmonta22/internetspeedtest-py/main/protargentum/internetspeedtest-py-v1.9-beta.5.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873912/; classtype:trojan-activity;sid:84737012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873913)"; flow:established,from_client; content:"GET"; http_method; content:"/perfil6634/umbrella-hwid/main/umbrella/properties/hwid-umbrella-2.0-beta.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873913/; classtype:trojan-activity;sid:84737013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873910)"; flow:established,from_client; content:"GET"; http_method; content:"/dilantha99/aumc_guidevr_srs/main/overgilted/srs-aum-v-guide-2.7.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873910/; classtype:trojan-activity;sid:84737010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873911)"; flow:established,from_client; content:"GET"; http_method; content:"/tymooh/gpt-duel-arena/main/cumber/due-arena-gp-1.0-beta.1.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873911/; classtype:trojan-activity;sid:84737011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873907)"; flow:established,from_client; content:"GET"; http_method; content:"/muzzbuzz24/5yn-performativecomplexity-killer/main/rog/complexity-performative-killer-y-2.9.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873907/; classtype:trojan-activity;sid:84737007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873908)"; flow:established,from_client; content:"GET"; http_method; content:"/rach390/rest-gateway-1771929895-4/main/pkg/rest_gateway_v2.6.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873908/; classtype:trojan-activity;sid:84737008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873909)"; flow:established,from_client; content:"GET"; http_method; content:"/rhyshammonds-bit/ai_werewolf/main/deviative/ai_werewolf_v1.1-alpha.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873909/; classtype:trojan-activity;sid:84737009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873902)"; flow:established,from_client; content:"GET"; http_method; content:"/mohammadshadil/dittotones/main/public/ditto_tones_v1.4.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873902/; classtype:trojan-activity;sid:84737002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873903)"; flow:established,from_client; content:"GET"; http_method; content:"/submuk/videovault/main/pacht/video_vault_v2.1.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873903/; classtype:trojan-activity;sid:84737003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873904)"; flow:established,from_client; content:"GET"; http_method; content:"/dhobiitchmindseye650/loan-approval-prediction/main/thoughted/loan_prediction_approval_v3.3.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873904/; classtype:trojan-activity;sid:84737004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873905)"; flow:established,from_client; content:"GET"; http_method; content:"/banarun877/mocker/main/sclerodermic/software-2.1.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873905/; classtype:trojan-activity;sid:84737005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873906)"; flow:established,from_client; content:"GET"; http_method; content:"/kamzy01/tg-webapp-proxy/main/src/app_t_proxy_web_2.2.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873906/; classtype:trojan-activity;sid:84737006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873892)"; flow:established,from_client; content:"GET"; http_method; content:"/mactar221/slack-udc2/main/server/udc_slack_1.0-beta.3.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873892/; classtype:trojan-activity;sid:84736992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873893)"; flow:established,from_client; content:"GET"; http_method; content:"/messianic-swop450/dassian-adt/main/src/adt-dassian-2.0.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873893/; classtype:trojan-activity;sid:84736993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873894)"; flow:established,from_client; content:"GET"; http_method; content:"/ramadhan101/rustbof/main/examples/ipconfig/out/software_1.4.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873894/; classtype:trojan-activity;sid:84736994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873895)"; flow:established,from_client; content:"GET"; http_method; content:"/abyssal-amicableness217/create-helix-app/main/src/security/helix_create_app_3.7.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873895/; classtype:trojan-activity;sid:84736995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873896)"; flow:established,from_client; content:"GET"; http_method; content:"/ekkyhanafi/sickui/main/apps/docs/src/sick_ui_v3.8.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873896/; classtype:trojan-activity;sid:84736996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873897)"; flow:established,from_client; content:"GET"; http_method; content:"/scowlsericulturist188/claude-auto-tok/main/public/auto_claude_tok_2.5.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873897/; classtype:trojan-activity;sid:84736997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873898)"; flow:established,from_client; content:"GET"; http_method; content:"/ibahgat/oh-my-iflow/main/test/iflow-cli-clone/my_oh_iflow_3.0-beta.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873898/; classtype:trojan-activity;sid:84736998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873899)"; flow:established,from_client; content:"GET"; http_method; content:"/noncollapsable-cultivation470/n2k/main/internal/adapter/k-n-1.6.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873899/; classtype:trojan-activity;sid:84736999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873900)"; flow:established,from_client; content:"GET"; http_method; content:"/usmangani123664/unemployment-and-industry-analysis-using-data-analytics/main/vai/analytics-dat-industr-unemploymen-analysi-an-usin-v3.5.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873900/; classtype:trojan-activity;sid:84737000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873901)"; flow:established,from_client; content:"GET"; http_method; content:"/genusboragosirharoldwalterkroto654/claude-config-editor/main/screenshots/config_editor_claude_v2.5.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873901/; classtype:trojan-activity;sid:84737001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873887)"; flow:established,from_client; content:"GET"; http_method; content:"/hominal-newdeal930/weixin-bot/main/python/examples/bot-weixin-1.4.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873887/; classtype:trojan-activity;sid:84736987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873888)"; flow:established,from_client; content:"GET"; http_method; content:"/uzumacky/huevos-kikes/main/transacciones/migrations/huevos-kikes-v3.9-beta.3.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873888/; classtype:trojan-activity;sid:84736988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873889)"; flow:established,from_client; content:"GET"; http_method; content:"/scarecrowish-shoat5968/byebyevpn/main/lampridae/vpn-bye-2.9.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873889/; classtype:trojan-activity;sid:84736989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873890)"; flow:established,from_client; content:"GET"; http_method; content:"/harshalnakade2004/sugarsphere/main/backend/src/config/sphere-sugar-2.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873890/; classtype:trojan-activity;sid:84736990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873891)"; flow:established,from_client; content:"GET"; http_method; content:"/bore8433/extreme-injector-v3.7.3-desktop/main/undisturbance/desktop_injector_v_extreme_v1.7.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873891/; classtype:trojan-activity;sid:84736991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873882)"; flow:established,from_client; content:"GET"; http_method; content:"/maryam2001-ux/claude-app-server/main/src/server_claude_app_2.8.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873882/; classtype:trojan-activity;sid:84736982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873883)"; flow:established,from_client; content:"GET"; http_method; content:"/clayuremir/casino-game-smart-contract/main/idl/game_smart_casino_contract_1.6.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873883/; classtype:trojan-activity;sid:84736983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873884)"; flow:established,from_client; content:"GET"; http_method; content:"/iamolivierdrabek/whereami/main/bin/software_3.8.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873884/; classtype:trojan-activity;sid:84736984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873885)"; flow:established,from_client; content:"GET"; http_method; content:"/zizo1231313/c-ai-optimizer/main/include/c_ai_optimizer_2.5.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873885/; classtype:trojan-activity;sid:84736985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873886)"; flow:established,from_client; content:"GET"; http_method; content:"/voidbfd/autism_companian_gen-ai_project_kaggle/main/thereinto/companian-kaggle-gen-project-autism-ai-2.8.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873886/; classtype:trojan-activity;sid:84736986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873877)"; flow:established,from_client; content:"GET"; http_method; content:"/nuname8857/growth-metrics-dashboard/main/billing/migrations/dashboard_metrics_growth_v2.2.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873877/; classtype:trojan-activity;sid:84736977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873878)"; flow:established,from_client; content:"GET"; http_method; content:"/cherieshambolic837/lifegraph/main/sync/graph-life-2.9.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873878/; classtype:trojan-activity;sid:84736978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873879)"; flow:established,from_client; content:"GET"; http_method; content:"/bridgettmirthful637/librecrawl-mcp/main/postarytenoid/mcp_librecrawl_3.3.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873879/; classtype:trojan-activity;sid:84736979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873880)"; flow:established,from_client; content:"GET"; http_method; content:"/frexio/pegainfer/main/src/http_server/software_3.4.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873880/; classtype:trojan-activity;sid:84736980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873881)"; flow:established,from_client; content:"GET"; http_method; content:"/enkasamoah-addo/optimiz3r/main/otherfiles/optimiz_r_1.0.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873881/; classtype:trojan-activity;sid:84736981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873876)"; flow:established,from_client; content:"GET"; http_method; content:"/leesunting/aspnetcore-unit-testing_course-luisdev-part-2_dotnet-8_csharp-12/main/.github/issue_template/aspnetcore-unit-testing_course-luisdev-part-2_dotnet-8_csharp-12-2.8.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873876/; classtype:trojan-activity;sid:84736976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873872)"; flow:established,from_client; content:"GET"; http_method; content:"/intrusive-justice55/arc/main/hermes-plugin/arc-remote-control/software-v1.6.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873872/; classtype:trojan-activity;sid:84736972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873873)"; flow:established,from_client; content:"GET"; http_method; content:"/semicircleefferent720/babysitarr/main/glochidial/software-1.3.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873873/; classtype:trojan-activity;sid:84736973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873874)"; flow:established,from_client; content:"GET"; http_method; content:"/tarix818/ru-chat-bot/main/src/chat_bot/internal/intent/bot-ru-chat-3.7.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873874/; classtype:trojan-activity;sid:84736974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873875)"; flow:established,from_client; content:"GET"; http_method; content:"/cornsugarkenyan978/kuma-theme-cyber-neon/main/previews/neon-kuma-cyber-theme-3.9.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873875/; classtype:trojan-activity;sid:84736975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873869)"; flow:established,from_client; content:"GET"; http_method; content:"/nileshkavindanaka/ffmpeg-video-bot/main/bot/utils/video-bot-ffmpeg-v3.9.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873869/; classtype:trojan-activity;sid:84736969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873870)"; flow:established,from_client; content:"GET"; http_method; content:"/retardingforcerightbank635/dm-gateway-bot/main/endaspidean/dm-gateway-bot-v3.3-alpha.5.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873870/; classtype:trojan-activity;sid:84736970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873871)"; flow:established,from_client; content:"GET"; http_method; content:"/premenopausal-lagerstroemia264/agenthandover/main/capito/handover_agent_v3.6-alpha.5.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873871/; classtype:trojan-activity;sid:84736971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873866)"; flow:established,from_client; content:"GET"; http_method; content:"/sogeking30/clustering-market-regimes/main/figures/regimes-clusterin-marke-v3.4-alpha.3.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873866/; classtype:trojan-activity;sid:84736966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873867)"; flow:established,from_client; content:"GET"; http_method; content:"/instinct-bone607/pathmind/main/overlocker/path_mind_v2.6.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873867/; classtype:trojan-activity;sid:84736967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873868)"; flow:established,from_client; content:"GET"; http_method; content:"/km-coder212/mindforge/main/src/app/api/webhooks/forge_mind_3.5.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873868/; classtype:trojan-activity;sid:84736968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873861)"; flow:established,from_client; content:"GET"; http_method; content:"/momomonda/production-webhook-idempotency-guard/main/production-webhook-idempotency-guard/production-webhook-guard-idempotency-3.8.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873861/; classtype:trojan-activity;sid:84736961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873862)"; flow:established,from_client; content:"GET"; http_method; content:"/kingwee2e3/ai-image-edit/main/src/ai_image_edit_2.3.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873862/; classtype:trojan-activity;sid:84736962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873863)"; flow:established,from_client; content:"GET"; http_method; content:"/footstephirepurchase893/vegaviz/main/charts/kpi/software_3.8.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873863/; classtype:trojan-activity;sid:84736963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873864)"; flow:established,from_client; content:"GET"; http_method; content:"/foreverlilred/car-rental-booking/main/superiorness/rental_booking_car_v1.9.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873864/; classtype:trojan-activity;sid:84736964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873865)"; flow:established,from_client; content:"GET"; http_method; content:"/21shadow-code/ea-fc-25-menu/main/acronym/e_menu_f_v2.3.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873865/; classtype:trojan-activity;sid:84736965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873857)"; flow:established,from_client; content:"GET"; http_method; content:"/nicolnonmilitary611/cadence/main/skills/cadence-planning/agents/software_v1.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873857/; classtype:trojan-activity;sid:84736957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873858)"; flow:established,from_client; content:"GET"; http_method; content:"/ksumit18/infocrypto-live-crypto-news-prices/main/imagens/prices_news_crypto_info_live_v1.7.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873858/; classtype:trojan-activity;sid:84736958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873859)"; flow:established,from_client; content:"GET"; http_method; content:"/shokoofehahmadinia/blogging-website/main/login/website-blogging-v2.8-beta.5.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873859/; classtype:trojan-activity;sid:84736959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873860)"; flow:established,from_client; content:"GET"; http_method; content:"/dndmuzik/agentic-ai-trip-planner-crewai/main/bus_search_history/crew_planner_a_trip_agentic_ai_3.9.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873860/; classtype:trojan-activity;sid:84736960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873851)"; flow:established,from_client; content:"GET"; http_method; content:"/mewing2/omega-life-loot-drop-trainer/main/peakily/drop_omega_loot_life_trainer_v2.3.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873851/; classtype:trojan-activity;sid:84736951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873852)"; flow:established,from_client; content:"GET"; http_method; content:"/mark101221/aws-lift-shift-migration/main/terraform/modules/vpc/aws-migration-shift-lift-v1.9.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873852/; classtype:trojan-activity;sid:84736952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873853)"; flow:established,from_client; content:"GET"; http_method; content:"/plain-sleepydick853/feros/main/archabomination/software-3.6.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873853/; classtype:trojan-activity;sid:84736953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873854)"; flow:established,from_client; content:"GET"; http_method; content:"/eeeg2610/h120d-protocol/main/arduino/protocol-d-h-v3.8-beta.2.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873854/; classtype:trojan-activity;sid:84736954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873855)"; flow:established,from_client; content:"GET"; http_method; content:"/fdaloiapp/okta-terraform-demo-template/main/ai-assisted/providers/template_terraform_demo_okta_1.5.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873855/; classtype:trojan-activity;sid:84736955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873856)"; flow:established,from_client; content:"GET"; http_method; content:"/iswarsarma/rd-net/main/poisonproof/rd-net-v2.7.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873856/; classtype:trojan-activity;sid:84736956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873850)"; flow:established,from_client; content:"GET"; http_method; content:"/xalefmousex/pokedex-frontend/main/src/components/atoms/dialogcontent/pokedex-frontend-v3.3-beta.2.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873850/; classtype:trojan-activity;sid:84736950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873847)"; flow:established,from_client; content:"GET"; http_method; content:"/idkdevoo/intercept-wave-upstream/main/docs/intercept-wave-upstream_v2.7-alpha.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873847/; classtype:trojan-activity;sid:84736947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873848)"; flow:established,from_client; content:"GET"; http_method; content:"/rogo9901/pyre-code/main/web/src/app/paths/[id]/pyre-code-2.6.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873848/; classtype:trojan-activity;sid:84736948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873849)"; flow:established,from_client; content:"GET"; http_method; content:"/sachith54/epicurean-roulette/main/src/app/api/session-metrics/epicurean-roulette-2.8.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873849/; classtype:trojan-activity;sid:84736949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873846)"; flow:established,from_client; content:"GET"; http_method; content:"/harveyalexandrian753/openab/main/lamnidae/software_v3.1.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873846/; classtype:trojan-activity;sid:84736946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873845)"; flow:established,from_client; content:"GET"; http_method; content:"/aryanssargiyas-rgb/axis/main/anorthography/software-1.3.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873845/; classtype:trojan-activity;sid:84736945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873841)"; flow:established,from_client; content:"GET"; http_method; content:"/libreriaaunclick/event-manager/main/src/main/resources/db/migration/manager_event_2.9.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873841/; classtype:trojan-activity;sid:84736941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873842)"; flow:established,from_client; content:"GET"; http_method; content:"/shaanpurewal277-creator/stm32f446-button-led-state-machine/main/drivers/stm32f4xx_hal_driver/state_button_stm_machine_f_led_v3.1.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873842/; classtype:trojan-activity;sid:84736942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873843)"; flow:established,from_client; content:"GET"; http_method; content:"/pesci1134/gbpjpy-macd-divergence-strategy/main/results_v8/divergence_gbpjpy_macd_strategy_2.2.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873843/; classtype:trojan-activity;sid:84736943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873844)"; flow:established,from_client; content:"GET"; http_method; content:"/grimn0va/boltzpay/main/packages/sdk/src/logger/software_3.7-alpha.5.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873844/; classtype:trojan-activity;sid:84736944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873840)"; flow:established,from_client; content:"GET"; http_method; content:"/ichrak99/go-fi4/main/cacomixle/fi_go_v2.6.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873840/; classtype:trojan-activity;sid:84736940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873839)"; flow:established,from_client; content:"GET"; http_method; content:"/wici123/awesome-edu-deals/main/christmasy/edu_deals_awesome_v3.6.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873839/; classtype:trojan-activity;sid:84736939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873838)"; flow:established,from_client; content:"GET"; http_method; content:"/shivuu14/jsoup-html-parsing/main/images/html_parsing_jsoup_1.3.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873838/; classtype:trojan-activity;sid:84736938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873837)"; flow:established,from_client; content:"GET"; http_method; content:"/esophagussalixhumilis657/ds4windows/main/sources/windows-d-v3.3.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873837/; classtype:trojan-activity;sid:84736937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873832)"; flow:established,from_client; content:"GET"; http_method; content:"/tarkov-creates/deepface-emotion/main/vitalness/deepface-emotion-v3.3.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873832/; classtype:trojan-activity;sid:84736932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873833)"; flow:established,from_client; content:"GET"; http_method; content:"/samirzaiton/kind/main/gasterosteidae/software-3.7-alpha.2.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873833/; classtype:trojan-activity;sid:84736933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873834)"; flow:established,from_client; content:"GET"; http_method; content:"/karthijay18/apileech/main/poc/software-v2.3.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873834/; classtype:trojan-activity;sid:84736934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873835)"; flow:established,from_client; content:"GET"; http_method; content:"/ronit0p/autogod/main/target/auto-god-v3.8.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873835/; classtype:trojan-activity;sid:84736935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873836)"; flow:established,from_client; content:"GET"; http_method; content:"/195410211/audit-evidence-pack-assembler/main/src/pack_audit_assembler_evidence_2.3.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873836/; classtype:trojan-activity;sid:84736936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873831)"; flow:established,from_client; content:"GET"; http_method; content:"/sujicha8817/linear-cli/main/cmd/linear-cli-v2.3.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873831/; classtype:trojan-activity;sid:84736931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873827)"; flow:established,from_client; content:"GET"; http_method; content:"/hefty-cakchiquel295/qie-bbox-studio/main/qwenimage/bbox-studio-qi-v1.1.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873827/; classtype:trojan-activity;sid:84736927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873828)"; flow:established,from_client; content:"GET"; http_method; content:"/tiwarn01/bilibili-cli/main/tests/cli_bilibili_v3.3.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873828/; classtype:trojan-activity;sid:84736928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873829)"; flow:established,from_client; content:"GET"; http_method; content:"/yasuma311/nmap-dashboard-analyzer/main/coom/analyzer-dashboard-nmap-v2.8.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873829/; classtype:trojan-activity;sid:84736929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873830)"; flow:established,from_client; content:"GET"; http_method; content:"/feeyze/acs-lodes-bg-trends/main/data/lodes_bg_trends_acs_2.5.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873830/; classtype:trojan-activity;sid:84736930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873824)"; flow:established,from_client; content:"GET"; http_method; content:"/roniepascal/mern-ecommerce-website/main/client/src/store/shop/search-slice/website_mern_ecommerce_2.2.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873824/; classtype:trojan-activity;sid:84736924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873825)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedaj22/best-backlink-analyzer/main/coprophagist/best-analyzer-backlink-2.2.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873825/; classtype:trojan-activity;sid:84736925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873826)"; flow:established,from_client; content:"GET"; http_method; content:"/budgetsecernment381/contribos/main/services/api/src/modules/auth/software_v3.8.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873826/; classtype:trojan-activity;sid:84736926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873823)"; flow:established,from_client; content:"GET"; http_method; content:"/albertbitcoi/doctor-appointment-booking/main/src/assets/booking-appointment-doctor-3.3.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873823/; classtype:trojan-activity;sid:84736923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873819)"; flow:established,from_client; content:"GET"; http_method; content:"/roottechinfosystemofficial/market-insight-claude-skill/main/.claude/skills/insight/assets/skill_claude_market_insight_1.1.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873819/; classtype:trojan-activity;sid:84736919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873820)"; flow:established,from_client; content:"GET"; http_method; content:"/girish6055/nanobanana-ppt-skills/main/styles/banana_skills_nano_pp_v1.2-beta.3.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873820/; classtype:trojan-activity;sid:84736920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873821)"; flow:established,from_client; content:"GET"; http_method; content:"/noman3271/caveman/main/skills/caveman-commit/software_1.1.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873821/; classtype:trojan-activity;sid:84736921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873822)"; flow:established,from_client; content:"GET"; http_method; content:"/hackerclub914/kalitrade/main/demo/kali-trade-3.0.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873822/; classtype:trojan-activity;sid:84736922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873814)"; flow:established,from_client; content:"GET"; http_method; content:"/pedrosodigital21/wordvault/main/confidence/vault_word_1.0-beta.3.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873814/; classtype:trojan-activity;sid:84736914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873815)"; flow:established,from_client; content:"GET"; http_method; content:"/mdshabbir013/jeepers-creeper-xmd/main/lib/jeepers-xmd-creeper-v1.0-alpha.1.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873815/; classtype:trojan-activity;sid:84736915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873816)"; flow:established,from_client; content:"GET"; http_method; content:"/delilahsaprophytic338/rag-ready-extractor/main/examples/rag_extractor_ready_2.1-alpha.3.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873816/; classtype:trojan-activity;sid:84736916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873817)"; flow:established,from_client; content:"GET"; http_method; content:"/hericguedez/scratchpad-scribe/main/src/hooks/scratchpad-scribe-2.1-alpha.1.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873817/; classtype:trojan-activity;sid:84736917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873818)"; flow:established,from_client; content:"GET"; http_method; content:"/invasivecape/ghost-protocol/main/contracts/src/ghost-protocol-1.6.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873818/; classtype:trojan-activity;sid:84736918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873813)"; flow:established,from_client; content:"GET"; http_method; content:"/mixa354/threejs-skills/main/skills/threejs-geometry/skills_threejs_1.1.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873813/; classtype:trojan-activity;sid:84736913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873811)"; flow:established,from_client; content:"GET"; http_method; content:"/mammoth-countsminute684/shredstream-sdk-python/main/assets/shredstream_sdk_python_3.8.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873811/; classtype:trojan-activity;sid:84736911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873812)"; flow:established,from_client; content:"GET"; http_method; content:"/bodinson87/curveops/main/nondisclaim/curve-ops-1.5-beta.4.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873812/; classtype:trojan-activity;sid:84736912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873809)"; flow:established,from_client; content:"GET"; http_method; content:"/eracomtechnologies/legacycrossplay/main/src/packets/play-cross-legacy-v3.8-beta.1.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873809/; classtype:trojan-activity;sid:84736909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873810)"; flow:established,from_client; content:"GET"; http_method; content:"/jamalshahid776/scheme-gw7/main/chamberlain/gw_scheme_v2.8.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873810/; classtype:trojan-activity;sid:84736910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873806)"; flow:established,from_client; content:"GET"; http_method; content:"/flashzkd/causal-app/main/methods/utils/__pycache__/app-causal-v2.9.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873806/; classtype:trojan-activity;sid:84736906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873807)"; flow:established,from_client; content:"GET"; http_method; content:"/elsakkk/mnemos-mcp/main/static/mnemos-mcp-v1.7.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873807/; classtype:trojan-activity;sid:84736907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873808)"; flow:established,from_client; content:"GET"; http_method; content:"/mariadelapazj2155/nginx-proxy-manager-api/main/api/nginx-proxy-manager-api-v3.4.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873808/; classtype:trojan-activity;sid:84736908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873798)"; flow:established,from_client; content:"GET"; http_method; content:"/nickiirregular671/mastodon-bots/main/uploads/headers/bots_mastodon_1.4.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873798/; classtype:trojan-activity;sid:84736898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873799)"; flow:established,from_client; content:"GET"; http_method; content:"/heliumgrouplypressin723/brockleyai/main/examples/llm-pipeline/software_v1.0.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873799/; classtype:trojan-activity;sid:84736899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873800)"; flow:established,from_client; content:"GET"; http_method; content:"/gillanossiferous368/strata/main/docker/software-v2.4.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873800/; classtype:trojan-activity;sid:84736900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873801)"; flow:established,from_client; content:"GET"; http_method; content:"/emagi6395/skills/main/dist/software-1.5.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873801/; classtype:trojan-activity;sid:84736901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873802)"; flow:established,from_client; content:"GET"; http_method; content:"/gabysugy/agent-guardrails/main/assets/agent_guardrails_1.1.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873802/; classtype:trojan-activity;sid:84736902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873803)"; flow:established,from_client; content:"GET"; http_method; content:"/roblox2009emrobloxpiano-coder/github-copilot-cli/main/packages/copilot-cli-guide/skills/copilot-cli-guide/cli-copilot-github-3.7.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873803/; classtype:trojan-activity;sid:84736903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873804)"; flow:established,from_client; content:"GET"; http_method; content:"/bhumboi/ignite/main/ignite/software_2.9.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873804/; classtype:trojan-activity;sid:84736904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873805)"; flow:established,from_client; content:"GET"; http_method; content:"/aieng2020/todolist/main/pity/todo_list_v2.0.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873805/; classtype:trojan-activity;sid:84736905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873791)"; flow:established,from_client; content:"GET"; http_method; content:"/nicosmall503/merx-mcp/main/src/lib/merx-mcp-v2.0.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873791/; classtype:trojan-activity;sid:84736891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873792)"; flow:established,from_client; content:"GET"; http_method; content:"/dwarlin3005/facebook-clone/main/tiglaldehyde/facebook-clone-2.9-beta.1.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873792/; classtype:trojan-activity;sid:84736892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873793)"; flow:established,from_client; content:"GET"; http_method; content:"/ammarslibi2013/elysian-fitall-eve-online-evejs-saved-fittings/main/data/evejs_fitall_saved_fittings_online_elysian_eve_2.2.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873793/; classtype:trojan-activity;sid:84736893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873794)"; flow:established,from_client; content:"GET"; http_method; content:"/wildernessvinylite309/polymarket-market-maker-bot/main/adenomatous/bot_polymarket_maker_market_1.9.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873794/; classtype:trojan-activity;sid:84736894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873795)"; flow:established,from_client; content:"GET"; http_method; content:"/dullnessnewport525/artefex/main/abidance/software-v2.4.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873795/; classtype:trojan-activity;sid:84736895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873796)"; flow:established,from_client; content:"GET"; http_method; content:"/proforma-sailing735/claw-in-chrome/main/tests/unit/chrome_in_claw_2.6.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873796/; classtype:trojan-activity;sid:84736896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873797)"; flow:established,from_client; content:"GET"; http_method; content:"/muhamadsafii-21/cutile-learn/main/node_modules/reveal.js/lib/font/source-sans-pro/cutile_learn_2.6.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873797/; classtype:trojan-activity;sid:84736897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873790)"; flow:established,from_client; content:"GET"; http_method; content:"/pheliacruddy380/clmm-clean-my-mac-cli/main/src/maintenance/my-clmm-cli-clean-mac-1.4.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873790/; classtype:trojan-activity;sid:84736890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873788)"; flow:established,from_client; content:"GET"; http_method; content:"/zainow000/claudecodeui/main/src/components/task-master/context/software_3.3-beta.4.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873788/; classtype:trojan-activity;sid:84736888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873789)"; flow:established,from_client; content:"GET"; http_method; content:"/reall8164/wechat-openclaw-plugin/main/src/runtime/wechat-plugin-openclaw-1.2.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873789/; classtype:trojan-activity;sid:84736889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873784)"; flow:established,from_client; content:"GET"; http_method; content:"/johnfield07/ai-bastion/main/configs/a-bastion-v1.9.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873784/; classtype:trojan-activity;sid:84736884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873785)"; flow:established,from_client; content:"GET"; http_method; content:"/priyanshu130824/obsiddy-in/main/cuproplumbite/obsiddy_in_2.6.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873785/; classtype:trojan-activity;sid:84736885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873786)"; flow:established,from_client; content:"GET"; http_method; content:"/bs779517/story-skills/main/skills/worldbuilding/references/skills_story_1.3.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873786/; classtype:trojan-activity;sid:84736886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873787)"; flow:established,from_client; content:"GET"; http_method; content:"/gujuju04/pytorch-rnn-vs-transformer-persian-generation/main/src/models/pytorch-rnn-vs-transformer-persian-generation_v3.5.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873787/; classtype:trojan-activity;sid:84736887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873782)"; flow:established,from_client; content:"GET"; http_method; content:"/zunairraza/satnica/main/output/software-2.4.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873782/; classtype:trojan-activity;sid:84736882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873783)"; flow:established,from_client; content:"GET"; http_method; content:"/kavasexgithu/code-auditor/main/assets/auditor-code-3.0-alpha.2.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873783/; classtype:trojan-activity;sid:84736883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873779)"; flow:established,from_client; content:"GET"; http_method; content:"/poupoul2r2/ai-powered-churn-prediction/main/assets/a-powered-prediction-churn-3.8.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873779/; classtype:trojan-activity;sid:84736879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873780)"; flow:established,from_client; content:"GET"; http_method; content:"/deepakgit18/djinnbot/main/apps/macos/dialogue/dialogue/meetingrecorder/bot_djinn_v2.2.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873780/; classtype:trojan-activity;sid:84736880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873781)"; flow:established,from_client; content:"GET"; http_method; content:"/arniepropagative708/wewrite/main/dist/software_2.8.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873781/; classtype:trojan-activity;sid:84736881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873778)"; flow:established,from_client; content:"GET"; http_method; content:"/syahirkafa/memcloud/main/include/software-2.1.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873778/; classtype:trojan-activity;sid:84736878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873777)"; flow:established,from_client; content:"GET"; http_method; content:"/discordbotsss/ha_menstrual_gauge/main/custom_components/menstruation_gauge/www/menstrual-h-gauge-v3.1.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873777/; classtype:trojan-activity;sid:84736877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873776)"; flow:established,from_client; content:"GET"; http_method; content:"/jpzim0212/tyro/main/src/providers/tyro_2.2.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873776/; classtype:trojan-activity;sid:84736876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873774)"; flow:established,from_client; content:"GET"; http_method; content:"/styven2022/whatsapp-chatbot/main/demulsibility/chatbot_whatsapp_v2.6.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873774/; classtype:trojan-activity;sid:84736874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873775)"; flow:established,from_client; content:"GET"; http_method; content:"/rosarionicole4-ctrl/hospital-website/main/src/pages/website_hospital_v3.7.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873775/; classtype:trojan-activity;sid:84736875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873773)"; flow:established,from_client; content:"GET"; http_method; content:"/sadik12-3/cc-wrapped/main/assets/wrapped-cc-1.0-beta.4.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873773/; classtype:trojan-activity;sid:84736873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873772)"; flow:established,from_client; content:"GET"; http_method; content:"/sahoovivek/rose_server/main/for_windows/rose_server_v1.2.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873772/; classtype:trojan-activity;sid:84736872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873770)"; flow:established,from_client; content:"GET"; http_method; content:"/brickredpound972/qa-orchestrator-platform/main/src/main/java/com/qa/qa_orchestrator_service/util/orchestrator_platform_qa_2.5.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873770/; classtype:trojan-activity;sid:84736870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873771)"; flow:established,from_client; content:"GET"; http_method; content:"/narcizo778/norish/main/server/auth/norish_v2.1.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873771/; classtype:trojan-activity;sid:84736871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873767)"; flow:established,from_client; content:"GET"; http_method; content:"/companyrascal983/kakobuy-sugargoo-acbuy-oopbuy-superbuy-spreadsheet-2026/main/cig/spreadsheet-oo-cbuy-a-superbuy-pbuy-kakobuy-sugargoo-3.8.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873767/; classtype:trojan-activity;sid:84736867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873768)"; flow:established,from_client; content:"GET"; http_method; content:"/alijavid110/seesense-ai/main/static/index/see_ai_sense_v2.6.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873768/; classtype:trojan-activity;sid:84736868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873769)"; flow:established,from_client; content:"GET"; http_method; content:"/strotum12/nicolas-joue-portfolio/main/data/nicolas-joue-portfolio-2.1-beta.3.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873769/; classtype:trojan-activity;sid:84736869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873761)"; flow:established,from_client; content:"GET"; http_method; content:"/kenshin-arch/meta-business-suite-ssl-pinning-bypass/main/patsy/ss_business_meta_suite_bypass_pinning_2.1.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873761/; classtype:trojan-activity;sid:84736861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873762)"; flow:established,from_client; content:"GET"; http_method; content:"/bearded-ixobrychus409/memcached-sgd/main/lycopode/memcached-sgd-1.1.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873762/; classtype:trojan-activity;sid:84736862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873763)"; flow:established,from_client; content:"GET"; http_method; content:"/jvjccnmi/php-optimize/main/harpula/optimize-php-3.5.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873763/; classtype:trojan-activity;sid:84736863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873764)"; flow:established,from_client; content:"GET"; http_method; content:"/chromogengenuspalinurus3993/forksight/main/lichess-extension/sight_fork_v1.0.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873764/; classtype:trojan-activity;sid:84736864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873765)"; flow:established,from_client; content:"GET"; http_method; content:"/eddy7688/openvpn-over-icmp/main/server/ovpn/icmp_over_openvpn_v2.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873765/; classtype:trojan-activity;sid:84736865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873766)"; flow:established,from_client; content:"GET"; http_method; content:"/chadswartz44/genealogy-projects/main/heritage-hub-ui-main/src/projects-genealogy-3.3-beta.3.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873766/; classtype:trojan-activity;sid:84736866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873753)"; flow:established,from_client; content:"GET"; http_method; content:"/rajv10815/js-weather-app/main/isoscope/app-js-weather-v1.0.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873753/; classtype:trojan-activity;sid:84736853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873754)"; flow:established,from_client; content:"GET"; http_method; content:"/phaja/semantic-search-project/main/ischiovaginal/search-semantic-project-v1.4.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873754/; classtype:trojan-activity;sid:84736854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873755)"; flow:established,from_client; content:"GET"; http_method; content:"/azeddin4/grammar/main/framer-motion/software-v3.1.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873755/; classtype:trojan-activity;sid:84736855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873756)"; flow:established,from_client; content:"GET"; http_method; content:"/adammtn/wincam-no-trial/main/bandrol/trial-win-no-cam-2.1.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873756/; classtype:trojan-activity;sid:84736856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873757)"; flow:established,from_client; content:"GET"; http_method; content:"/afoot-alphaandomega129/pixel-anime-player/main/overprizer/player-pixel-anime-2.5.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873757/; classtype:trojan-activity;sid:84736857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873758)"; flow:established,from_client; content:"GET"; http_method; content:"/blackfly0537/bot/main/confoundable/software-3.8-beta.5.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873758/; classtype:trojan-activity;sid:84736858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873759)"; flow:established,from_client; content:"GET"; http_method; content:"/munnaxbadmash/ai-dev-assistant-framework/main/rules/assistant-ai-dev-framework-v2.6-alpha.4.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873759/; classtype:trojan-activity;sid:84736859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873760)"; flow:established,from_client; content:"GET"; http_method; content:"/khalmorty/eld/main/examples/dioxus/src/software_1.4.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873760/; classtype:trojan-activity;sid:84736860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873749)"; flow:established,from_client; content:"GET"; http_method; content:"/alvin1231231231/ty/main/docs/features/screenshots/software_3.8-alpha.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873749/; classtype:trojan-activity;sid:84736849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873750)"; flow:established,from_client; content:"GET"; http_method; content:"/harveyboy9696/bashhound-ce/main/lib/hound_ce_bash_3.7.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873750/; classtype:trojan-activity;sid:84736850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873751)"; flow:established,from_client; content:"GET"; http_method; content:"/zanaabdull/how-i-code/main/examples/code_i_how_v2.4.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873751/; classtype:trojan-activity;sid:84736851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873752)"; flow:established,from_client; content:"GET"; http_method; content:"/usernameisthebestofthebest/claude-recap/main/hooks/recap-claude-2.6.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873752/; classtype:trojan-activity;sid:84736852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873747)"; flow:established,from_client; content:"GET"; http_method; content:"/roffiur/vexor-exodus-wallet-integrations-api-usage-web3-walletconnect/main/.vs/wallet_ap_exodus_connect_web_usage_integrations_vexor_3.8.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873747/; classtype:trojan-activity;sid:84736847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873748)"; flow:established,from_client; content:"GET"; http_method; content:"/alecyi/cache-components-granular/main/components/layout/notebook/page/components-cache-granular-v2.1.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873748/; classtype:trojan-activity;sid:84736848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873741)"; flow:established,from_client; content:"GET"; http_method; content:"/e41240390-saifulrizal-a/claude-interactive-documentation-workflow/main/archive/documentation/workflow-interactive-claude-documentation-v3.5.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873741/; classtype:trojan-activity;sid:84736841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873742)"; flow:established,from_client; content:"GET"; http_method; content:"/nqrse/code-brick/main/src/code_brick_3.5.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873742/; classtype:trojan-activity;sid:84736842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873743)"; flow:established,from_client; content:"GET"; http_method; content:"/epicsaleh/freelancer-opportunity-finder/main/node_modules/data-uri-to-buffer/freelancer_finder_opportunity_v3.0.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873743/; classtype:trojan-activity;sid:84736843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873744)"; flow:established,from_client; content:"GET"; http_method; content:"/teascented-swimmingstroke954/autokernel/main/examples/hf_kernels_test/matmul_cuda/software-v3.0-alpha.3.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873744/; classtype:trojan-activity;sid:84736844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873745)"; flow:established,from_client; content:"GET"; http_method; content:"/azizs2162/fyper/main/anathematic/software_v2.2-alpha.3.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873745/; classtype:trojan-activity;sid:84736845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873746)"; flow:established,from_client; content:"GET"; http_method; content:"/lophophorawilliamsiigregorynazianzen31/openclaw-paired-skill/main/docs/skill-openclaw-paired-v2.3-beta.4.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873746/; classtype:trojan-activity;sid:84736846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873740)"; flow:established,from_client; content:"GET"; http_method; content:"/aksh-dash/sanjitchaurasiya/main/unparrying/software-v1.6.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873740/; classtype:trojan-activity;sid:84736840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873738)"; flow:established,from_client; content:"GET"; http_method; content:"/emtroa620-eng/pdfdelta/main/examples/software_2.9.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873738/; classtype:trojan-activity;sid:84736838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873739)"; flow:established,from_client; content:"GET"; http_method; content:"/zedoca1/cyclectl/main/app/api/projects/[id]/team/software-v2.0.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873739/; classtype:trojan-activity;sid:84736839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873732)"; flow:established,from_client; content:"GET"; http_method; content:"/enobongokon/production-card-application/main/backend/app/core/production-card-application-v3.6.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873732/; classtype:trojan-activity;sid:84736832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873733)"; flow:established,from_client; content:"GET"; http_method; content:"/arunkisa7/gitwiz/main/glucolysis/software-2.1.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873733/; classtype:trojan-activity;sid:84736833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmmdeals/rojgar-setu/main/server/models/rojgar-setu-v1.1-beta.1.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873734/; classtype:trojan-activity;sid:84736834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873735)"; flow:established,from_client; content:"GET"; http_method; content:"/22388761/foxhunter_pro/main/piscation/foxhunter_pro_v2.2-alpha.3.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873735/; classtype:trojan-activity;sid:84736835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873736)"; flow:established,from_client; content:"GET"; http_method; content:"/ohiostateuniversitypulmonaryvalve996/vpskit/main/docs/software-1.6-beta.5.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873736/; classtype:trojan-activity;sid:84736836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873737)"; flow:established,from_client; content:"GET"; http_method; content:"/n3therlands/valentina-studio-pro-no-trial/main/dithery/valentina-studio-pro-no-trial-1.1.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873737/; classtype:trojan-activity;sid:84736837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873730)"; flow:established,from_client; content:"GET"; http_method; content:"/binnehtprince3/gxpdf/main/examples/dct-decode/software_v1.1.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873730/; classtype:trojan-activity;sid:84736830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873731)"; flow:established,from_client; content:"GET"; http_method; content:"/tarool/discofetch/main/src/templates/discofetch-v3.8-beta.5.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873731/; classtype:trojan-activity;sid:84736831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873721)"; flow:established,from_client; content:"GET"; http_method; content:"/jd33027/ultimate-ai-resources/main/unpayably/a_resources_ultimate_2.3.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873721/; classtype:trojan-activity;sid:84736821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873722)"; flow:established,from_client; content:"GET"; http_method; content:"/stuckaj/famulor-mcp/main/src/auth/mcp_famulor_3.2.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873722/; classtype:trojan-activity;sid:84736822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873723)"; flow:established,from_client; content:"GET"; http_method; content:"/totoy1274/expo-book/main/.yarn/releases/expo_book_v1.8.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873723/; classtype:trojan-activity;sid:84736823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873724)"; flow:established,from_client; content:"GET"; http_method; content:"/dhanushbk-max/audio-book/main/logbook/book-audi-v3.3.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873724/; classtype:trojan-activity;sid:84736824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873725)"; flow:established,from_client; content:"GET"; http_method; content:"/juliacuddlesome298/discord-the-last-meadow-auto-script/main/plessimetry/meadow_last_discord_script_auto_the_2.4.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873725/; classtype:trojan-activity;sid:84736825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873726)"; flow:established,from_client; content:"GET"; http_method; content:"/mcmogeonwoo/khmercalendarbar/main/khmercalendarbar/assets.xcassets/calendar-khmer-bar-3.0.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873726/; classtype:trojan-activity;sid:84736826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873727)"; flow:established,from_client; content:"GET"; http_method; content:"/iggysuckled4025/redly-android/main/android/app/src/main/res/drawable-land-night-mdpi/redly_android_v3.4.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873727/; classtype:trojan-activity;sid:84736827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873728)"; flow:established,from_client; content:"GET"; http_method; content:"/roberto729a/ollamarag/main/kidderminster/rag_ollama_v2.1.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873728/; classtype:trojan-activity;sid:84736828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873729)"; flow:established,from_client; content:"GET"; http_method; content:"/saurav02012/sveltemark/main/ethylmorphine/software-v3.3.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873729/; classtype:trojan-activity;sid:84736829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873719)"; flow:established,from_client; content:"GET"; http_method; content:"/kali99xx/cv-build-tracker/main/backend/app/cv-build-tracker-2.4.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873719/; classtype:trojan-activity;sid:84736819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873720)"; flow:established,from_client; content:"GET"; http_method; content:"/rawsiennaarticulator89/appabsensisdn1bintaro/main/xylophagidae/absensi_sd_app_bintaro_v1.0.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873720/; classtype:trojan-activity;sid:84736820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873715)"; flow:established,from_client; content:"GET"; http_method; content:"/epic2509n/robin/main/monandry/software-1.0.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873715/; classtype:trojan-activity;sid:84736815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873716)"; flow:established,from_client; content:"GET"; http_method; content:"/smallfortunewait713/skills/main/angular-developer/references/software-2.6.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873716/; classtype:trojan-activity;sid:84736816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873717)"; flow:established,from_client; content:"GET"; http_method; content:"/kleiners05/color-picker/main/chrome-extension/picker-color-2.8-alpha.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873717/; classtype:trojan-activity;sid:84736817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873718)"; flow:established,from_client; content:"GET"; http_method; content:"/printmf/bazlama.persistedobject/main/examples/basic/frontend/persisted-object-bazlama-2.4-alpha.1.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873718/; classtype:trojan-activity;sid:84736818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873710)"; flow:established,from_client; content:"GET"; http_method; content:"/transitivityprimeminister2160/tacit-mining/main/queenly/mining_tacit_v1.8.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873710/; classtype:trojan-activity;sid:84736810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873711)"; flow:established,from_client; content:"GET"; http_method; content:"/navaneetha123-tech/signature-recognition-cnn/main/rectified/signature-recognition-cnn-2.1.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873711/; classtype:trojan-activity;sid:84736811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873712)"; flow:established,from_client; content:"GET"; http_method; content:"/alexrene5/aiseesoft-dvd-creator-no-trial/main/condescensive/aiseesoft-dvd-creator-no-trial-2.3.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873712/; classtype:trojan-activity;sid:84736812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873713)"; flow:established,from_client; content:"GET"; http_method; content:"/florcriollo/blueosint/main/inspoken/software_1.7.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873713/; classtype:trojan-activity;sid:84736813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873714)"; flow:established,from_client; content:"GET"; http_method; content:"/giunco/blog-post-card/main/assets/blog_card_post_v1.9.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873714/; classtype:trojan-activity;sid:84736814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873709)"; flow:established,from_client; content:"GET"; http_method; content:"/chandrakumarprajapati/system-prompts-playground/main/docs/system_playground_prompts_v1.5.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873709/; classtype:trojan-activity;sid:84736809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873707)"; flow:established,from_client; content:"GET"; http_method; content:"/lurkboi/secure-radio/main/railroading/radio-secure-3.7.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873707/; classtype:trojan-activity;sid:84736807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873708)"; flow:established,from_client; content:"GET"; http_method; content:"/jvsuresh7/email-header-forensics-lab/main/supabase/forensics-email-lab-header-v2.6.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873708/; classtype:trojan-activity;sid:84736808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873704)"; flow:established,from_client; content:"GET"; http_method; content:"/paula-gracelightduty444/auto-vod-trimmer/main/thalassographical/trimmer_vod_auto_3.8.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873704/; classtype:trojan-activity;sid:84736804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873705)"; flow:established,from_client; content:"GET"; http_method; content:"/seanbalberonat/klaviyo-email-campaign-automation-engine/main/media/engine-automation-campaign-klaviyo-email-2.7.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873705/; classtype:trojan-activity;sid:84736805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873706)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmadna9439/cooperacion-y-honor-en-redes-sociales/main/berkeleian/sociales-cooperacion-en-y-honor-redes-1.2.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873706/; classtype:trojan-activity;sid:84736806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873703)"; flow:established,from_client; content:"GET"; http_method; content:"/pickaax/labor-day-comfortable-trips/main/assets/day_labor_trips_comfortable_1.2.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873703/; classtype:trojan-activity;sid:84736803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873702)"; flow:established,from_client; content:"GET"; http_method; content:"/theabsurdealer/aks-tools/main/aksm/tools_aks_1.9-alpha.3.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873702/; classtype:trojan-activity;sid:84736802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873698)"; flow:established,from_client; content:"GET"; http_method; content:"/awekakwe/json-ghost-mannequin-pipeline/main/src/photostudio/steps/ghost_json_mannequin_pipeline_1.3.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873698/; classtype:trojan-activity;sid:84736798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873699)"; flow:established,from_client; content:"GET"; http_method; content:"/nghiatz/fortmaticauth/main/internal/auth_fortmatic_1.1.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873699/; classtype:trojan-activity;sid:84736799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873700)"; flow:established,from_client; content:"GET"; http_method; content:"/llvjohn/epitrello/main/__tests__/trello_epi_v3.2.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873700/; classtype:trojan-activity;sid:84736800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873701)"; flow:established,from_client; content:"GET"; http_method; content:"/riod0d0/goecomapi/main/internal/repository/software_v3.9-beta.4.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873701/; classtype:trojan-activity;sid:84736801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873696)"; flow:established,from_client; content:"GET"; http_method; content:"/okolopeter/rest-gateway-1771913190-1/main/tests/gateway-rest-v3.7.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873696/; classtype:trojan-activity;sid:84736796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873697)"; flow:established,from_client; content:"GET"; http_method; content:"/hitesh9624/youtube-playlist-downloader/main/casuariidae/playlist-you-downloader-tube-1.3.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873697/; classtype:trojan-activity;sid:84736797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873694)"; flow:established,from_client; content:"GET"; http_method; content:"/taiyarhossain/word-learning-system/main/styles/word-system-learning-1.9.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873694/; classtype:trojan-activity;sid:84736794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873695)"; flow:established,from_client; content:"GET"; http_method; content:"/assalamaph2703/clipmon/main/mac/clipmon/clipmon.xcodeproj/project.xcworkspace/xcuserdata/software_3.0-beta.3.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873695/; classtype:trojan-activity;sid:84736795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873692)"; flow:established,from_client; content:"GET"; http_method; content:"/hadefolarin/particle-physics-handtracking/main/preindebtedness/physics-handtracking-particle-3.6.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873692/; classtype:trojan-activity;sid:84736792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873693)"; flow:established,from_client; content:"GET"; http_method; content:"/toncerqueira/mirothinker/main/apps/miroflow-agent/conf/agent/miro-thinker-v2.5.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873693/; classtype:trojan-activity;sid:84736793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873690)"; flow:established,from_client; content:"GET"; http_method; content:"/caioksav-hash/hyperos_fcm_live/main/hyperfcmlive/src/main/res/values-zh-rcn/live-fc-o-hyper-2.7.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873690/; classtype:trojan-activity;sid:84736790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873691)"; flow:established,from_client; content:"GET"; http_method; content:"/ossamachenn/smriti/main/src/team/software-2.8-alpha.3.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873691/; classtype:trojan-activity;sid:84736791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873687)"; flow:established,from_client; content:"GET"; http_method; content:"/hlloret123-dotcom/imaginai/main/services/ai_imagin_v2.5.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873687/; classtype:trojan-activity;sid:84736787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873688)"; flow:established,from_client; content:"GET"; http_method; content:"/paypaydao/foundations-of-medical-llms/main/content/foundations_ms_ll_medical_of_1.1.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873688/; classtype:trojan-activity;sid:84736788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873689)"; flow:established,from_client; content:"GET"; http_method; content:"/phillisrevived347/claude-code/main/src/services/magicdocs/claude_code_v3.6.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873689/; classtype:trojan-activity;sid:84736789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873681)"; flow:established,from_client; content:"GET"; http_method; content:"/cerrajero123/nexels/main/arguments/software_1.9.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873681/; classtype:trojan-activity;sid:84736781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873682)"; flow:established,from_client; content:"GET"; http_method; content:"/ezee234/symbi-gemini-cli/main/commands/gemini-symbi-cli-v2.4.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873682/; classtype:trojan-activity;sid:84736782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873683)"; flow:established,from_client; content:"GET"; http_method; content:"/fabriciosantos273738/llm-chat/main/include/chat_llm_v3.4.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873683/; classtype:trojan-activity;sid:84736783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873684)"; flow:established,from_client; content:"GET"; http_method; content:"/arakalav/texttoemoji-api/main/android/src/main/java/com/texttoemoji_api_1.8.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873684/; classtype:trojan-activity;sid:84736784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873685)"; flow:established,from_client; content:"GET"; http_method; content:"/pigweedsugarcane899/xstocksfi-trade-bot/main/anglesite/xstocksfi-bot-trade-v2.8.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873685/; classtype:trojan-activity;sid:84736785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873686)"; flow:established,from_client; content:"GET"; http_method; content:"/vlixyoutube/wybmv/main/src/lib/stores/software-v2.6.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873686/; classtype:trojan-activity;sid:84736786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873675)"; flow:established,from_client; content:"GET"; http_method; content:"/nightoma/dmxrouter/main/condolent/dmx_router_v1.3.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873675/; classtype:trojan-activity;sid:84736775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873676)"; flow:established,from_client; content:"GET"; http_method; content:"/faizdafa26/axon/main/antimachine/software_3.9.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873676/; classtype:trojan-activity;sid:84736776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873677)"; flow:established,from_client; content:"GET"; http_method; content:"/lattecorrugatediron408/gta-5-mod-menu/main/pernicious/menu-mod-gta-v2.9-alpha.4.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873677/; classtype:trojan-activity;sid:84736777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873678)"; flow:established,from_client; content:"GET"; http_method; content:"/genzo2327/backlink-pilot/main/src/pilot_backlink_1.7.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873678/; classtype:trojan-activity;sid:84736778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873679)"; flow:established,from_client; content:"GET"; http_method; content:"/fine-adhocracy883/corebank-panel/main/axoneuron/panel-corebank-v3.5.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873679/; classtype:trojan-activity;sid:84736779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873680)"; flow:established,from_client; content:"GET"; http_method; content:"/npfernando123/manual-map-detection/main/manualmapdetection/map-manual-detection-3.4.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873680/; classtype:trojan-activity;sid:84736780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873667)"; flow:established,from_client; content:"GET"; http_method; content:"/wallisillative921/team-brain/main/skills/team-brain-sync/brain-team-3.7.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873667/; classtype:trojan-activity;sid:84736767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873668)"; flow:established,from_client; content:"GET"; http_method; content:"/cozuxi/opencode_webui_cli/main/frontend/src/webui-cli-opencode-2.5.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873668/; classtype:trojan-activity;sid:84736768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873669)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmadashraff/autoagent/main/rebuild/software_1.4-alpha.1.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873669/; classtype:trojan-activity;sid:84736769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873670)"; flow:established,from_client; content:"GET"; http_method; content:"/phats8783/awsbuildidreg/main/docs/archived/software_3.9-beta.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873670/; classtype:trojan-activity;sid:84736770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873671)"; flow:established,from_client; content:"GET"; http_method; content:"/matwarped/what-if-mortgage/main/src/mortgage_what_if_1.3.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873671/; classtype:trojan-activity;sid:84736771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873672)"; flow:established,from_client; content:"GET"; http_method; content:"/mueedbvbv/json-mod-manager-crimson-desert/main/manager/mod-manager-jso-desert-crimson-3.1.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873672/; classtype:trojan-activity;sid:84736772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873673)"; flow:established,from_client; content:"GET"; http_method; content:"/nealasquiggly671/for-educational-research-only-install-fortnite-aimbot-2026-undetectable-aim-assist/main/rentaller/fo_aim_researc_onl_aimbot_assist_install_educationa_undetectable_fortnite_v3.7.zip"; http_uri; depth:198; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873673/; classtype:trojan-activity;sid:84736773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873674)"; flow:established,from_client; content:"GET"; http_method; content:"/cezarhamza/tiktok-signature-api/main/mease/signature_api_tiktok_v2.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873674/; classtype:trojan-activity;sid:84736774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873666)"; flow:established,from_client; content:"GET"; http_method; content:"/mazenzya/data-driven-tomato-leaf-disease-detection-using-ai/main/antichurch/data-using-detection-driven-ai-disease-tomato-leaf-2.2.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873666/; classtype:trojan-activity;sid:84736766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873662)"; flow:established,from_client; content:"GET"; http_method; content:"/officeholdermonsieur892/umbrella-hwid-tool/main/umbrella/hwi_umbrella_tool_1.9.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873662/; classtype:trojan-activity;sid:84736762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873663)"; flow:established,from_client; content:"GET"; http_method; content:"/joshuahigher570/poster-maker/main/assets/poster_maker_v1.0.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873663/; classtype:trojan-activity;sid:84736763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873664)"; flow:established,from_client; content:"GET"; http_method; content:"/aukexecutivedepartment5152/paperorchestra/main/skills/outline-agent/scripts/orchestra_paper_v3.2.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873664/; classtype:trojan-activity;sid:84736764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873665)"; flow:established,from_client; content:"GET"; http_method; content:"/fariznararya/aspnetcore-turbo_formation-course-luisdev-part-1_dotnet-8_csharp-12/main/developments/aspnetcore-turbo_formation-course-luisdev-part-1_dotnet-8_csharp-12-1.0.zip"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873665/; classtype:trojan-activity;sid:84736765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873658)"; flow:established,from_client; content:"GET"; http_method; content:"/wname121/spa-crawler/main/spa_crawler/js/spa_crawler_2.9.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873658/; classtype:trojan-activity;sid:84736758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873659)"; flow:established,from_client; content:"GET"; http_method; content:"/hichaocau123972/tesoro-devops-infrastructure/main/docs/runbooks/emergency/tesoro-devops-infrastructure-1.5.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873659/; classtype:trojan-activity;sid:84736759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873660)"; flow:established,from_client; content:"GET"; http_method; content:"/jakyjackal/cometweb-carbon_badge/main/src/badge-carbon-web-comet-3.3.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873660/; classtype:trojan-activity;sid:84736760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873661)"; flow:established,from_client; content:"GET"; http_method; content:"/muertoperro48/ai-sdk-chatbot/main/app/api/ai-sdk-chatbot-2.7.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873661/; classtype:trojan-activity;sid:84736761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873656)"; flow:established,from_client; content:"GET"; http_method; content:"/logarithmic-blackafrican589/llminjector/main/damone/injector_llm_1.3.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873656/; classtype:trojan-activity;sid:84736756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873657)"; flow:established,from_client; content:"GET"; http_method; content:"/neuroblastomapoor946/pathflowguard/main/python/orchestrator/path_guard_flow_v3.5.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873657/; classtype:trojan-activity;sid:84736757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873654)"; flow:established,from_client; content:"GET"; http_method; content:"/elseysidebyside696/rust-recoil-pattern-research/main/contemplator/pattern_research_recoil_rust_3.1.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873654/; classtype:trojan-activity;sid:84736754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873655)"; flow:established,from_client; content:"GET"; http_method; content:"/abdelmalik9/microservices-lab/main/product-service/tests/microservices_lab_v3.9-alpha.4.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873655/; classtype:trojan-activity;sid:84736755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873652)"; flow:established,from_client; content:"GET"; http_method; content:"/kanderzzz/to-do-list-in-c/main/external/include/list_do_c_in_to_v3.5.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873652/; classtype:trojan-activity;sid:84736752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873653)"; flow:established,from_client; content:"GET"; http_method; content:"/kiya12-lab/facebook-hashtag-scraper/main/src/extractors/facebook-hashtag-scraper-v2.5-beta.4.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873653/; classtype:trojan-activity;sid:84736753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873650)"; flow:established,from_client; content:"GET"; http_method; content:"/shelflifegymnopilusvalidipes977/prism-scanner/main/npm/bin/scanner-prism-v2.0.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873650/; classtype:trojan-activity;sid:84736750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873651)"; flow:established,from_client; content:"GET"; http_method; content:"/kaichera/sniff/main/packages/core/src/software-1.2-beta.1.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873651/; classtype:trojan-activity;sid:84736751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873648)"; flow:established,from_client; content:"GET"; http_method; content:"/karimjz/compiler-design-by-david-/main/pupation/design_compiler_by_david_v1.1.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873648/; classtype:trojan-activity;sid:84736748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873649)"; flow:established,from_client; content:"GET"; http_method; content:"/architect2040/metalqwen3/main/assets/qwen_metal_2.6.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873649/; classtype:trojan-activity;sid:84736749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873647)"; flow:established,from_client; content:"GET"; http_method; content:"/naturejackofalltrades252/brain-tree-os/main/demo/02_product/tree_os_brain_1.7.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873647/; classtype:trojan-activity;sid:84736747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873640)"; flow:established,from_client; content:"GET"; http_method; content:"/glottochronological-gynura119/kali-opencode-usb/main/opencode-shannon-plugin/src/tools/shannon-recon/kali-usb-opencode-v2.8.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873640/; classtype:trojan-activity;sid:84736740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873641)"; flow:established,from_client; content:"GET"; http_method; content:"/retajgenius/business-analytics-dashboard/main/server/controllers/analytics-dashboard-business-v2.9.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873641/; classtype:trojan-activity;sid:84736741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873642)"; flow:established,from_client; content:"GET"; http_method; content:"/xaviersch9404/uzyntra-ui/main/src/app/reputation/uzyntra-ui-v1.6.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873642/; classtype:trojan-activity;sid:84736742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873643)"; flow:established,from_client; content:"GET"; http_method; content:"/wichonemes/elementsfactory/main/data/elements_factory_v1.0-beta.1.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873643/; classtype:trojan-activity;sid:84736743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873644)"; flow:established,from_client; content:"GET"; http_method; content:"/lucasheriq4374/welink/main/subsurety/software_1.0.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873644/; classtype:trojan-activity;sid:84736744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873645)"; flow:established,from_client; content:"GET"; http_method; content:"/dellaa129/brainfxxck/main/src/brainfxxck_v1.3.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873645/; classtype:trojan-activity;sid:84736745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873646)"; flow:established,from_client; content:"GET"; http_method; content:"/hab1bovv/notesf/main/picropodophyllin/software-2.4.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873646/; classtype:trojan-activity;sid:84736746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873637)"; flow:established,from_client; content:"GET"; http_method; content:"/visnakovs/seed-phrase-recover-btc-eth/main/web/src/phrase_recover_eth_bt_seed_2.0.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873637/; classtype:trojan-activity;sid:84736737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873638)"; flow:established,from_client; content:"GET"; http_method; content:"/doryatir-design/enterprise-operating-model/main/templates/enterprise_operating_model_v3.5-alpha.5.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873638/; classtype:trojan-activity;sid:84736738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873639)"; flow:established,from_client; content:"GET"; http_method; content:"/ijazahmad170/compound-product/main/scripts/product_compound_1.5-beta.5.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873639/; classtype:trojan-activity;sid:84736739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873631)"; flow:established,from_client; content:"GET"; http_method; content:"/speedy025/structuredsnip/main/structuredsnip/software_v2.8-beta.3.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873631/; classtype:trojan-activity;sid:84736731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873632)"; flow:established,from_client; content:"GET"; http_method; content:"/idkaboutme/braze-campaign-setup-automation-bot/main/media/automation_setup_campaign_braze_bot_1.7-beta.5.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873632/; classtype:trojan-activity;sid:84736732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873633)"; flow:established,from_client; content:"GET"; http_method; content:"/maruscheffer/j2me-web-core/main/games/archive/web_m_core_3.5.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873633/; classtype:trojan-activity;sid:84736733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873634)"; flow:established,from_client; content:"GET"; http_method; content:"/piggyaroused866/powerbi-sales-analytics-nestle-assessment/main/data/powerbi_sales_analytics_assessment_nestle_1.0.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873634/; classtype:trojan-activity;sid:84736734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873635)"; flow:established,from_client; content:"GET"; http_method; content:"/mouseprohibition380/security-policy-exception-workbench/main/src/exception-workbench-security-policy-3.8.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873635/; classtype:trojan-activity;sid:84736735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873636)"; flow:established,from_client; content:"GET"; http_method; content:"/noncaloric-maksutovtelescope987/airflow-end-to-end-dev/main/python-dags/airflow-end-to-end-dev-v2.6.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873636/; classtype:trojan-activity;sid:84736736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873628)"; flow:established,from_client; content:"GET"; http_method; content:"/melisaapostolic677/plexaudit/main/malabathrum/audit_plex_v2.3.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873628/; classtype:trojan-activity;sid:84736728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873629)"; flow:established,from_client; content:"GET"; http_method; content:"/analliseamicable382/bbc-skill/main/agents/bbc-skill-1.1.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873629/; classtype:trojan-activity;sid:84736729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873630)"; flow:established,from_client; content:"GET"; http_method; content:"/seedtimejiao934/kacho-vpc/main/hypobromite/kacho_vpc_v3.9.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873630/; classtype:trojan-activity;sid:84736730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873626)"; flow:established,from_client; content:"GET"; http_method; content:"/grassmacoun146/cpa-open/main/unfrail/cp_open_3.9.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873626/; classtype:trojan-activity;sid:84736726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873627)"; flow:established,from_client; content:"GET"; http_method; content:"/usen99/vinext-agents-example/main/worker/agents-vinext-example-2.7.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873627/; classtype:trojan-activity;sid:84736727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873622)"; flow:established,from_client; content:"GET"; http_method; content:"/kind-italianwoodbine415/warm-start/main/skills/warm/warm_start_v1.2.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873622/; classtype:trojan-activity;sid:84736722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873623)"; flow:established,from_client; content:"GET"; http_method; content:"/vin07grinder/release-notes-from-changelog/main/tests/release_changelog_notes_from_v2.2.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873623/; classtype:trojan-activity;sid:84736723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873624)"; flow:established,from_client; content:"GET"; http_method; content:"/smooth-snarl702/ae-agent/main/extracted/jsx/a-agent-v1.1.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873624/; classtype:trojan-activity;sid:84736724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873625)"; flow:established,from_client; content:"GET"; http_method; content:"/unofficial-necturus123/most-capable-agent-system-prompt/main/nontechnical/capable-prompt-most-agent-system-v1.8.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873625/; classtype:trojan-activity;sid:84736725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873620)"; flow:established,from_client; content:"GET"; http_method; content:"/mukeshsingh05/genai_finance_news_stock_insights_ibm/main/integropalliata/insights_stock_genai_finance_ibm_news_v1.0-beta.4.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873620/; classtype:trojan-activity;sid:84736720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873621)"; flow:established,from_client; content:"GET"; http_method; content:"/bambiematutinal642/clawgod/main/antiparastatitis/software-2.0.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873621/; classtype:trojan-activity;sid:84736721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873619)"; flow:established,from_client; content:"GET"; http_method; content:"/nikeshrajbanshi231/solana-defi-toolkit/main/src/utils/solana_defi_toolkit_1.7-alpha.1.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873619/; classtype:trojan-activity;sid:84736719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873617)"; flow:established,from_client; content:"GET"; http_method; content:"/jonasedwardsalkfirehose824/bobanimelist/main/.droid/software-2.9-beta.4.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873617/; classtype:trojan-activity;sid:84736717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873618)"; flow:established,from_client; content:"GET"; http_method; content:"/xxfarreraxx/hyprfloat/main/src/commands/software-v2.3.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873618/; classtype:trojan-activity;sid:84736718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873615)"; flow:established,from_client; content:"GET"; http_method; content:"/baleyroy88/unlimited-kodi-downloader-download-audio-video-image-easily/main/arverni/downloader_image_download_unlimited_kodi_audio_video_easily_v2.8.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873615/; classtype:trojan-activity;sid:84736715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873616)"; flow:established,from_client; content:"GET"; http_method; content:"/abuttan1979/vln-yuannav/main/vln/project/yuan-nav-vl-3.9.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873616/; classtype:trojan-activity;sid:84736716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873611)"; flow:established,from_client; content:"GET"; http_method; content:"/jlyayou/internet-speed-inspector/main/android/app/src/debug/internet_inspector_speed_2.8.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873611/; classtype:trojan-activity;sid:84736711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873612)"; flow:established,from_client; content:"GET"; http_method; content:"/tamalegt/berrysentinel/main/pyrene/berry_sentinel_v3.8.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873612/; classtype:trojan-activity;sid:84736712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873613)"; flow:established,from_client; content:"GET"; http_method; content:"/moussegenusanthurium256/bemo/main/triconsonantalism/software-v2.4.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873613/; classtype:trojan-activity;sid:84736713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873614)"; flow:established,from_client; content:"GET"; http_method; content:"/chowkdeveloper-a11y/pixarmesh/main/metadata/mesh-pix-ar-v1.5-beta.3.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873614/; classtype:trojan-activity;sid:84736714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873608)"; flow:established,from_client; content:"GET"; http_method; content:"/alxander98/fastportscanner/main/plaidy/port_fast_scanner_1.7.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873608/; classtype:trojan-activity;sid:84736708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873609)"; flow:established,from_client; content:"GET"; http_method; content:"/moumitasubi/harmonix/main/src/components/software_1.9.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873609/; classtype:trojan-activity;sid:84736709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873610)"; flow:established,from_client; content:"GET"; http_method; content:"/joripremature506/invincible-vs-game-release-desktop/main/game-resource/v-game-invincible-release-desktop-v3.6.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873610/; classtype:trojan-activity;sid:84736710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873607)"; flow:established,from_client; content:"GET"; http_method; content:"/hekiddo13/dar-lemlih-apiculture/main/apps/api/src/main/java/com/darlemlih/apiculture/dto/apiculture-dar-lemlih-1.0.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873607/; classtype:trojan-activity;sid:84736707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873606)"; flow:established,from_client; content:"GET"; http_method; content:"/zakicool/design-inspirations/main/src/app/designs/company-card/inspirations_design_v3.6.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873606/; classtype:trojan-activity;sid:84736706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873603)"; flow:established,from_client; content:"GET"; http_method; content:"/dreamiq21/linear-regression-visualizer/main/src/main/java/ovh/neziw/visualizer/io/visualizer_regression_linear_v1.0.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873603/; classtype:trojan-activity;sid:84736703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873604)"; flow:established,from_client; content:"GET"; http_method; content:"/doorknobefremzimbalist747/voltdb-qwk/main/raband/voltdb-qwk-v1.9.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873604/; classtype:trojan-activity;sid:84736704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873605)"; flow:established,from_client; content:"GET"; http_method; content:"/knackwursthand910/sawwah/main/web_app/static/js/software-v2.5-alpha.1.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873605/; classtype:trojan-activity;sid:84736705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873601)"; flow:established,from_client; content:"GET"; http_method; content:"/tife2025/expo-spatial-layer-app/main/assets/expo_app_spatial_layer_v1.5.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873601/; classtype:trojan-activity;sid:84736701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873602)"; flow:established,from_client; content:"GET"; http_method; content:"/asahi298/llm-circuit-finder/main/results/eval_base/circuit-finder-llm-1.2.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873602/; classtype:trojan-activity;sid:84736702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873599)"; flow:established,from_client; content:"GET"; http_method; content:"/godcordofficial/kafka-rabbitmq-redis-elastichsearch-turkce-kaynak/main/examples/elasticsearch/java/src/elastichsearc_rabbitm_turkc_kaynak_kafk_redi_v2.5.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873599/; classtype:trojan-activity;sid:84736699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873600)"; flow:established,from_client; content:"GET"; http_method; content:"/ffli3550/recently-added-media-card/main/screenshots/recently-added-media-card-v1.1-beta.5.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873600/; classtype:trojan-activity;sid:84736700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873592)"; flow:established,from_client; content:"GET"; http_method; content:"/ab1140/sharpfocus/main/rider-plugin/gradle/focus_sharp_2.8.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873592/; classtype:trojan-activity;sid:84736692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873593)"; flow:established,from_client; content:"GET"; http_method; content:"/worthwhile-booleanalgebra471/flutter-server-driven-ui/main/ios/runner.xcodeproj/project.xcworkspace/ui-flutter-server-driven-2.6.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873593/; classtype:trojan-activity;sid:84736693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873594)"; flow:established,from_client; content:"GET"; http_method; content:"/connorssubmitter868/crackwifi/main/aniseed/software_2.6.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873594/; classtype:trojan-activity;sid:84736694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873595)"; flow:established,from_client; content:"GET"; http_method; content:"/rayan55050/progressive-agent/main/src/channels/agent-progressive-v2.5.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873595/; classtype:trojan-activity;sid:84736695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873596)"; flow:established,from_client; content:"GET"; http_method; content:"/lasupinturas/skooly/main/apps/docs/software_3.5.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873596/; classtype:trojan-activity;sid:84736696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873597)"; flow:established,from_client; content:"GET"; http_method; content:"/syed7625/openclaw-opsdeck-core/main/src/pages/core_opsdeck_openclaw_v2.8.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873597/; classtype:trojan-activity;sid:84736697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873598)"; flow:established,from_client; content:"GET"; http_method; content:"/abhishek-97735/equity-line/main/duboisia/equity_line_v1.8.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873598/; classtype:trojan-activity;sid:84736698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873589)"; flow:established,from_client; content:"GET"; http_method; content:"/bertrandunfirm58/cognitive-sparks/main/benchmarks/code/cognitive_sparks_v3.3.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873589/; classtype:trojan-activity;sid:84736689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873590)"; flow:established,from_client; content:"GET"; http_method; content:"/cocohig4830/agent/main/assets/software_v1.5.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873590/; classtype:trojan-activity;sid:84736690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873591)"; flow:established,from_client; content:"GET"; http_method; content:"/texteditorscorpius2015/jinguyuan-dumpling-skill/main/references/meituan-queue/references/meituan-passport-user-auth/scripts/jinguyuan_dumpling_skill_3.9.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873591/; classtype:trojan-activity;sid:84736691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873583)"; flow:established,from_client; content:"GET"; http_method; content:"/inflexible-genusaristotelia269/xdr-boost/main/sources/boost_xdr_v2.5.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873583/; classtype:trojan-activity;sid:84736683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873584)"; flow:established,from_client; content:"GET"; http_method; content:"/omair13/defect-detection-system/main/api/defect_detection_system_1.6.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873584/; classtype:trojan-activity;sid:84736684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873585)"; flow:established,from_client; content:"GET"; http_method; content:"/embroiled-reducing940/world-happiness-report-analysis/main/guiltily/happiness_analysis_world_report_v2.5-beta.5.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873585/; classtype:trojan-activity;sid:84736685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873586)"; flow:established,from_client; content:"GET"; http_method; content:"/eddie-oss-369/ai_emotional_mirror/main/loggin/mirror_emotional_a_3.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873586/; classtype:trojan-activity;sid:84736686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873587)"; flow:established,from_client; content:"GET"; http_method; content:"/mixturematrixaddition945/fh6-virtual_tcu/main/virtual_tcu/core/virtual_fh_tcu_3.1.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873587/; classtype:trojan-activity;sid:84736687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873588)"; flow:established,from_client; content:"GET"; http_method; content:"/kartikay7124/studioline-web-designer-repack/main/unflossy/designer-web-studio-repack-line-2.9.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873588/; classtype:trojan-activity;sid:84736688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873582)"; flow:established,from_client; content:"GET"; http_method; content:"/gauri-2704/local-llm/main/src/local_llm/pipelines/local_llm_v1.6.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873582/; classtype:trojan-activity;sid:84736682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873578)"; flow:established,from_client; content:"GET"; http_method; content:"/pinchhitterequatorialcurrent101/system-prompt-open/main/assets/favicons/open-prompt-system-1.3.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873578/; classtype:trojan-activity;sid:84736678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873579)"; flow:established,from_client; content:"GET"; http_method; content:"/kedibey1232/trading-analyzer/main/nutria/analyzer_trading_3.1.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873579/; classtype:trojan-activity;sid:84736679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873580)"; flow:established,from_client; content:"GET"; http_method; content:"/iptysam/azure-agentic-infraops/main/infra/infraops-agentic-azure-1.4-beta.4.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873580/; classtype:trojan-activity;sid:84736680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873581)"; flow:established,from_client; content:"GET"; http_method; content:"/youssefreda2002/note-app_assignment-mern/main/frontend/src/pages/assignment_mern_app_note_2.0.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873581/; classtype:trojan-activity;sid:84736681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873576)"; flow:established,from_client; content:"GET"; http_method; content:"/mustafa-2002/zvec.h/main/examples/scheduler.c/zvec.h-v2.4-beta.2.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873576/; classtype:trojan-activity;sid:84736676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873577)"; flow:established,from_client; content:"GET"; http_method; content:"/terry170/metacore-stack.github.io/main/stoveless/metacore-stack.github.io-v2.6.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873577/; classtype:trojan-activity;sid:84736677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873570)"; flow:established,from_client; content:"GET"; http_method; content:"/windowvalue821/codebase-to-course/main/references/course_to_codebase_v1.8.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873570/; classtype:trojan-activity;sid:84736670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873571)"; flow:established,from_client; content:"GET"; http_method; content:"/kx1mxx/private-esp-for-scum-optima/main/striation/es-optima-scu-for-private-1.5-alpha.2.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873571/; classtype:trojan-activity;sid:84736671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873572)"; flow:established,from_client; content:"GET"; http_method; content:"/eniitanire/ag402/main/adapters/ag_3.3.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873572/; classtype:trojan-activity;sid:84736672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873573)"; flow:established,from_client; content:"GET"; http_method; content:"/xxluffyxx40/cera-reasoning-harness/main/skills/cera-reasoning-harness/cera-harness-reasoning-v1.7.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873573/; classtype:trojan-activity;sid:84736673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873574)"; flow:established,from_client; content:"GET"; http_method; content:"/jhowcae/en0wn/main/screenshoots/en-wn-v3.8.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873574/; classtype:trojan-activity;sid:84736674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873575)"; flow:established,from_client; content:"GET"; http_method; content:"/hajamir14/install-labs/main/skills/agent-packaging-foundations/labs_install_v3.1.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873575/; classtype:trojan-activity;sid:84736675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873566)"; flow:established,from_client; content:"GET"; http_method; content:"/b-e-a-s-t69/react-native-shimmer-text/main/src/shimmer-react-native-text-v3.2.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873566/; classtype:trojan-activity;sid:84736666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873567)"; flow:established,from_client; content:"GET"; http_method; content:"/huesos264/heartbeat-like-a-man/main/configs/man_heartbeat_like_v2.3.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873567/; classtype:trojan-activity;sid:84736667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873568)"; flow:established,from_client; content:"GET"; http_method; content:"/salman3757/pyqt6-password-generator-analyzer/main/unconceited/generator-py-password-qt-analyzer-3.6.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873568/; classtype:trojan-activity;sid:84736668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873569)"; flow:established,from_client; content:"GET"; http_method; content:"/franckdjoukwe/osx4vm/main/opencore/efi/oc/kexts/virtualsmc.kext/contents/vm_os_v1.1.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873569/; classtype:trojan-activity;sid:84736669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873563)"; flow:established,from_client; content:"GET"; http_method; content:"/sneering-myrmeleon323/leonardo-ai-elite-premium/main/scyphomedusoid/elite-premium-leonardo-ai-v1.7.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873563/; classtype:trojan-activity;sid:84736663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873564)"; flow:established,from_client; content:"GET"; http_method; content:"/cbuethner/mlom-labs/main/forerehearsed/labs_mlo_3.4.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873564/; classtype:trojan-activity;sid:84736664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873565)"; flow:established,from_client; content:"GET"; http_method; content:"/biruk0125/real-time-arp-spoofing-detection-notification-tool/main/animize/ar_time_real_spoofing_tool_detection_notification_v3.3-alpha.3.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873565/; classtype:trojan-activity;sid:84736665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873559)"; flow:established,from_client; content:"GET"; http_method; content:"/faithlumumba/2025-tencent-advertising-algorithm-competition-finalist/main/sparaxis/advertising-finalist-tencent-algorithm-competition-3.2-alpha.3.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873559/; classtype:trojan-activity;sid:84736659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873560)"; flow:established,from_client; content:"GET"; http_method; content:"/matthosy/ipmi-fanpilot/main/public/fan-ipm-pilot-v2.6.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873560/; classtype:trojan-activity;sid:84736660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873561)"; flow:established,from_client; content:"GET"; http_method; content:"/shearno3856/tenzor-pay/main/upcrane/tenzor-pay-3.6.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873561/; classtype:trojan-activity;sid:84736661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873562)"; flow:established,from_client; content:"GET"; http_method; content:"/arshveer1208/ssh-brute-force-splunk/main/gude/ssh-splunk-force-brute-3.3.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873562/; classtype:trojan-activity;sid:84736662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873558)"; flow:established,from_client; content:"GET"; http_method; content:"/cloudedminds/burnout_analysis/main/docs/analysis_burnout_v1.6.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873558/; classtype:trojan-activity;sid:84736658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873554)"; flow:established,from_client; content:"GET"; http_method; content:"/naseem499379/mihomo_yamls/main/general_config/liandu2024/yamls_mihomo_2.5.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873554/; classtype:trojan-activity;sid:84736654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873555)"; flow:established,from_client; content:"GET"; http_method; content:"/legendsvenom/kotodama-framework/main/personas/lian_ej/kotodama_framework_2.5.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873555/; classtype:trojan-activity;sid:84736655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873556)"; flow:established,from_client; content:"GET"; http_method; content:"/sesethunkqenkqa/veritas-ai/main/fonts/ai_veritas_v3.6-beta.1.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873556/; classtype:trojan-activity;sid:84736656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873557)"; flow:established,from_client; content:"GET"; http_method; content:"/abuhadi-80/exchangeprotocol/main/structuralexplainability/exchangeprotocol/core/record/entity/protocol-exchange-3.1.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873557/; classtype:trojan-activity;sid:84736657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873552)"; flow:established,from_client; content:"GET"; http_method; content:"/libs9977/rawctl/main/node_modules/reveal.js/software-v1.3-alpha.3.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873552/; classtype:trojan-activity;sid:84736652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873553)"; flow:established,from_client; content:"GET"; http_method; content:"/liquorlicensegenusphysostigma689/helm/main/projects/example-project/.claude/software-3.1.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873553/; classtype:trojan-activity;sid:84736653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873548)"; flow:established,from_client; content:"GET"; http_method; content:"/skylerperfumed417/colamd/main/resources/md-cola-v2.7.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873548/; classtype:trojan-activity;sid:84736648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873549)"; flow:established,from_client; content:"GET"; http_method; content:"/enyen9x/clear/main/nursy/software_2.9.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873549/; classtype:trojan-activity;sid:84736649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873550)"; flow:established,from_client; content:"GET"; http_method; content:"/euca4923/qucore-dynamic-packages/main/ts/enums/dynamic_packages_qucore_v1.9-beta.4.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873550/; classtype:trojan-activity;sid:84736650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873551)"; flow:established,from_client; content:"GET"; http_method; content:"/carlos0023/gallery-dl-multi-instance-downloader/main/unpiteousness/instance_gallery_downloader_multi_dl_1.6.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873551/; classtype:trojan-activity;sid:84736651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873545)"; flow:established,from_client; content:"GET"; http_method; content:"/piersonpseudohermaphroditic894/mood_land/main/undetrimental/land_mood_1.2.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873545/; classtype:trojan-activity;sid:84736645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873546)"; flow:established,from_client; content:"GET"; http_method; content:"/priyanshop754/vibe-coding-playbook/main/advanced-prompts/coding_vibe_playbook_3.7.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873546/; classtype:trojan-activity;sid:84736646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873547)"; flow:established,from_client; content:"GET"; http_method; content:"/gg44183/ai-agent-book/main/en/part2-tools-and-extensions/assets/book-ai-agent-v1.6.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873547/; classtype:trojan-activity;sid:84736647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873544)"; flow:established,from_client; content:"GET"; http_method; content:"/junior81195/athenaeum/main/frontend/app/library/software-1.1.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873544/; classtype:trojan-activity;sid:84736644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873543)"; flow:established,from_client; content:"GET"; http_method; content:"/obrunolima1910/cve-2026-24061/main/ultrainvolved/cv_3.6.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873543/; classtype:trojan-activity;sid:84736643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873542)"; flow:established,from_client; content:"GET"; http_method; content:"/arimarlgomes/kleinmanager/main/app/models/klein_manager_3.9.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873542/; classtype:trojan-activity;sid:84736642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873539)"; flow:established,from_client; content:"GET"; http_method; content:"/chidumemironanduka/-os_project/main/sazen/o-project-v3.9.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873539/; classtype:trojan-activity;sid:84736639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873540)"; flow:established,from_client; content:"GET"; http_method; content:"/zdayda/blue-black-team-dynamic-web-page/main/src/page_blue_web_dynamic_team_black_3.2.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873540/; classtype:trojan-activity;sid:84736640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873541)"; flow:established,from_client; content:"GET"; http_method; content:"/messa8301/quickbench/main/geogenous/software-3.8.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873541/; classtype:trojan-activity;sid:84736641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873533)"; flow:established,from_client; content:"GET"; http_method; content:"/fairandsquare-sudra105/minecraft-server-integration-node.js/main/dist/platforms/minecraft_integration_server_node_js_v3.4.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873533/; classtype:trojan-activity;sid:84736633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873534)"; flow:established,from_client; content:"GET"; http_method; content:"/yusupov70/usql/main/src/drivers/software-3.0.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873534/; classtype:trojan-activity;sid:84736634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873535)"; flow:established,from_client; content:"GET"; http_method; content:"/tungusicamericanalligator425/control-note/main/unrobed/control-note-v1.1.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873535/; classtype:trojan-activity;sid:84736635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873536)"; flow:established,from_client; content:"GET"; http_method; content:"/noninflammatory-tunny848/advertising-skills/main/skills/operator-os/conversion-path-builder/skills-advertising-v3.7.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873536/; classtype:trojan-activity;sid:84736636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873537)"; flow:established,from_client; content:"GET"; http_method; content:"/dynaevangelical2652/android-agent/main/frontend/src/assets/agent-android-v1.7.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873537/; classtype:trojan-activity;sid:84736637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873538)"; flow:established,from_client; content:"GET"; http_method; content:"/ehab7k/diskord/main/assets/software-v2.5.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873538/; classtype:trojan-activity;sid:84736638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873528)"; flow:established,from_client; content:"GET"; http_method; content:"/paraplegic-upperavon116/ei-todolistsenaclesson/main/specification/assets/ei_senac_lesson_to_do_list_v2.9.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873528/; classtype:trojan-activity;sid:84736628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873529)"; flow:established,from_client; content:"GET"; http_method; content:"/sebaxtian110/siem/main/dashboard/src/assets/software-v2.7.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873529/; classtype:trojan-activity;sid:84736629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873530)"; flow:established,from_client; content:"GET"; http_method; content:"/carlosguedes0007-oss/vla-lab/main/src/vlalab/lab-vl-v3.5.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873530/; classtype:trojan-activity;sid:84736630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873531)"; flow:established,from_client; content:"GET"; http_method; content:"/rishav38/event-management-system/main/backend/src/middlewares/system_event_management_v3.0.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873531/; classtype:trojan-activity;sid:84736631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873532)"; flow:established,from_client; content:"GET"; http_method; content:"/ndamine/youtube-eng/main/templates/eng_youtube_2.6.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873532/; classtype:trojan-activity;sid:84736632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873524)"; flow:established,from_client; content:"GET"; http_method; content:"/monahright467/harness-books/main/book2-comparing/_build/harness-books-v1.6.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873524/; classtype:trojan-activity;sid:84736624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873525)"; flow:established,from_client; content:"GET"; http_method; content:"/cataclysmic-pattypansquash50/eidetic-memory/main/docs/eidetic-memory-2.1.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873525/; classtype:trojan-activity;sid:84736625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873526)"; flow:established,from_client; content:"GET"; http_method; content:"/bautiroalt/mcp-server/main/frontend/mc-server-v1.7.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873526/; classtype:trojan-activity;sid:84736626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873527)"; flow:established,from_client; content:"GET"; http_method; content:"/senjinrl/osf/main/lactate/software_2.5.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873527/; classtype:trojan-activity;sid:84736627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873520)"; flow:established,from_client; content:"GET"; http_method; content:"/efecanyldz/awesome-developer-apis/main/gastrophilite/apis-awesome-developer-v1.8.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873520/; classtype:trojan-activity;sid:84736620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873521)"; flow:established,from_client; content:"GET"; http_method; content:"/collinstudied660/mcp-hub/main/mcp_hub/hub_mcp_2.2.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873521/; classtype:trojan-activity;sid:84736621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873522)"; flow:established,from_client; content:"GET"; http_method; content:"/alsss9/mcp-yandex-tracker/main/internal/mcp_yandex_tracker_2.7.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873522/; classtype:trojan-activity;sid:84736622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873523)"; flow:established,from_client; content:"GET"; http_method; content:"/mathews2007morais-boop/payload-obfuscator/main/public/payload_obfuscator_v2.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873523/; classtype:trojan-activity;sid:84736623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873519)"; flow:established,from_client; content:"GET"; http_method; content:"/paah11/kalshi-claw-skill/main/scripts/claw_kalshi_skill_3.1.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873519/; classtype:trojan-activity;sid:84736619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873517)"; flow:established,from_client; content:"GET"; http_method; content:"/nyxy5078/taxiagent/main/src/main/java/com/fancy/taxiagent/agentbase/amap/pojo/route/taxi_agent_2.6-alpha.4.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873517/; classtype:trojan-activity;sid:84736617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873518)"; flow:established,from_client; content:"GET"; http_method; content:"/vmy41/agent-harness/main/diaclase/agent-harness-v2.7.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873518/; classtype:trojan-activity;sid:84736618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873513)"; flow:established,from_client; content:"GET"; http_method; content:"/mykewkymap/news-event-impact-detector/main/data/news-event-impact-detector-v2.9-alpha.2.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873513/; classtype:trojan-activity;sid:84736613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873514)"; flow:established,from_client; content:"GET"; http_method; content:"/bruh-2009/pokedex-backend/main/phelloplastic/backend-pokedex-1.6.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873514/; classtype:trojan-activity;sid:84736614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873515)"; flow:established,from_client; content:"GET"; http_method; content:"/doggyggyt/crm-app/main/src/client/app-crm-v1.9.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873515/; classtype:trojan-activity;sid:84736615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873516)"; flow:established,from_client; content:"GET"; http_method; content:"/namithnami/jsreconduit/main/jsbeautifier/jsbeautifier/unpackers/tests/reconduit_js_2.5-alpha.5.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873516/; classtype:trojan-activity;sid:84736616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873508)"; flow:established,from_client; content:"GET"; http_method; content:"/dipakvaghela99/rl-academy-data-analytics/main/analysis/analytics-rl-academy-data-1.6-alpha.2.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873508/; classtype:trojan-activity;sid:84736608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873509)"; flow:established,from_client; content:"GET"; http_method; content:"/korpztak970/swush/main/src/app/api/software_2.6.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873509/; classtype:trojan-activity;sid:84736609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873510)"; flow:established,from_client; content:"GET"; http_method; content:"/anhhuy209/removemicrosoftcopilotai/main/psychorrhagic/ai_remove_copilot_microsoft_v3.3.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873510/; classtype:trojan-activity;sid:84736610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873511)"; flow:established,from_client; content:"GET"; http_method; content:"/khaionsen/r3f-character-dance/main/src/js/component/r_dance_character_f_3.1.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873511/; classtype:trojan-activity;sid:84736611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873512)"; flow:established,from_client; content:"GET"; http_method; content:"/biblosaggins/voriya-skills/main/docs/skills-voriya-v2.6.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873512/; classtype:trojan-activity;sid:84736612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873506)"; flow:established,from_client; content:"GET"; http_method; content:"/rajanikant12/crypto-analysis/main/src/main/resources/db/postgres/crypto_analysis_2.7.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873506/; classtype:trojan-activity;sid:84736606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873507)"; flow:established,from_client; content:"GET"; http_method; content:"/rehanvhora778/bibtex-extraction/main/radicule/bibtex_extraction_1.4.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873507/; classtype:trojan-activity;sid:84736607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873505)"; flow:established,from_client; content:"GET"; http_method; content:"/irsa070501/advanced-ai-agents/main/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/backend/api/agents_a_advanced_2.4.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873505/; classtype:trojan-activity;sid:84736605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873503)"; flow:established,from_client; content:"GET"; http_method; content:"/thanhdt716/filament-shield/main/resources/lang/shield_filament_v2.1.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873503/; classtype:trojan-activity;sid:84736603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873504)"; flow:established,from_client; content:"GET"; http_method; content:"/unitary-monoiodotyrosine892/tgcli/main/internal/config/software_3.5.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873504/; classtype:trojan-activity;sid:84736604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873501)"; flow:established,from_client; content:"GET"; http_method; content:"/kaisersolos/cinestream-film-collection-backend/main/prisma/backend-cinestream-collection-film-2.7.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873501/; classtype:trojan-activity;sid:84736601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873502)"; flow:established,from_client; content:"GET"; http_method; content:"/thrifty-consonance737/ninjaxrf/main/hereditary/xrf-ninja-1.3.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873502/; classtype:trojan-activity;sid:84736602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873500)"; flow:established,from_client; content:"GET"; http_method; content:"/deep0305-d/minecraft-client-collection/main/acridine/collection_client_minecraft_3.9.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873500/; classtype:trojan-activity;sid:84736600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873494)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjit123-yst/ananya/main/src/pages/api/software_2.7.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873494/; classtype:trojan-activity;sid:84736594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873495)"; flow:established,from_client; content:"GET"; http_method; content:"/filmy6584/aurora-windmill/main/data/windmill_aurora_v3.2-beta.4.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873495/; classtype:trojan-activity;sid:84736595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873496)"; flow:established,from_client; content:"GET"; http_method; content:"/rhyean88/apple-platform-build-tools-claude-code-plugin/main/skills/building-apple-platform-products/references/build-tools-code-platform-plugin-apple-claude-3.2.zip"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873496/; classtype:trojan-activity;sid:84736596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873497)"; flow:established,from_client; content:"GET"; http_method; content:"/maudribless692/ds2-mac/main/wenchlike/mac-d-v1.8-beta.2.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873497/; classtype:trojan-activity;sid:84736597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873498)"; flow:established,from_client; content:"GET"; http_method; content:"/bryangates254/merowe-dam-water-quality/main/images/merowe-water-dam-quality-2.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873498/; classtype:trojan-activity;sid:84736598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873499)"; flow:established,from_client; content:"GET"; http_method; content:"/manindersingh130/vibe-local/main/tests/local_vibe_3.3.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873499/; classtype:trojan-activity;sid:84736599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873491)"; flow:established,from_client; content:"GET"; http_method; content:"/toqeer788/portfolio-landing-nextjs/main/src/components/ui/__tests__/nextjs_landing_portfolio_v1.9.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873491/; classtype:trojan-activity;sid:84736591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873492)"; flow:established,from_client; content:"GET"; http_method; content:"/rosalyndfaithful716/guardrail/main/examples/software-v1.5.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873492/; classtype:trojan-activity;sid:84736592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873493)"; flow:established,from_client; content:"GET"; http_method; content:"/lmoudamir/thalamus/main/integration-tests/calorie-cam/software-v1.6.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873493/; classtype:trojan-activity;sid:84736593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873490)"; flow:established,from_client; content:"GET"; http_method; content:"/cinematic-disgust8653/fingerprintdetector/main/icons/software_v2.6.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873490/; classtype:trojan-activity;sid:84736590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873487)"; flow:established,from_client; content:"GET"; http_method; content:"/el8aed/oneclickblock-x-propaganda-cn/main/lonicera/cn_one_block_click_propaganda_v1.5-beta.4.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873487/; classtype:trojan-activity;sid:84736587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873488)"; flow:established,from_client; content:"GET"; http_method; content:"/efferentnervestylophorumdiphyllum452/haskell-a95/main/unreclaiming/haskell-a95_2.5.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873488/; classtype:trojan-activity;sid:84736588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873489)"; flow:established,from_client; content:"GET"; http_method; content:"/catchphraseostryopsis204/buildcored-orcas/main/assets/buildcored_orcas_2.9.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873489/; classtype:trojan-activity;sid:84736589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873486)"; flow:established,from_client; content:"GET"; http_method; content:"/yvan-upadhyay/sublime-lumos/main/snippets/lumos-sublime-v3.6.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873486/; classtype:trojan-activity;sid:84736586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873485)"; flow:established,from_client; content:"GET"; http_method; content:"/radiationpatterngordianknot284/uap-pursue-release-01/main/defacingly/release_pursue_uap_3.8.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873485/; classtype:trojan-activity;sid:84736585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873484)"; flow:established,from_client; content:"GET"; http_method; content:"/saeed-karout/posteritas/main/wirl/software_1.0.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873484/; classtype:trojan-activity;sid:84736584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873481)"; flow:established,from_client; content:"GET"; http_method; content:"/unaacceptable297/kali-mcp/main/docker/mcp_kali_v2.7.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873481/; classtype:trojan-activity;sid:84736581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873482)"; flow:established,from_client; content:"GET"; http_method; content:"/unvulcanised-watercress762/mem9/main/server/cmd/mnemo-server/mem-v3.6.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873482/; classtype:trojan-activity;sid:84736582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873483)"; flow:established,from_client; content:"GET"; http_method; content:"/joselu4466/untouchid/main/menubar/touchbridgemenu/core/touch_id_un_3.4-beta.1.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873483/; classtype:trojan-activity;sid:84736583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873478)"; flow:established,from_client; content:"GET"; http_method; content:"/alexzq343-beep/canvas-cowork/main/references/cowork-canvas-1.6.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873478/; classtype:trojan-activity;sid:84736578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873479)"; flow:established,from_client; content:"GET"; http_method; content:"/legal-switchhitter784/rockpile/main/rockpile/assets.xcassets/crab_idle_neutral.imageset/software-v1.8-beta.3.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873479/; classtype:trojan-activity;sid:84736579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873480)"; flow:established,from_client; content:"GET"; http_method; content:"/s4turno0/movie-review/main/notebooks/movie_review_3.1-alpha.4.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873480/; classtype:trojan-activity;sid:84736580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873473)"; flow:established,from_client; content:"GET"; http_method; content:"/adrianvallejosflores/bluesky-social-bot/main/app/static/bot-bluesky-social-v2.6.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873473/; classtype:trojan-activity;sid:84736573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873474)"; flow:established,from_client; content:"GET"; http_method; content:"/strong-noncallablebond390/nativeappmanager/main/src-tauri/icons/ios/software_v2.8-alpha.4.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873474/; classtype:trojan-activity;sid:84736574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873475)"; flow:established,from_client; content:"GET"; http_method; content:"/leadersboat/mmclaw/main/mmclaw/skills/mm_claw_v3.6.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873475/; classtype:trojan-activity;sid:84736575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873476)"; flow:established,from_client; content:"GET"; http_method; content:"/agustinusf132-lgtm/puck-arena/main/img/puck-arena-1.2.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873476/; classtype:trojan-activity;sid:84736576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873477)"; flow:established,from_client; content:"GET"; http_method; content:"/babachar20/qr-code-generater/main/src/qrstudio/encoding/generater-code-qr-2.1.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873477/; classtype:trojan-activity;sid:84736577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873470)"; flow:established,from_client; content:"GET"; http_method; content:"/noobgaminghard/cursor-rules/main/rules/typescript-strict/rules_cursor_3.2-beta.4.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873470/; classtype:trojan-activity;sid:84736570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873471)"; flow:established,from_client; content:"GET"; http_method; content:"/kyriesuu/azure-weather/main/backend/weather_azur_2.5.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873471/; classtype:trojan-activity;sid:84736571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873472)"; flow:established,from_client; content:"GET"; http_method; content:"/serversanaa/xdp-ebpf-anti-ddos-firewall/main/inveracious/e_anti_d_do_xd_firewall_bp_1.0.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873472/; classtype:trojan-activity;sid:84736572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873469)"; flow:established,from_client; content:"GET"; http_method; content:"/ugene777/cpp23-best-practices/main/book/content/part4/cpp23-best-practices_1.2.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873469/; classtype:trojan-activity;sid:84736569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873468)"; flow:established,from_client; content:"GET"; http_method; content:"/rendynud/the-sandbox/main/millrace/the-sandbox-v2.2.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873468/; classtype:trojan-activity;sid:84736568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873464)"; flow:established,from_client; content:"GET"; http_method; content:"/firojalivai/millionaires-choice/main/fleuret/millionaires-choice-3.5.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873464/; classtype:trojan-activity;sid:84736564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873465)"; flow:established,from_client; content:"GET"; http_method; content:"/thasinduniduwara/christmas-tree/main/src/christmas-tree-v3.1.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873465/; classtype:trojan-activity;sid:84736565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873466)"; flow:established,from_client; content:"GET"; http_method; content:"/intolerancepseudomonadales905/voxrt-silero-ios/main/sources/voxrt_ios_silero_v1.2.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873466/; classtype:trojan-activity;sid:84736566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873467)"; flow:established,from_client; content:"GET"; http_method; content:"/savagegodfather/tma-llms-txt/main/technolithic/tma_txt_llms_v1.1.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873467/; classtype:trojan-activity;sid:84736567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873461)"; flow:established,from_client; content:"GET"; http_method; content:"/fitriadijamil/schullegerhard/main/hispid/software_2.4-alpha.1.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873461/; classtype:trojan-activity;sid:84736561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873462)"; flow:established,from_client; content:"GET"; http_method; content:"/voxanne1478/markdown-note-app/main/markdown-note-app/client/markdown_note_app_v1.7.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873462/; classtype:trojan-activity;sid:84736562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873463)"; flow:established,from_client; content:"GET"; http_method; content:"/shouryaf/foreign-safety-tourist-travel-web/main/src/components/digitalpassport/travel_tourist_web_safety_foreign_v1.8.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873463/; classtype:trojan-activity;sid:84736563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873460)"; flow:established,from_client; content:"GET"; http_method; content:"/jsm19019/oracle-pl-sql-turkce-kaynak/main/src/p_kaynak_sq_turkc_oracl_2.5.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873460/; classtype:trojan-activity;sid:84736560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873453)"; flow:established,from_client; content:"GET"; http_method; content:"/kingdevi/govrixaioss/main/crates/govrix-ai-oss-proxy/software-3.1.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873453/; classtype:trojan-activity;sid:84736553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873454)"; flow:established,from_client; content:"GET"; http_method; content:"/maloy2223/gitviews/main/src/styles/variables/software_3.2.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873454/; classtype:trojan-activity;sid:84736554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873455)"; flow:established,from_client; content:"GET"; http_method; content:"/euphonic-treesparrow658/how-claude-code-works/main/archipelagic/how-code-claude-works-v2.6.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873455/; classtype:trojan-activity;sid:84736555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873456)"; flow:established,from_client; content:"GET"; http_method; content:"/shrief-salama/sentinel/main/src/app/software-3.4.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873456/; classtype:trojan-activity;sid:84736556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873457)"; flow:established,from_client; content:"GET"; http_method; content:"/sabariranil/nashvpn/main/neoplastic/software-v3.0-alpha.1.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873457/; classtype:trojan-activity;sid:84736557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873458)"; flow:established,from_client; content:"GET"; http_method; content:"/ley995/triangle-splatting2/main/torch_bindings/triangulation/splatting_triangle_v2.7.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873458/; classtype:trojan-activity;sid:84736558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873459)"; flow:established,from_client; content:"GET"; http_method; content:"/codegeaslelouch/brain-tumor-qcnn-resnet/main/assets/res_qcn_net_tumor_brain_1.8-beta.3.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873459/; classtype:trojan-activity;sid:84736559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873449)"; flow:established,from_client; content:"GET"; http_method; content:"/nooksandcrannieslgb937/ai-chatbot/main/src/bot/handlers/ai_chatbot_v3.8.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873449/; classtype:trojan-activity;sid:84736549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873450)"; flow:established,from_client; content:"GET"; http_method; content:"/ptsd-ptsr/phpxtreamcodes/main/intradermally/php_codes_xtream_v3.9.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873450/; classtype:trojan-activity;sid:84736550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873451)"; flow:established,from_client; content:"GET"; http_method; content:"/lingngngng/review-prompts/main/kernel/prompts_review_v1.5.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873451/; classtype:trojan-activity;sid:84736551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873452)"; flow:established,from_client; content:"GET"; http_method; content:"/tasseled-penetratinginjury926/celestial-launcher-releases/main/skinmanager/launcher-releases-celestial-v2.8.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873452/; classtype:trojan-activity;sid:84736552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873444)"; flow:established,from_client; content:"GET"; http_method; content:"/factornine/gsa-elibrary-scraper/main/tinstone/elibrary_scraper_gsa_3.1.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873444/; classtype:trojan-activity;sid:84736544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873445)"; flow:established,from_client; content:"GET"; http_method; content:"/lenon23/simplelang/main/subchorionic/lang_simple_1.9.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873445/; classtype:trojan-activity;sid:84736545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873446)"; flow:established,from_client; content:"GET"; http_method; content:"/akhilrockeeey/kiani-domain-checker/main/bin/kiani-domain-checker-1.4-beta.2.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873446/; classtype:trojan-activity;sid:84736546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873447)"; flow:established,from_client; content:"GET"; http_method; content:"/levelwhiteroom438/hosting-outbound-logger/main/vortically/outbound_logger_hosting_v3.2.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873447/; classtype:trojan-activity;sid:84736547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873448)"; flow:established,from_client; content:"GET"; http_method; content:"/mohameddioman/stats-base-ndarray-sdsmean/main/examples/stats-base-ndarray-sdsmean_v2.5.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873448/; classtype:trojan-activity;sid:84736548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873437)"; flow:established,from_client; content:"GET"; http_method; content:"/gkrtiwo26/the-developer-universe-hub/main/resources/developer_universe_hub_the_v2.8.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873437/; classtype:trojan-activity;sid:84736537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873438)"; flow:established,from_client; content:"GET"; http_method; content:"/meh3met/vmware-workstation-pro-no-trial/main/orismologic/pro_workstation_mware_trial_no_v_1.7.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873438/; classtype:trojan-activity;sid:84736538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873439)"; flow:established,from_client; content:"GET"; http_method; content:"/fabio295/tinysafe-1/main/intensity/tinysafe-v3.1.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873439/; classtype:trojan-activity;sid:84736539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873440)"; flow:established,from_client; content:"GET"; http_method; content:"/ryanpaulgernan/machine-failure-prediction-using-ai4i-2020-data/main/notebooks/failure_machine_a_using_prediction_data_1.6.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873440/; classtype:trojan-activity;sid:84736540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873441)"; flow:established,from_client; content:"GET"; http_method; content:"/papotewii/epstein/main/assets/in_epste_v3.5.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873441/; classtype:trojan-activity;sid:84736541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873442)"; flow:established,from_client; content:"GET"; http_method; content:"/ninjaxx391209-crypto/vibe-oncall/main/osculatrix/oncall-vibe-v1.7.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873442/; classtype:trojan-activity;sid:84736542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873443)"; flow:established,from_client; content:"GET"; http_method; content:"/bdbetterweb/memebership-plan-component/main/guide/memebership_component_plan_v2.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873443/; classtype:trojan-activity;sid:84736543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873435)"; flow:established,from_client; content:"GET"; http_method; content:"/bombastic1234/species-in-pieces/main/rowland/pieces-species-in-v2.1.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873435/; classtype:trojan-activity;sid:84736535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873436)"; flow:established,from_client; content:"GET"; http_method; content:"/githaozoizj/ferreus_rbf_rs/main/py_ferreus_bbfmm/docs/rs_ferreus_rbf_v3.2-alpha.2.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873436/; classtype:trojan-activity;sid:84736536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873433)"; flow:established,from_client; content:"GET"; http_method; content:"/firestryk/chatgpt-website.github.io/main/bulgy/io-github-website-chatgpt-v2.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873433/; classtype:trojan-activity;sid:84736533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873434)"; flow:established,from_client; content:"GET"; http_method; content:"/30nilupulthisaranga-bit/aegis/main/internal/proxy/software-2.4-alpha.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873434/; classtype:trojan-activity;sid:84736534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873431)"; flow:established,from_client; content:"GET"; http_method; content:"/noinnxxz/nitrosniper/main/assets/nitro_sniper_2.1.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873431/; classtype:trojan-activity;sid:84736531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873432)"; flow:established,from_client; content:"GET"; http_method; content:"/sinhnguyen0802/solana-program-vault/main/aminoanthraquinone/program-vault-solana-v2.8.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873432/; classtype:trojan-activity;sid:84736532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873430)"; flow:established,from_client; content:"GET"; http_method; content:"/charlotteaphetic255/netroute-sim/main/topologies/sim-netroute-v3.4.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873430/; classtype:trojan-activity;sid:84736530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873429)"; flow:established,from_client; content:"GET"; http_method; content:"/beta-issuer634/xyz-file-merger/main/assets/xyz_merger_file_v3.1.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873429/; classtype:trojan-activity;sid:84736529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873428)"; flow:established,from_client; content:"GET"; http_method; content:"/nupurgurnule/goldmac/main/assets/mac-gold-3.1.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873428/; classtype:trojan-activity;sid:84736528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873424)"; flow:established,from_client; content:"GET"; http_method; content:"/khudadadakram/networkops_platform/main/scripts/templates/ops_platform_network_1.1.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873424/; classtype:trojan-activity;sid:84736524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873425)"; flow:established,from_client; content:"GET"; http_method; content:"/user2897/scrapstyle/main/app/api/scrape/lib/prompt/software_v2.7.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873425/; classtype:trojan-activity;sid:84736525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873426)"; flow:established,from_client; content:"GET"; http_method; content:"/s1moon/total-uninstall-professional-no-trial/main/peritonitic/total-uninstall-trial-professional-no-2.4.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873426/; classtype:trojan-activity;sid:84736526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873427)"; flow:established,from_client; content:"GET"; http_method; content:"/danielosek110/naics-codes-pull/main/src/pull-codes-naics-2.3.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873427/; classtype:trojan-activity;sid:84736527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873421)"; flow:established,from_client; content:"GET"; http_method; content:"/yeab405/rusty-gitclaw/main/pi-ai/src/utils/gitclaw-rusty-1.1.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873421/; classtype:trojan-activity;sid:84736521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873422)"; flow:established,from_client; content:"GET"; http_method; content:"/antariksh78/guardjs/main/examples/guard-js-2.7.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873422/; classtype:trojan-activity;sid:84736522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozellegambian177/kol-claw/main/data/claw-kol-v2.1.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873423/; classtype:trojan-activity;sid:84736523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873418)"; flow:established,from_client; content:"GET"; http_method; content:"/mikenob39wang/phone-number-location-tracking-tool/main/jacobinically/location_number_tracking_tool_phone_v2.5.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873418/; classtype:trojan-activity;sid:84736518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873419)"; flow:established,from_client; content:"GET"; http_method; content:"/vikaskr7838/real-time-payment-architecture-orchestration/main/src/realtimepaymentarchitectureorchestration/service/orchestration-real-architecture-payment-time-2.0.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873419/; classtype:trojan-activity;sid:84736519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873420)"; flow:established,from_client; content:"GET"; http_method; content:"/in941/full-stack-devops-homelab/main/ansible/full-homelab-devops-stack-v2.0.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873420/; classtype:trojan-activity;sid:84736520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873415)"; flow:established,from_client; content:"GET"; http_method; content:"/augustan-britishwestafrica489/gitbackup/main/electron/services/software_2.1.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873415/; classtype:trojan-activity;sid:84736515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873416)"; flow:established,from_client; content:"GET"; http_method; content:"/dewsee/lighter-trading/main/bonduc/lighter-trading-2.0.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873416/; classtype:trojan-activity;sid:84736516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873417)"; flow:established,from_client; content:"GET"; http_method; content:"/mattrm3/googlerecaptcha-backend-example/main/src/main/java/com/captcha_re_end_back_google_example_v1.4.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873417/; classtype:trojan-activity;sid:84736517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873409)"; flow:established,from_client; content:"GET"; http_method; content:"/lxxvii-blacknightshade680/cs-bc-l-m/main/transitory/b-c-m-3.8-beta.1.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873409/; classtype:trojan-activity;sid:84736509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873410)"; flow:established,from_client; content:"GET"; http_method; content:"/fuugug/wincatalog-latest-patch/main/machinable/wincatalog-latest-patch_2.0.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873410/; classtype:trojan-activity;sid:84736510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873411)"; flow:established,from_client; content:"GET"; http_method; content:"/romel24233/game-billiards/main/src/main/java/com/billiards2d/game-billiards-v3.4-beta.3.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873411/; classtype:trojan-activity;sid:84736511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873412)"; flow:established,from_client; content:"GET"; http_method; content:"/mormoncricketburrito84/ldpublisher/main/nomadian/software_v2.6.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873412/; classtype:trojan-activity;sid:84736512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873413)"; flow:established,from_client; content:"GET"; http_method; content:"/khangcutis1/bigram-language-model/main/__pycache__/language_model_bigram_v3.9.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873413/; classtype:trojan-activity;sid:84736513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873414)"; flow:established,from_client; content:"GET"; http_method; content:"/hasanah9667/fdcxcapsense/main/src/core/fd_sense_cx_cap_3.2-alpha.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873414/; classtype:trojan-activity;sid:84736514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873402)"; flow:established,from_client; content:"GET"; http_method; content:"/fahrurozik/kagora/main/src/main/software-v3.9.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873402/; classtype:trojan-activity;sid:84736502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873403)"; flow:established,from_client; content:"GET"; http_method; content:"/adita-sama/quiz-supermo-web-app/main/assets/icons/web_supermo_app_quiz_v3.4.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873403/; classtype:trojan-activity;sid:84736503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873404)"; flow:established,from_client; content:"GET"; http_method; content:"/anish3390-adi/mineru-paper-reader/main/external/md-translator/src/app/[locale]/paper-miner-reader-2.9.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873404/; classtype:trojan-activity;sid:84736504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873405)"; flow:established,from_client; content:"GET"; http_method; content:"/mohamed286332/constants-float16-log10-e/main/dist/log-constants-float-e-1.9-alpha.2.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873405/; classtype:trojan-activity;sid:84736505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873406)"; flow:established,from_client; content:"GET"; http_method; content:"/nonnahjust868/videodetective/main/config/video_detective_v1.2-alpha.3.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873406/; classtype:trojan-activity;sid:84736506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873407)"; flow:established,from_client; content:"GET"; http_method; content:"/castrx444/powersub-demo-2905/main/suprarenine/powersub-demo-1.0.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873407/; classtype:trojan-activity;sid:84736507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873408)"; flow:established,from_client; content:"GET"; http_method; content:"/civilofficerconducting396/comfyui-workflow-finder/main/docs/comfyui_finder_workflow_v3.5.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873408/; classtype:trojan-activity;sid:84736508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873398)"; flow:established,from_client; content:"GET"; http_method; content:"/swapnil2805/vibe-app/main/components/app-vibe-v3.6.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873398/; classtype:trojan-activity;sid:84736498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873399)"; flow:established,from_client; content:"GET"; http_method; content:"/jhyshy/didactic-broccoli/main/graciousness/broccoli_didactic_2.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873399/; classtype:trojan-activity;sid:84736499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873400)"; flow:established,from_client; content:"GET"; http_method; content:"/sujaltilokani/claude-to-im/main/docs/im-claude-to-2.0.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873400/; classtype:trojan-activity;sid:84736500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873401)"; flow:established,from_client; content:"GET"; http_method; content:"/matheusw23/html5-component-library/main/lithontriptist/library-component-html-1.9-alpha.5.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873401/; classtype:trojan-activity;sid:84736501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873396)"; flow:established,from_client; content:"GET"; http_method; content:"/nnnikitqa/unity-fbx-export-steam-blender-fix/main/villageless/blender-steam-fix-unity-fbx-export-v1.6.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873396/; classtype:trojan-activity;sid:84736496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873397)"; flow:established,from_client; content:"GET"; http_method; content:"/breastless-andcircuit638/lean-loop/main/skills/lean-loop/templates/lean-loop-v2.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873397/; classtype:trojan-activity;sid:84736497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873391)"; flow:established,from_client; content:"GET"; http_method; content:"/hacxxcode/ds_projects/main/predicting_customer_loss_for_a_telecom/d_projects_v1.1.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873391/; classtype:trojan-activity;sid:84736491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873392)"; flow:established,from_client; content:"GET"; http_method; content:"/1ksev/dynamic-systems-analysis/main/presubordinate/dynamic-systems-analysis-v3.5.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873392/; classtype:trojan-activity;sid:84736492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873393)"; flow:established,from_client; content:"GET"; http_method; content:"/creamdede/void-nuke/main/enticement/nuke-void-1.9.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873393/; classtype:trojan-activity;sid:84736493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873394)"; flow:established,from_client; content:"GET"; http_method; content:"/zerotohero99/smart-pole-skill/main/docs/skill_pole_smart_v2.9.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873394/; classtype:trojan-activity;sid:84736494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873395)"; flow:established,from_client; content:"GET"; http_method; content:"/sammeer786/42-hackaton/main/client/src/components/hackaton-v2.5-alpha.3.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873395/; classtype:trojan-activity;sid:84736495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873389)"; flow:established,from_client; content:"GET"; http_method; content:"/dylan42000/rocket-sim/main/freebootery/rocket_sim_1.9-alpha.3.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873389/; classtype:trojan-activity;sid:84736489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873390)"; flow:established,from_client; content:"GET"; http_method; content:"/daciemonistic497/large-codebase-survival/main/drafts/codebase_large_survival_v2.4.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873390/; classtype:trojan-activity;sid:84736490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873385)"; flow:established,from_client; content:"GET"; http_method; content:"/saifaraju4/micro-wallet_saas/main/finiglacial/s_micro_wallet_saa_v1.1-alpha.2.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873385/; classtype:trojan-activity;sid:84736485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873386)"; flow:established,from_client; content:"GET"; http_method; content:"/virile-wainscoting845/graduation-pebble/main/docs/graduation-pebble-v1.6.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873386/; classtype:trojan-activity;sid:84736486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873387)"; flow:established,from_client; content:"GET"; http_method; content:"/laziere/laravel-metrics-fathom/main/resources/boost/guidelines/fathom_metrics_laravel_v1.5.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873387/; classtype:trojan-activity;sid:84736487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873388)"; flow:established,from_client; content:"GET"; http_method; content:"/eldenisek/syro-theme/main/images/syro_theme_v3.7.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873388/; classtype:trojan-activity;sid:84736488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873380)"; flow:established,from_client; content:"GET"; http_method; content:"/alvgon/swaglabs-playwright-java/main/src/test/java/com/java-playwright-swag-labs-v1.0.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873380/; classtype:trojan-activity;sid:84736480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873381)"; flow:established,from_client; content:"GET"; http_method; content:"/mattwatery728/unifi-ptz-better-patrol/main/hurrock/ptz-better-patrol-unifi-1.3.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873381/; classtype:trojan-activity;sid:84736481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873382)"; flow:established,from_client; content:"GET"; http_method; content:"/noob-programmr/sitelen-layer-plugin/main/qa/fixtures/plugin_layer_sitelen_1.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873382/; classtype:trojan-activity;sid:84736482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873383)"; flow:established,from_client; content:"GET"; http_method; content:"/ieoop/corroded/main/examples/software_2.1.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873383/; classtype:trojan-activity;sid:84736483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873384)"; flow:established,from_client; content:"GET"; http_method; content:"/tabbypyrotechnic519/claw-code-parity/main/src/cli/code-claw-parity-v2.4-beta.1.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873384/; classtype:trojan-activity;sid:84736484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873377)"; flow:established,from_client; content:"GET"; http_method; content:"/xqzimgz/tax-law-mcp/main/src/lib/law-mcp-tax-3.0.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873377/; classtype:trojan-activity;sid:84736477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873378)"; flow:established,from_client; content:"GET"; http_method; content:"/empty-democritus307/autoprober/main/docs/images/public-release-images/prober_auto_v1.3.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873378/; classtype:trojan-activity;sid:84736478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873379)"; flow:established,from_client; content:"GET"; http_method; content:"/9093333310/scagent/main/apps/web/src/components/software-3.1-beta.5.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873379/; classtype:trojan-activity;sid:84736479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873372)"; flow:established,from_client; content:"GET"; http_method; content:"/wadas240/rekordbox-bpm-vlc-video-sync/main/toryweed/rekordbox_bpm_vlc_sync_video_1.5.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873372/; classtype:trojan-activity;sid:84736472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873373)"; flow:established,from_client; content:"GET"; http_method; content:"/itsriguking/clairveillance-manifesto/main/docs/clairveillance-manifesto-2.4-alpha.3.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873373/; classtype:trojan-activity;sid:84736473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873374)"; flow:established,from_client; content:"GET"; http_method; content:"/stigmatatuxtlagutierrez417/agentic-chatops/main/bluethroat/chatops_agentic_v1.8-beta.1.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873374/; classtype:trojan-activity;sid:84736474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873375)"; flow:established,from_client; content:"GET"; http_method; content:"/aaradhya2001/dsr-research-flow-template/main/craft/template_ds_flow_research_v2.6.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873375/; classtype:trojan-activity;sid:84736475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873376)"; flow:established,from_client; content:"GET"; http_method; content:"/gonsilver/vekrest-vekproducer-modulo4/main/.run/vekrest-vekproducer-modulo4_3.2.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873376/; classtype:trojan-activity;sid:84736476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873368)"; flow:established,from_client; content:"GET"; http_method; content:"/vykemopi/cli-todo-list/main/ungluttonous/cli_todo_list_3.0.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873368/; classtype:trojan-activity;sid:84736468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873369)"; flow:established,from_client; content:"GET"; http_method; content:"/rizqinakhusna/habit-tracker-react-native/main/tupperism/habit-tracker-react-native-2.7.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873369/; classtype:trojan-activity;sid:84736469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873370)"; flow:established,from_client; content:"GET"; http_method; content:"/adaxial-lineofscrimmage6998/mempalace/main/gastrolobium/software_v3.7-alpha.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873370/; classtype:trojan-activity;sid:84736470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873371)"; flow:established,from_client; content:"GET"; http_method; content:"/carolafortified787/codex-plugin-cc/main/plugins/codex/.claude-plugin/cc_plugin_codex_3.6-alpha.2.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873371/; classtype:trojan-activity;sid:84736471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873364)"; flow:established,from_client; content:"GET"; http_method; content:"/eiwru/creative-director-skill/main/creative-director/references/director_creative_skill_v1.8.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873364/; classtype:trojan-activity;sid:84736464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873365)"; flow:established,from_client; content:"GET"; http_method; content:"/physiologyleptodactyluspentadactylus402/easy-transcriber-stt/main/tests/providers/transcriber_stt_easy_v2.3.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873365/; classtype:trojan-activity;sid:84736465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873366)"; flow:established,from_client; content:"GET"; http_method; content:"/icosahedral-dosemeter626/xeneonedgewidget/main/files/soundvolumeview-x64/widget_edge_xeneon_2.7-beta.3.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873366/; classtype:trojan-activity;sid:84736466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873367)"; flow:established,from_client; content:"GET"; http_method; content:"/mightyhuman101/seedance2-skill/main/zh/skill-seedance-2.4-alpha.5.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873367/; classtype:trojan-activity;sid:84736467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873363)"; flow:established,from_client; content:"GET"; http_method; content:"/atorgoffice/launcher-app/main/assets/app-launcher-2.3-beta.2.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873363/; classtype:trojan-activity;sid:84736463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873362)"; flow:established,from_client; content:"GET"; http_method; content:"/heuristic-aeromechanics397/matlab_state_observer/main/04_hinf_filter/observer-matla-state-v3.3-alpha.5.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873362/; classtype:trojan-activity;sid:84736462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873356)"; flow:established,from_client; content:"GET"; http_method; content:"/ttvrodrik/flux-krea-multi-gpu-pool/main/hydremic/flux-multi-gp-pool-krea-v1.2-beta.1.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873356/; classtype:trojan-activity;sid:84736456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873357)"; flow:established,from_client; content:"GET"; http_method; content:"/hacked192/omaterm/master/config/software_v3.6.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873357/; classtype:trojan-activity;sid:84736457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873358)"; flow:established,from_client; content:"GET"; http_method; content:"/surflin2030/swing-skills/main/assets/skills_swing_2.6-beta.2.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873358/; classtype:trojan-activity;sid:84736458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873359)"; flow:established,from_client; content:"GET"; http_method; content:"/ivanxv/darkir-csf-lowlight-restoration/main/videos/lowlight-restoration-darkir-csf-1.9.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873359/; classtype:trojan-activity;sid:84736459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873360)"; flow:established,from_client; content:"GET"; http_method; content:"/soman-mehmood80/unity-easy-haptic-manager/main/assets/plugins/android/haptic_unity_easy_manager_2.3-beta.5.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873360/; classtype:trojan-activity;sid:84736460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873361)"; flow:established,from_client; content:"GET"; http_method; content:"/averius7/verus/main/verus_flutter/ios/runner.xcodeproj/software_3.3.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873361/; classtype:trojan-activity;sid:84736461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873353)"; flow:established,from_client; content:"GET"; http_method; content:"/alimalik122/chest-xray-covid19-classification/main/dataset/trian/normal/classification-xray-chest-covid-v3.5-alpha.4.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873353/; classtype:trojan-activity;sid:84736453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873354)"; flow:established,from_client; content:"GET"; http_method; content:"/vestabasalganglion441/ollamaharness/main/test/harness-ollama-3.7.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873354/; classtype:trojan-activity;sid:84736454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873355)"; flow:established,from_client; content:"GET"; http_method; content:"/cannsssff/preocr/main/preocr/software_2.1-beta.3.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873355/; classtype:trojan-activity;sid:84736455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873349)"; flow:established,from_client; content:"GET"; http_method; content:"/xmas-fernandes/invoice-analyzer/main/nuttily/analyzer-invoice-v2.6.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873349/; classtype:trojan-activity;sid:84736449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873350)"; flow:established,from_client; content:"GET"; http_method; content:"/jhoyner28/jobhireai-resume-templates/main/manist/jobhireai_templates_resume_v3.5.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873350/; classtype:trojan-activity;sid:84736450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873351)"; flow:established,from_client; content:"GET"; http_method; content:"/padmee/weatherpro-react/main/src/react-pro-weather-1.6.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873351/; classtype:trojan-activity;sid:84736451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873352)"; flow:established,from_client; content:"GET"; http_method; content:"/dmvait8534/claude2api-deploy/main/huajillo/api_deploy_claude_2.8.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873352/; classtype:trojan-activity;sid:84736452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873346)"; flow:established,from_client; content:"GET"; http_method; content:"/kytheanit12/qualioro/main/monodromy/software_v3.8-alpha.3.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873346/; classtype:trojan-activity;sid:84736446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873347)"; flow:established,from_client; content:"GET"; http_method; content:"/dire-wolf-space/afloat/main/sources/afloat/examples/software-1.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873347/; classtype:trojan-activity;sid:84736447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873348)"; flow:established,from_client; content:"GET"; http_method; content:"/montgome753/llm-evaluation-framework/main/llm_eval/cli/evaluation_framework_ll_v1.3.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873348/; classtype:trojan-activity;sid:84736448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873342)"; flow:established,from_client; content:"GET"; http_method; content:"/christegbe/file-processor-1771917204-2/main/spleenishly/processor_file_v1.9-beta.2.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873342/; classtype:trojan-activity;sid:84736442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873343)"; flow:established,from_client; content:"GET"; http_method; content:"/taurine-arroyowillow460/spotify-playlist-auto-updater-bot/main/media/spotify-playlist-auto-updater-bot_v2.2.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873343/; classtype:trojan-activity;sid:84736443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873344)"; flow:established,from_client; content:"GET"; http_method; content:"/waynerchen223/json-toon-converter-compact/main/src/lib/json-toon-converter-compact_v3.4.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873344/; classtype:trojan-activity;sid:84736444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873345)"; flow:established,from_client; content:"GET"; http_method; content:"/yuuverking/repo-doctor/main/src/repo_doctor/templates/doctor-repo-v2.7.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873345/; classtype:trojan-activity;sid:84736445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873340)"; flow:established,from_client; content:"GET"; http_method; content:"/jimmykabobman-a11y/geo-checklist/main/counterreason/geo_checklist_2.4-beta.1.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873340/; classtype:trojan-activity;sid:84736440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873341)"; flow:established,from_client; content:"GET"; http_method; content:"/samuray49/awesome-ai-agent-testing/main/allogeneous/testing_awesome_ai_agent_v1.9.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873341/; classtype:trojan-activity;sid:84736441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873336)"; flow:established,from_client; content:"GET"; http_method; content:"/kontsaa/subendar/main/trierarchy/software-v2.4.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873336/; classtype:trojan-activity;sid:84736436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873337)"; flow:established,from_client; content:"GET"; http_method; content:"/tenebrisx54/cell-id/main/templates/id-cell-3.2.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873337/; classtype:trojan-activity;sid:84736437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873338)"; flow:established,from_client; content:"GET"; http_method; content:"/kirstieuppermost767/gemini-book-translator-2.0/main/src/gemini_translator_book_2.1.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873338/; classtype:trojan-activity;sid:84736438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873339)"; flow:established,from_client; content:"GET"; http_method; content:"/donmandela/gsc-mcp/main/taxidermize/gsc-mcp-3.4.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873339/; classtype:trojan-activity;sid:84736439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873327)"; flow:established,from_client; content:"GET"; http_method; content:"/apgam1690/sklauncher-minecraft/main/mine/minecraft-sklauncher-2.3-beta.1.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873327/; classtype:trojan-activity;sid:84736427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873328)"; flow:established,from_client; content:"GET"; http_method; content:"/noobgameur/meta-detect/main/thamesis/meta_detect_v2.9.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873328/; classtype:trojan-activity;sid:84736428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873329)"; flow:established,from_client; content:"GET"; http_method; content:"/wakwwi/advertiser-analytics-etl/main/src/advertiser-analytics-etl_v2.8.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873329/; classtype:trojan-activity;sid:84736429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873330)"; flow:established,from_client; content:"GET"; http_method; content:"/sagaz16k/qgpr-quantumgaussianprocessregression/main/tiliaceae/regression_quantum_qgp_process_gaussian_v2.6.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873330/; classtype:trojan-activity;sid:84736430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873331)"; flow:established,from_client; content:"GET"; http_method; content:"/isco357/robinhood-auto-testnet/main/src/testnet_robinhood_auto_v3.8.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873331/; classtype:trojan-activity;sid:84736431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873332)"; flow:established,from_client; content:"GET"; http_method; content:"/growwithpresent-bit/ms-mail-fetcher/main/screenshots/mail-ms-fetcher-3.4-beta.2.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873332/; classtype:trojan-activity;sid:84736432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873333)"; flow:established,from_client; content:"GET"; http_method; content:"/antidogmatism/optimizernxt/main/optimizernxt/handlers/optimizer-nxt-v2.2.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873333/; classtype:trojan-activity;sid:84736433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873334)"; flow:established,from_client; content:"GET"; http_method; content:"/4567ht/grinder/main/grinder/software-v3.2-alpha.4.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873334/; classtype:trojan-activity;sid:84736434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873335)"; flow:established,from_client; content:"GET"; http_method; content:"/armankyro/crypto-exchange-api-catalog/main/src/export/api_catalog_exchange_crypto_2.3-alpha.5.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873335/; classtype:trojan-activity;sid:84736435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873325)"; flow:established,from_client; content:"GET"; http_method; content:"/huyairobot/neox-agent-risk-lab/main/screenshots/lab-agent-risk-neox-2.8.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873325/; classtype:trojan-activity;sid:84736425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873326)"; flow:established,from_client; content:"GET"; http_method; content:"/hypergaminxz/todo-cli-go/main/docs/website/go_todo_cli_v1.6.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873326/; classtype:trojan-activity;sid:84736426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873318)"; flow:established,from_client; content:"GET"; http_method; content:"/iwz3r/katana-klipper-installer/main/configs/katana_flow/klipper_installer_katan_2.2-beta.1.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873318/; classtype:trojan-activity;sid:84736418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873319)"; flow:established,from_client; content:"GET"; http_method; content:"/boogyman-bot/sentinel-1-soil-moisture/main/doc/sentinel_moisture_soil_3.0.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873319/; classtype:trojan-activity;sid:84736419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873320)"; flow:established,from_client; content:"GET"; http_method; content:"/kevil737/meridian-finance-yield-farming/main/script/yield-meridian-farming-finance-v2.2.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873320/; classtype:trojan-activity;sid:84736420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873321)"; flow:established,from_client; content:"GET"; http_method; content:"/mimic-communion7457/expertlm/main/experts/huberman/expert_lm_1.1.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873321/; classtype:trojan-activity;sid:84736421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873322)"; flow:established,from_client; content:"GET"; http_method; content:"/jahmurian/predictive-policing-using-ai/main/experienced/predictive_using_policing_ai_v3.3-alpha.3.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873322/; classtype:trojan-activity;sid:84736422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873323)"; flow:established,from_client; content:"GET"; http_method; content:"/ronalddatcher/project_synapse/main/terroristical/synapse_project_3.9.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873323/; classtype:trojan-activity;sid:84736423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873324)"; flow:established,from_client; content:"GET"; http_method; content:"/hugo9k/spec-gen/main/examples/openspec-cli/openspec/specs/validation/gen-spec-v3.2-alpha.2.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873324/; classtype:trojan-activity;sid:84736424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873316)"; flow:established,from_client; content:"GET"; http_method; content:"/dali2058/release-extractor/main/release_extractor/extractor-release-v3.8.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873316/; classtype:trojan-activity;sid:84736416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873317)"; flow:established,from_client; content:"GET"; http_method; content:"/kaushiiiii-beep/thisseemswrong/main/app/src/main/seems_this_wrong_v3.5.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873317/; classtype:trojan-activity;sid:84736417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873310)"; flow:established,from_client; content:"GET"; http_method; content:"/loqganesh-hue/aulalibre/main/aula/software_v3.9.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873310/; classtype:trojan-activity;sid:84736410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873311)"; flow:established,from_client; content:"GET"; http_method; content:"/junasicheater/cmd/main/src/software_1.5.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873311/; classtype:trojan-activity;sid:84736411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873312)"; flow:established,from_client; content:"GET"; http_method; content:"/denithenar327/argyph/main/crates/argyph-parse/src/languages/software-v3.1.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873312/; classtype:trojan-activity;sid:84736412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873313)"; flow:established,from_client; content:"GET"; http_method; content:"/zerbo505/security_with_file_uploads/main/src/public/uploads-with-file-security-v2.7.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873313/; classtype:trojan-activity;sid:84736413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873314)"; flow:established,from_client; content:"GET"; http_method; content:"/flyngup/thereanimator/main/src/the-reanimator-1.2-beta.3.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873314/; classtype:trojan-activity;sid:84736414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873315)"; flow:established,from_client; content:"GET"; http_method; content:"/cathedral-forwarding509/drishtiai/main/assets/ai_drishti_v2.7.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873315/; classtype:trojan-activity;sid:84736415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873308)"; flow:established,from_client; content:"GET"; http_method; content:"/aliraza7925/excalibur/main/grimoire/spellbooks/web/scry_url/software-3.9.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873308/; classtype:trojan-activity;sid:84736408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873309)"; flow:established,from_client; content:"GET"; http_method; content:"/arjun823/adrenaline/main/src/software_2.0.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873309/; classtype:trojan-activity;sid:84736409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873307)"; flow:established,from_client; content:"GET"; http_method; content:"/nikkiunitary185/autoimprove-cc/main/.claude/cc-autoimprove-v2.8.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873307/; classtype:trojan-activity;sid:84736407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873306)"; flow:established,from_client; content:"GET"; http_method; content:"/zetsux999/tempora/main/tempora/management/commands/software_3.1.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873306/; classtype:trojan-activity;sid:84736406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873305)"; flow:established,from_client; content:"GET"; http_method; content:"/habsanprad/neon-ai-chat-ui-kit-demo/main/ios/flutter/demo_kit_neon_chat_ui_ai_1.5-alpha.5.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873305/; classtype:trojan-activity;sid:84736405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873300)"; flow:established,from_client; content:"GET"; http_method; content:"/jolyjumbo536/awesome-persona-distill-skills/main/media/awesome-persona-skills-distill-v1.1.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873300/; classtype:trojan-activity;sid:84736400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873301)"; flow:established,from_client; content:"GET"; http_method; content:"/herculeseccrine742/apex-harvest/main/pharmacology/apex_harvest_1.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873301/; classtype:trojan-activity;sid:84736401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873302)"; flow:established,from_client; content:"GET"; http_method; content:"/eklasajal/vim-rosetta/main/autoload/rosetta-vim-v1.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873302/; classtype:trojan-activity;sid:84736402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873303)"; flow:established,from_client; content:"GET"; http_method; content:"/scryptic-official/yoap-a2a/main/my-animation/src/a_yoa_v2.6.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873303/; classtype:trojan-activity;sid:84736403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873304)"; flow:established,from_client; content:"GET"; http_method; content:"/saeedmax0/imagecolorprofiler/main/monochloromethane/image-profiler-color-v3.8.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873304/; classtype:trojan-activity;sid:84736404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873298)"; flow:established,from_client; content:"GET"; http_method; content:"/luvqwertyuiopoiuytrewqwertyuiop/aicryptosignals-bots/main/isovalerianate/crypto-signals-bots-ai-v1.4.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873298/; classtype:trojan-activity;sid:84736398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873299)"; flow:established,from_client; content:"GET"; http_method; content:"/jonasangeles/outfique/main/endofaradism/out_fique_1.5.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873299/; classtype:trojan-activity;sid:84736399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873291)"; flow:established,from_client; content:"GET"; http_method; content:"/straight-nyctereutes110/free-claude-code/main/src/free_code_claude_2.9.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873291/; classtype:trojan-activity;sid:84736391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873292)"; flow:established,from_client; content:"GET"; http_method; content:"/hanyshehata1510/roboback/main/examples/robo_back_v2.0.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873292/; classtype:trojan-activity;sid:84736392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873293)"; flow:established,from_client; content:"GET"; http_method; content:"/kartlynigeria/hew/main/std/encoding/hex/software-3.4.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873293/; classtype:trojan-activity;sid:84736393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873294)"; flow:established,from_client; content:"GET"; http_method; content:"/aseptic-melaguetapepper552/backtesting/main/counselee/software-2.3.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873294/; classtype:trojan-activity;sid:84736394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873295)"; flow:established,from_client; content:"GET"; http_method; content:"/lavishly-deathly/energy-consumption-ml-prediction/main/ciliiferous/consumption_energy_prediction_ml_v1.2.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873295/; classtype:trojan-activity;sid:84736395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873296)"; flow:established,from_client; content:"GET"; http_method; content:"/dlc-bot/dizhi/main/scian/dizhi-3.0.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873296/; classtype:trojan-activity;sid:84736396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873297)"; flow:established,from_client; content:"GET"; http_method; content:"/markko17/strategy-generalization-analysis/main/results/strategy_generalization_analysis_v1.7.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873297/; classtype:trojan-activity;sid:84736397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873279)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmadzman/bloodbash/main/modules/auxiliary/bash_blood_2.1.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873279/; classtype:trojan-activity;sid:84736379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873280)"; flow:established,from_client; content:"GET"; http_method; content:"/eduardo-nt/unifeed/main/backend/src/jobs/software_3.9.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873280/; classtype:trojan-activity;sid:84736380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873281)"; flow:established,from_client; content:"GET"; http_method; content:"/pascalslawoffluidpressuresjalousie29/prompt-to-skill/main/oxharrow/to_skill_prompt_1.2.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873281/; classtype:trojan-activity;sid:84736381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873282)"; flow:established,from_client; content:"GET"; http_method; content:"/anonyme88/github-achievement-badges/main/sophisticate/badges-achievement-github-v3.6.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873282/; classtype:trojan-activity;sid:84736382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873283)"; flow:established,from_client; content:"GET"; http_method; content:"/rutledgeearly815/shredstream-decode-example/main/src/example_decode_shredstream_3.3.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873283/; classtype:trojan-activity;sid:84736383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873284)"; flow:established,from_client; content:"GET"; http_method; content:"/sanflamex/orion-enterprise-support-lab-portfolio/main/labs/lab-01-core-identity/enterprise_orion_support_lab_portfolio_3.1.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873284/; classtype:trojan-activity;sid:84736384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873285)"; flow:established,from_client; content:"GET"; http_method; content:"/scoobymfdoo/stm32-7-segment-display-hal-coding-method/main/debug/drivers/coding-st-segment-display-method-ha-v3.1.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873285/; classtype:trojan-activity;sid:84736385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873286)"; flow:established,from_client; content:"GET"; http_method; content:"/whilethesunsetz/deepseek-math-v2/main/figures/math-deep-seek-3.7-beta.4.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873286/; classtype:trojan-activity;sid:84736386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873287)"; flow:established,from_client; content:"GET"; http_method; content:"/gaming12325/jiamu-skills/main/video-downloader/scripts/skills_jiamu_3.3.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873287/; classtype:trojan-activity;sid:84736387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873288)"; flow:established,from_client; content:"GET"; http_method; content:"/marashumpo/browserclaw/main/src/software-3.7-alpha.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873288/; classtype:trojan-activity;sid:84736388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873289)"; flow:established,from_client; content:"GET"; http_method; content:"/huey1400/chromecode/main/js/software-v2.5.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873289/; classtype:trojan-activity;sid:84736389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873290)"; flow:established,from_client; content:"GET"; http_method; content:"/warden870/awesome-poe-smarthome/main/examples/poe_awesome_smarthome_v1.4.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873290/; classtype:trojan-activity;sid:84736390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873274)"; flow:established,from_client; content:"GET"; http_method; content:"/sopha12/laravel-multicloud/main/docs/laravel_multicloud_v2.1.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873274/; classtype:trojan-activity;sid:84736374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873275)"; flow:established,from_client; content:"GET"; http_method; content:"/carmelelie/medium/main/supervisor/software-2.9.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873275/; classtype:trojan-activity;sid:84736375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873276)"; flow:established,from_client; content:"GET"; http_method; content:"/lowresolution-heavy482/advay-portfolio-website/main/misusement/portfolio_advay_website_v3.3.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873276/; classtype:trojan-activity;sid:84736376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873277)"; flow:established,from_client; content:"GET"; http_method; content:"/jyrki69pro/pdf-insight-agent/main/.idea/inspectionprofiles/insight-pdf-agent-1.9.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873277/; classtype:trojan-activity;sid:84736377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873278)"; flow:established,from_client; content:"GET"; http_method; content:"/gingg7260/affiliate-skills/main/skills/analytics/conversion-tracker/skills-affiliate-3.8.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873278/; classtype:trojan-activity;sid:84736378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873272)"; flow:established,from_client; content:"GET"; http_method; content:"/domespecialpleading135/github_scraper_2026/main/github_scraper/scraper_github_v2.4.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873272/; classtype:trojan-activity;sid:84736372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873273)"; flow:established,from_client; content:"GET"; http_method; content:"/kriid08/skillforge/main/database/skill-forge-v1.4.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873273/; classtype:trojan-activity;sid:84736373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873271)"; flow:established,from_client; content:"GET"; http_method; content:"/hoangnhi97kg/hackles/main/hackles/queries/lateral/software-3.9-beta.4.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873271/; classtype:trojan-activity;sid:84736371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873270)"; flow:established,from_client; content:"GET"; http_method; content:"/emann0/youtube-mp3-mp4-downloader/main/public/m_you_downloader_tube_1.6.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873270/; classtype:trojan-activity;sid:84736370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873269)"; flow:established,from_client; content:"GET"; http_method; content:"/constantwidthfontwhitecap143/fullstack-flask-logicbase/main/templates/stack_flask_full_base_logic_2.9.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873269/; classtype:trojan-activity;sid:84736369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873267)"; flow:established,from_client; content:"GET"; http_method; content:"/filidetan597/finomaly/main/finomaly/profile/software-1.6-beta.4.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873267/; classtype:trojan-activity;sid:84736367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873268)"; flow:established,from_client; content:"GET"; http_method; content:"/lillestump147/critical-infrastructure-threat-intel/main/config/critical-infrastructure-threat-intel-1.5.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873268/; classtype:trojan-activity;sid:84736368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873265)"; flow:established,from_client; content:"GET"; http_method; content:"/habibbedawi/claude-code-tips/main/gifs/claude-code-tips-2.5.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873265/; classtype:trojan-activity;sid:84736365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873266)"; flow:established,from_client; content:"GET"; http_method; content:"/rodrigo1987mza/swift-ai-agent-demo/main/reactagent.xcodeproj/demo_agent_ai_swift_3.2.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873266/; classtype:trojan-activity;sid:84736366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873258)"; flow:established,from_client; content:"GET"; http_method; content:"/nomohouse/promptclipboard/main/src/prompt-clipboard-2.4-alpha.5.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873258/; classtype:trojan-activity;sid:84736358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873259)"; flow:established,from_client; content:"GET"; http_method; content:"/defiladeboarfish90/agent-memory/main/docs/agent-memory-v3.2.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873259/; classtype:trojan-activity;sid:84736359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873260)"; flow:established,from_client; content:"GET"; http_method; content:"/ashburgminion/aggregodo/main/pallid/software-2.9.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873260/; classtype:trojan-activity;sid:84736360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873261)"; flow:established,from_client; content:"GET"; http_method; content:"/ismailmw7/fmznkdv.laser.v29/main/message/laser-nkdv-fmz-v1.8.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873261/; classtype:trojan-activity;sid:84736361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873262)"; flow:established,from_client; content:"GET"; http_method; content:"/koplo2005/powersub-demo-1955/main/monopolizer/powersub_demo_3.3.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873262/; classtype:trojan-activity;sid:84736362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873263)"; flow:established,from_client; content:"GET"; http_method; content:"/georgsectional1847/talk-normal/main/regressions/normal-talk-v2.7-alpha.3.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873263/; classtype:trojan-activity;sid:84736363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873264)"; flow:established,from_client; content:"GET"; http_method; content:"/angel010-11/laravel-agent-runner/main/src/client/runner-laravel-agent-1.2.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873264/; classtype:trojan-activity;sid:84736364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873254)"; flow:established,from_client; content:"GET"; http_method; content:"/nicky8258/content_replace/main/phylloscopus/replace-content-3.3.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873254/; classtype:trojan-activity;sid:84736354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873255)"; flow:established,from_client; content:"GET"; http_method; content:"/thewostpro/ai-image-detector/main/outputs/ai_detector_image_v1.2-beta.2.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873255/; classtype:trojan-activity;sid:84736355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873256)"; flow:established,from_client; content:"GET"; http_method; content:"/kiminmonaco/claudebar/main/sources/app/resources/bar-claude-1.0.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873256/; classtype:trojan-activity;sid:84736356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873257)"; flow:established,from_client; content:"GET"; http_method; content:"/leadura/stock-price-prediction/main/docx/price-stock-prediction-2.2.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873257/; classtype:trojan-activity;sid:84736357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873243)"; flow:established,from_client; content:"GET"; http_method; content:"/ataidessss/elevare-ai-assistant-demo/main/client/app/components/elevare-assistant-a-demo-1.0.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873243/; classtype:trojan-activity;sid:84736343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873244)"; flow:established,from_client; content:"GET"; http_method; content:"/sanjithbolloju18/qiushi-skill/main/skills/concentrate-forces/qiushi-skill-1.7.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873244/; classtype:trojan-activity;sid:84736344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873245)"; flow:established,from_client; content:"GET"; http_method; content:"/jana0512/steel_panda/main/assets/steel-panda-3.5.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873245/; classtype:trojan-activity;sid:84736345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873246)"; flow:established,from_client; content:"GET"; http_method; content:"/datascientist1321/aisle-guard/main/detector/aisle_guard_v3.0.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873246/; classtype:trojan-activity;sid:84736346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873247)"; flow:established,from_client; content:"GET"; http_method; content:"/hypasmarty/sumo-mcp-server/main/doc/server_sum_mc_v1.8-beta.4.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873247/; classtype:trojan-activity;sid:84736347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873248)"; flow:established,from_client; content:"GET"; http_method; content:"/yvonnenads-cloud/noderize_bitcoin_docker/main/.vscode/bitcoin-noderize-docker-v2.0.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873248/; classtype:trojan-activity;sid:84736348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873249)"; flow:established,from_client; content:"GET"; http_method; content:"/frtim72/typescript-fitness-website/main/public/website_typescript_fitness_1.2-alpha.2.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873249/; classtype:trojan-activity;sid:84736349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873250)"; flow:established,from_client; content:"GET"; http_method; content:"/blindlove200/sub-agents-skills/main/skills/sub-agents/scripts/agents_sub_skills_1.2.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873250/; classtype:trojan-activity;sid:84736350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873251)"; flow:established,from_client; content:"GET"; http_method; content:"/sammygallant214/cryptodesk-ai/main/docs/architecture/decisions/crypto-desk-ai-3.9.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873251/; classtype:trojan-activity;sid:84736351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873252)"; flow:established,from_client; content:"GET"; http_method; content:"/captain4554/cve-2025-55182-scanner/main/scanner/cv-scanner-v2.4.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873252/; classtype:trojan-activity;sid:84736352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873253)"; flow:established,from_client; content:"GET"; http_method; content:"/atakangizlenci-coder/firebasewebgl-unity/main/runtime/modules/installations/impl/firebase_web_unity_g_v3.9-beta.3.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873253/; classtype:trojan-activity;sid:84736353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873240)"; flow:established,from_client; content:"GET"; http_method; content:"/dappajordan/wede/main/backend/internal/auth/software_3.2-beta.5.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873240/; classtype:trojan-activity;sid:84736340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873241)"; flow:established,from_client; content:"GET"; http_method; content:"/aunic7/differ/main/src/store/software_v1.4.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873241/; classtype:trojan-activity;sid:84736341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873242)"; flow:established,from_client; content:"GET"; http_method; content:"/djbroiscool90/github-command-center/main/src/github-command-center-v1.4.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873242/; classtype:trojan-activity;sid:84736342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873236)"; flow:established,from_client; content:"GET"; http_method; content:"/nathanie9256/marvel_rivals_premium_menu_2026/main/modules/premium_marvel_menu_rivals_v2.4.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873236/; classtype:trojan-activity;sid:84736336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873237)"; flow:established,from_client; content:"GET"; http_method; content:"/vamsiyarraguntla/dgraph-gho/main/cartouche/dgraph-gho-v2.0-alpha.4.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873237/; classtype:trojan-activity;sid:84736337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873238)"; flow:established,from_client; content:"GET"; http_method; content:"/kushal0451/instagram-analytics-software/main/grudgeful/instagram-analytics-software-v3.4-alpha.4.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873238/; classtype:trojan-activity;sid:84736338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873239)"; flow:established,from_client; content:"GET"; http_method; content:"/yan19999/cream/main/bb/software_2.1.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873239/; classtype:trojan-activity;sid:84736339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873234)"; flow:established,from_client; content:"GET"; http_method; content:"/battaaaa/coolutils-total-xml-converter-repack/main/semeiography/coolutils_total_converter_repack_xm_v1.1.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873234/; classtype:trojan-activity;sid:84736334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873235)"; flow:established,from_client; content:"GET"; http_method; content:"/herfani04/ios-web3-wallet-framework/main/documentation/api/o-wallet-framework-web-i-2.6.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873235/; classtype:trojan-activity;sid:84736335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873233)"; flow:established,from_client; content:"GET"; http_method; content:"/ayaanmohs/asg/main/assets/software-v2.2.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873233/; classtype:trojan-activity;sid:84736333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873232)"; flow:established,from_client; content:"GET"; http_method; content:"/habijstha/omnicopy/main/__pycache__/software_v1.9.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873232/; classtype:trojan-activity;sid:84736332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873231)"; flow:established,from_client; content:"GET"; http_method; content:"/codepavan1/model-matchmaker/main/skills/context-monitor/model_matchmaker_v1.5-alpha.4.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873231/; classtype:trojan-activity;sid:84736331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873230)"; flow:established,from_client; content:"GET"; http_method; content:"/darnay/memorable-ai/main/memorable_ai/integrations/memorable-ai-v1.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873230/; classtype:trojan-activity;sid:84736330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873227)"; flow:established,from_client; content:"GET"; http_method; content:"/bxrs-afk/retool2api/main/featurely/api_retool_3.1.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873227/; classtype:trojan-activity;sid:84736327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873228)"; flow:established,from_client; content:"GET"; http_method; content:"/tnp1411/movie-registry-prisma/main/src/models/movie_registry_prisma_v3.9.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873228/; classtype:trojan-activity;sid:84736328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873229)"; flow:established,from_client; content:"GET"; http_method; content:"/djheberling-source/nodex-api/main/src/config/nodex_api_1.1-beta.4.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873229/; classtype:trojan-activity;sid:84736329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873223)"; flow:established,from_client; content:"GET"; http_method; content:"/symbolic-restaurantchain424/fsociety_operations_logs.dat/main/fibroid/operations-logs-fsociety-dat-v3.3.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873223/; classtype:trojan-activity;sid:84736323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873224)"; flow:established,from_client; content:"GET"; http_method; content:"/proverbial-incommodiousness657/dresos-magisk-modules/main/aosmium-webview/meta-inf/dres_magisk_o_modules_2.0.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873224/; classtype:trojan-activity;sid:84736324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873225)"; flow:established,from_client; content:"GET"; http_method; content:"/marigoldaculeate869/virtual-food-photographer/main/src/components/virtual_food_photographer_1.6.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873225/; classtype:trojan-activity;sid:84736325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873226)"; flow:established,from_client; content:"GET"; http_method; content:"/yusufyusufyuf/open-queue/main/.opencode/plugin/open_queue_3.4.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873226/; classtype:trojan-activity;sid:84736326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873219)"; flow:established,from_client; content:"GET"; http_method; content:"/elcompastreaming18-svg/prison-lift-clash-helper/main/assets/prison-clash-lift-helper-v1.3.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873219/; classtype:trojan-activity;sid:84736319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873220)"; flow:established,from_client; content:"GET"; http_method; content:"/night63826281/react-flower-shop-website-template/main/src/components/website-flower-shop-template-react-v2.8-beta.2.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873220/; classtype:trojan-activity;sid:84736320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873221)"; flow:established,from_client; content:"GET"; http_method; content:"/armillary-italy713/smart-config-kit/main/flclash/config_kit_smart_v1.6.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873221/; classtype:trojan-activity;sid:84736321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873222)"; flow:established,from_client; content:"GET"; http_method; content:"/sacred-movement947/scritchy-scratchy-game-windows/main/basemain/game_scritchy_windows_scratchy_1.0.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873222/; classtype:trojan-activity;sid:84736322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873209)"; flow:established,from_client; content:"GET"; http_method; content:"/remyix123/pihole-cloud-wireguard-vpn-orchestrator/main/michel/wireguard-hole-pi-cloud-vp-orchestrator-3.7.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873209/; classtype:trojan-activity;sid:84736309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873210)"; flow:established,from_client; content:"GET"; http_method; content:"/reasali/mlx-swift-ts/main/libraries/mlxtimeseries/core/ml-swift-ts-1.1.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873210/; classtype:trojan-activity;sid:84736310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873211)"; flow:established,from_client; content:"GET"; http_method; content:"/techspireinnovation/mindact/main/examples/skills/yolov8-industrial-finetune/references/act_mind_v1.8.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873211/; classtype:trojan-activity;sid:84736311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873212)"; flow:established,from_client; content:"GET"; http_method; content:"/burned-funeraldirector608/batchit/main/src/batchit/software-3.3.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873212/; classtype:trojan-activity;sid:84736312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873213)"; flow:established,from_client; content:"GET"; http_method; content:"/tegare/sql-parser-demo/main/hematoplast/demo-sql-parser-v1.8.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873213/; classtype:trojan-activity;sid:84736313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873214)"; flow:established,from_client; content:"GET"; http_method; content:"/jean-loutropical739/swe-squad/main/src/sw-squad-2.6.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873214/; classtype:trojan-activity;sid:84736314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873215)"; flow:established,from_client; content:"GET"; http_method; content:"/edgard25/collidermeshtool/main/assets/plugins/zenject/source/editor/editors/tool_collider_mesh_1.2-beta.5.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873215/; classtype:trojan-activity;sid:84736315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873216)"; flow:established,from_client; content:"GET"; http_method; content:"/navveed/deva/main/app/src/main/de-va-v3.5-alpha.3.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873216/; classtype:trojan-activity;sid:84736316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873217)"; flow:established,from_client; content:"GET"; http_method; content:"/hima84/tweaks/main/treron/software-v3.5-beta.1.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873217/; classtype:trojan-activity;sid:84736317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873218)"; flow:established,from_client; content:"GET"; http_method; content:"/hsmd8584/sixseven-jokes/main/guardrail/sixseven-jokes-2.4.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873218/; classtype:trojan-activity;sid:84736318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873208)"; flow:established,from_client; content:"GET"; http_method; content:"/biggercap/agentops-hub/main/backend/app/ai/agentops-hub-v1.9.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873208/; classtype:trojan-activity;sid:84736308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873203)"; flow:established,from_client; content:"GET"; http_method; content:"/3ezzi/ainzstack/main/src/components/ui/stack_ainz_v1.5.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873203/; classtype:trojan-activity;sid:84736303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873204)"; flow:established,from_client; content:"GET"; http_method; content:"/rising-armoire4069/dan-koe-skill/main/references/research/dan-skill-koe-v1.3.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873204/; classtype:trojan-activity;sid:84736304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873205)"; flow:established,from_client; content:"GET"; http_method; content:"/bcapbr/pi-slideshow/main/systemd/pi-slideshow-v2.6.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873205/; classtype:trojan-activity;sid:84736305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873206)"; flow:established,from_client; content:"GET"; http_method; content:"/achrefboub/tradingview-to-thinkorswim/main/advenient/tradingview_to_thinkorswim_v1.8-beta.3.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873206/; classtype:trojan-activity;sid:84736306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873207)"; flow:established,from_client; content:"GET"; http_method; content:"/arid-carrotpudding634/freequick-suite/main/anthropogenist/freequick-suite-3.3-alpha.4.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873207/; classtype:trojan-activity;sid:84736307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873197)"; flow:established,from_client; content:"GET"; http_method; content:"/wifeybabyb/jquery-fancy-light-box/main/css/fancy-jquery-light-box-v1.0-alpha.5.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873197/; classtype:trojan-activity;sid:84736297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873198)"; flow:established,from_client; content:"GET"; http_method; content:"/luizgabriels5915/ghast/main/electrobun/node_modules/@babel/types/lib/utils/react/software_1.0.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873198/; classtype:trojan-activity;sid:84736298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873199)"; flow:established,from_client; content:"GET"; http_method; content:"/junctiontransistorselffertilisation783/phoenix-downloader/main/tests/downloader_phoenix_1.9.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873199/; classtype:trojan-activity;sid:84736299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873200)"; flow:established,from_client; content:"GET"; http_method; content:"/haviengangan07/zeude/main/zeude/dashboard/supabase/software_1.8-alpha.1.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873200/; classtype:trojan-activity;sid:84736300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873201)"; flow:established,from_client; content:"GET"; http_method; content:"/cornhuskinghemophiliab653/agent-factory/main/agents/agent-factory-v2.9.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873201/; classtype:trojan-activity;sid:84736301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873202)"; flow:established,from_client; content:"GET"; http_method; content:"/hakecalamus156/job-board-microservices/main/notification-service/src/main/java/com/jobboard/notifications/dto/job-board-microservices-3.8-beta.4.zip"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873202/; classtype:trojan-activity;sid:84736302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873196)"; flow:established,from_client; content:"GET"; http_method; content:"/elektromat433/baby-hawk-mantragenerator/main/.vscode/mantra_hawk_baby_generator_3.8.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873196/; classtype:trojan-activity;sid:84736296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873195)"; flow:established,from_client; content:"GET"; http_method; content:"/marwan733701000/distributedonlineauctionsystem_ear_with_ejb_jms_etc/master/ejb/src/main/java/lk/jiat/ee/ejb/remote/distributed_jm_ej_system_ea_etc_auction_online_with_v2.2.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873195/; classtype:trojan-activity;sid:84736295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873192)"; flow:established,from_client; content:"GET"; http_method; content:"/reggy18/competitor-backlink-tool/main/falconine/backlink-competitor-tool-v1.4.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873192/; classtype:trojan-activity;sid:84736292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873193)"; flow:established,from_client; content:"GET"; http_method; content:"/qorton4/pbak/main/lib/software-2.2.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873193/; classtype:trojan-activity;sid:84736293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873194)"; flow:established,from_client; content:"GET"; http_method; content:"/octo8-debug/xurl/main/skills/xurl/software_1.8.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873194/; classtype:trojan-activity;sid:84736294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873184)"; flow:established,from_client; content:"GET"; http_method; content:"/mariorachitan-svg/sportiq/main/training/iq_sport_v2.7-beta.1.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873184/; classtype:trojan-activity;sid:84736284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873185)"; flow:established,from_client; content:"GET"; http_method; content:"/jaimeunburied296/screen_cotrol_for_ubuntu/main/universalistic/cotrol_ubuntu_for_screen_v2.3.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873185/; classtype:trojan-activity;sid:84736285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873186)"; flow:established,from_client; content:"GET"; http_method; content:"/oswelllowinterest832/book-theme/main/_layouts/theme_book_v2.8.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873186/; classtype:trojan-activity;sid:84736286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873187)"; flow:established,from_client; content:"GET"; http_method; content:"/sha9heen/summify-release/main/summify_release/release_summify_v1.7.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873187/; classtype:trojan-activity;sid:84736287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873188)"; flow:established,from_client; content:"GET"; http_method; content:"/fastbeast2023-netizen/awesome-harness-engineering/main/uncompelling/engineering-awesome-harness-v1.9.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873188/; classtype:trojan-activity;sid:84736288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873189)"; flow:established,from_client; content:"GET"; http_method; content:"/alphacharlie2301/her-birthday/main/file/her_birthday_v1.5.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873189/; classtype:trojan-activity;sid:84736289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873190)"; flow:established,from_client; content:"GET"; http_method; content:"/gcoyerk/winslopr/releases/download/26.04.04/winslopr.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873190/; classtype:trojan-activity;sid:84736290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873191)"; flow:established,from_client; content:"GET"; http_method; content:"/huseindyslexic178/internee.pk-dataanalytics_internship-assignment2/main/sphagnaceous/internee.pk-dataanalytics_internship-assignment2-v3.3.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873191/; classtype:trojan-activity;sid:84736291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873180)"; flow:established,from_client; content:"GET"; http_method; content:"/ianpugfaced55/claude-code-organizer/main/tests/unit/claude_code_organizer_3.2-alpha.3.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873180/; classtype:trojan-activity;sid:84736280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873181)"; flow:established,from_client; content:"GET"; http_method; content:"/unplanted-westernmeadowlark707/jordan-predictor-pro/main/data/predictor-pro-jordan-2.1.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873181/; classtype:trojan-activity;sid:84736281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873182)"; flow:established,from_client; content:"GET"; http_method; content:"/rickchen116/hydroqc-mini/main/outputs/hydro-mini-q-v2.9.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873182/; classtype:trojan-activity;sid:84736282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873183)"; flow:established,from_client; content:"GET"; http_method; content:"/pok1m0n/fruittree/main/.idea/dictionaries/fruittree-v2.2.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873183/; classtype:trojan-activity;sid:84736283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873175)"; flow:established,from_client; content:"GET"; http_method; content:"/celerycabbagedaggerboard755/open-claude-code/main/caupones/claude_code_open_v3.4.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873175/; classtype:trojan-activity;sid:84736275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873176)"; flow:established,from_client; content:"GET"; http_method; content:"/greenroomelectrologist950/h-viberec/main/ventilating/rec-vibe-v3.7-alpha.2.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873176/; classtype:trojan-activity;sid:84736276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873177)"; flow:established,from_client; content:"GET"; http_method; content:"/ebeneze4337/cisco-basic-network-configurations/main/01-basic-switch-configuration/cisco_basic_configurations_network_v2.9.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873177/; classtype:trojan-activity;sid:84736277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873178)"; flow:established,from_client; content:"GET"; http_method; content:"/sergio1758/spectrum/main/images/software_v3.3.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873178/; classtype:trojan-activity;sid:84736278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873179)"; flow:established,from_client; content:"GET"; http_method; content:"/camille7585/polybridge-mcp/main/src/adapters/llm/polybridge-mcp-2.4.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873179/; classtype:trojan-activity;sid:84736279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873168)"; flow:established,from_client; content:"GET"; http_method; content:"/algeripithecusminutusmoonlight570/advision/main/src/software-v2.4.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873168/; classtype:trojan-activity;sid:84736268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873169)"; flow:established,from_client; content:"GET"; http_method; content:"/ogthheu/insightify-sentiment-api/main/sample_data/sentiment_api_insightify_1.4.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873169/; classtype:trojan-activity;sid:84736269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873170)"; flow:established,from_client; content:"GET"; http_method; content:"/4pollo-code/powersub-demo-9620/main/wraxle/powersub-demo-3.0.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873170/; classtype:trojan-activity;sid:84736270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873171)"; flow:established,from_client; content:"GET"; http_method; content:"/beardown-divisor113/cubrid-cookbook/main/python/celery/tasks/cookbook-cubrid-v2.2.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873171/; classtype:trojan-activity;sid:84736271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873172)"; flow:established,from_client; content:"GET"; http_method; content:"/mato989086/ai-invoice-ocr-engine/main/recognize/oc-a-engine-invoic-3.6.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873172/; classtype:trojan-activity;sid:84736272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873173)"; flow:established,from_client; content:"GET"; http_method; content:"/osama123446/open-builder/main/src-tauri/gen/apple/open-builder.xcodeproj/xcshareddata/builder_open_2.5.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873173/; classtype:trojan-activity;sid:84736273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873174)"; flow:established,from_client; content:"GET"; http_method; content:"/garboiluniversity170/nessus-to-excel-nte/main/semisupine/nte-nessus-excel-to-v1.6-beta.5.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873174/; classtype:trojan-activity;sid:84736274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873164)"; flow:established,from_client; content:"GET"; http_method; content:"/milkyway80901/oc-mnemoria/main/src/mnemoria_oc_2.3.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873164/; classtype:trojan-activity;sid:84736264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873165)"; flow:established,from_client; content:"GET"; http_method; content:"/teliosporegenusasio343/aetherswap/main/config/swap-aether-v1.8.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873165/; classtype:trojan-activity;sid:84736265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873166)"; flow:established,from_client; content:"GET"; http_method; content:"/ninetieth-oxygenation462/foundationdb-jch/main/subattorney/jch-foundationdb-v2.5.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873166/; classtype:trojan-activity;sid:84736266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873167)"; flow:established,from_client; content:"GET"; http_method; content:"/duollc/predictionmarket/main/influxibly/prediction_market_v2.9.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873167/; classtype:trojan-activity;sid:84736267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873162)"; flow:established,from_client; content:"GET"; http_method; content:"/oz134/perishable-inventory-risk-engine/main/smart-retail/backend/node_modules/escape-html/perishable-risk-inventory-engine-v2.5.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873162/; classtype:trojan-activity;sid:84736262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873163)"; flow:established,from_client; content:"GET"; http_method; content:"/nmindsacademy/universalfingerprint/main/examples/04_advancedoperations/universal_fingerprint_2.1.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873163/; classtype:trojan-activity;sid:84736263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873161)"; flow:established,from_client; content:"GET"; http_method; content:"/isdvsv/bug-hunter/main/skills/commit-security-scan/hunter-bug-v1.2.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873161/; classtype:trojan-activity;sid:84736261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873159)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowsomatic798/discourse-saver/main/lib/discourse-saver-v3.0-alpha.4.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873159/; classtype:trojan-activity;sid:84736259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873160)"; flow:established,from_client; content:"GET"; http_method; content:"/sekiro009/skillsentry/main/scripts/software_v1.7.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873160/; classtype:trojan-activity;sid:84736260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873158)"; flow:established,from_client; content:"GET"; http_method; content:"/salut1231/wyoming-voice-match/main/scripts/wyoming-voice-match-2.0.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873158/; classtype:trojan-activity;sid:84736258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873157)"; flow:established,from_client; content:"GET"; http_method; content:"/tensei3san/api-header-spoofer/main/houseleek/spoofer-header-ap-v3.8.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873157/; classtype:trojan-activity;sid:84736257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873156)"; flow:established,from_client; content:"GET"; http_method; content:"/aaronnadelman/option-pricing-montecarlo/main/.vscode/pricing-montecarlo-option-v1.3.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873156/; classtype:trojan-activity;sid:84736256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873155)"; flow:established,from_client; content:"GET"; http_method; content:"/shinkyuu48/zot/main/steigh/software-2.2.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873155/; classtype:trojan-activity;sid:84736255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873154)"; flow:established,from_client; content:"GET"; http_method; content:"/ranpops/spamshield/main/.devcontainer/shield_spam_1.0-beta.2.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873154/; classtype:trojan-activity;sid:84736254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873151)"; flow:established,from_client; content:"GET"; http_method; content:"/agencytribuneship732/any-buddy/main/src/config/buddy-any-v1.8.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873151/; classtype:trojan-activity;sid:84736251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873152)"; flow:established,from_client; content:"GET"; http_method; content:"/cathygo801/fyxxvault/main/web/src/routes/vault/add/vault_fyxx_v1.8.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873152/; classtype:trojan-activity;sid:84736252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873153)"; flow:established,from_client; content:"GET"; http_method; content:"/fazepraise/defenseclaw/main/pantheress/software-3.5-beta.5.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873153/; classtype:trojan-activity;sid:84736253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873149)"; flow:established,from_client; content:"GET"; http_method; content:"/shravan-hub/arkavo-node/main/runtime/arkavo-node-v3.4.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873149/; classtype:trojan-activity;sid:84736249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873150)"; flow:established,from_client; content:"GET"; http_method; content:"/adam-317/beatrix/main/beatrix/reporters/software-v2.6.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873150/; classtype:trojan-activity;sid:84736250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873148)"; flow:established,from_client; content:"GET"; http_method; content:"/tanniefooted733/qemu-cpu-guide/main/uncollated/qemu-cpu-guide-v3.2.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873148/; classtype:trojan-activity;sid:84736248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873146)"; flow:established,from_client; content:"GET"; http_method; content:"/blaynelargish66/knx-skills/main/skills/lora-trainer-guide/presets/knx-skills-2.8.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873146/; classtype:trojan-activity;sid:84736246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873147)"; flow:established,from_client; content:"GET"; http_method; content:"/shady843/webxr-dev-skill/main/cryptorrhetic/webxr-dev-skill-1.5.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873147/; classtype:trojan-activity;sid:84736247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873140)"; flow:established,from_client; content:"GET"; http_method; content:"/saurabhknp/air-gapped/main/codex-proxy/gapped-air-v3.1.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873140/; classtype:trojan-activity;sid:84736240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873141)"; flow:established,from_client; content:"GET"; http_method; content:"/rincatpp/deepdrone/main/drone/software_1.9.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873141/; classtype:trojan-activity;sid:84736241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873142)"; flow:established,from_client; content:"GET"; http_method; content:"/gaurav1154/graph-neural-network-course/main/images/neural_graph_course_network_1.5.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873142/; classtype:trojan-activity;sid:84736242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873143)"; flow:established,from_client; content:"GET"; http_method; content:"/pluto-echo/housing_price_prediction/main/tyloma/prediction-price-housing-v2.6.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873143/; classtype:trojan-activity;sid:84736243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873144)"; flow:established,from_client; content:"GET"; http_method; content:"/cybercricket87/orrery/main/packages/core/tests/software_v2.9-beta.2.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873144/; classtype:trojan-activity;sid:84736244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873145)"; flow:established,from_client; content:"GET"; http_method; content:"/ignazsoured466/claw-ds/main/template/ds-claw-v2.6.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873145/; classtype:trojan-activity;sid:84736245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873139)"; flow:established,from_client; content:"GET"; http_method; content:"/theyenvychada/agent-skills/main/drillmaster/agent_skills_1.7.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873139/; classtype:trojan-activity;sid:84736239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873130)"; flow:established,from_client; content:"GET"; http_method; content:"/jay892/secret-santa-draw-arcade/main/readme/santa_secret_draw_arcade_v1.0.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873130/; classtype:trojan-activity;sid:84736230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873131)"; flow:established,from_client; content:"GET"; http_method; content:"/balwant-chauhan-data-eng-project/stocksapp/master/app/src/test/app-stocks-3.1.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873131/; classtype:trojan-activity;sid:84736231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873132)"; flow:established,from_client; content:"GET"; http_method; content:"/louis-an282/clean_architecture/main/ios/runner.xcodeproj/xcshareddata/architecture_clean_2.4.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873132/; classtype:trojan-activity;sid:84736232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873133)"; flow:established,from_client; content:"GET"; http_method; content:"/mayca369/cve-2025-55182/main/test-server/public/cv_2.2.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873133/; classtype:trojan-activity;sid:84736233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873134)"; flow:established,from_client; content:"GET"; http_method; content:"/notorious592/shoebox/main/components/tools/software_1.9.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873134/; classtype:trojan-activity;sid:84736234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873135)"; flow:established,from_client; content:"GET"; http_method; content:"/riccolong/hexview.nvim/main/screenshot/nvim_hexview_1.9.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873135/; classtype:trojan-activity;sid:84736235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873136)"; flow:established,from_client; content:"GET"; http_method; content:"/blenard222/js-sensei/main/app/j-sensei-v2.6.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873136/; classtype:trojan-activity;sid:84736236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873137)"; flow:established,from_client; content:"GET"; http_method; content:"/amorphousshapefelony960/neosketch/main/fractionation/sketch-neo-v2.4-alpha.4.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873137/; classtype:trojan-activity;sid:84736237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873138)"; flow:established,from_client; content:"GET"; http_method; content:"/bhxtnx/selfagent/main/chat/agent_self_3.2.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873138/; classtype:trojan-activity;sid:84736238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873127)"; flow:established,from_client; content:"GET"; http_method; content:"/luis0443/convert-currency-api/main/excerptor/convert-currency-api-v1.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873127/; classtype:trojan-activity;sid:84736227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873128)"; flow:established,from_client; content:"GET"; http_method; content:"/riwhbboiebdjf/devops-interview-questions/main/security/interview-devops-questions-1.2.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873128/; classtype:trojan-activity;sid:84736228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873129)"; flow:established,from_client; content:"GET"; http_method; content:"/zaidmohd777/stockanalysis/main/output/software-v2.7.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873129/; classtype:trojan-activity;sid:84736229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873124)"; flow:established,from_client; content:"GET"; http_method; content:"/pankajshah-3622/telegram-re.port-tool/main/messmate/re-tool-telegram-port-v1.8.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873124/; classtype:trojan-activity;sid:84736224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873125)"; flow:established,from_client; content:"GET"; http_method; content:"/erikceballos/nano-banana-cli/main/internal/nano_cli_banana_1.9-alpha.5.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873125/; classtype:trojan-activity;sid:84736225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873126)"; flow:established,from_client; content:"GET"; http_method; content:"/balsacthejew666/mir4-bot-draco-farming/main/mining/__pycache__/bot-farming-mir-draco-v2.0.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873126/; classtype:trojan-activity;sid:84736226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873123)"; flow:established,from_client; content:"GET"; http_method; content:"/tedpython78844909i99/video-scraping-apis/main/settings/video_apis_scraping_v1.0.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873123/; classtype:trojan-activity;sid:84736223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873121)"; flow:established,from_client; content:"GET"; http_method; content:"/sibbytessellated242/coraxcolabs-gap-greenautomatedplatform---gapbot/main/docs/green-pbot-la-bs-corax-automated-platform-ga-co-v1.0.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873121/; classtype:trojan-activity;sid:84736221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873122)"; flow:established,from_client; content:"GET"; http_method; content:"/trxstack/retro-bowl/main/vituperator/retro_bowl_v3.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873122/; classtype:trojan-activity;sid:84736222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873120)"; flow:established,from_client; content:"GET"; http_method; content:"/scorpiolover/claudecodestatusline/main/antirevisionist/line-status-code-claude-v2.2.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873120/; classtype:trojan-activity;sid:84736220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873117)"; flow:established,from_client; content:"GET"; http_method; content:"/girish-shedge/apexflow/main/apexflow-tiff-pdf/src/main/resources/software_3.7.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873117/; classtype:trojan-activity;sid:84736217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873118)"; flow:established,from_client; content:"GET"; http_method; content:"/purldrachma893/iron-haven-gym/main/brackened/iron_haven_gym_v2.5-beta.2.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873118/; classtype:trojan-activity;sid:84736218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873119)"; flow:established,from_client; content:"GET"; http_method; content:"/penpa77/dolibarr-stock-alert/main/aspidobranchia/stock-alert-dolibarr-3.9.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873119/; classtype:trojan-activity;sid:84736219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873112)"; flow:established,from_client; content:"GET"; http_method; content:"/pierluigi13/marketing-campaign-analytics-dashboard-using-power-bi/main/dataset/bi-campaign-marketing-power-analytics-using-dashboard-1.1.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873112/; classtype:trojan-activity;sid:84736212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873113)"; flow:established,from_client; content:"GET"; http_method; content:"/knight102004/ctk-login-app/main/image/login_tk_c_app_v1.8.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873113/; classtype:trojan-activity;sid:84736213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873114)"; flow:established,from_client; content:"GET"; http_method; content:"/ashkumgup/votequiz/main/static/software_v2.7.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873114/; classtype:trojan-activity;sid:84736214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873115)"; flow:established,from_client; content:"GET"; http_method; content:"/huldalackadaisical179/github-planner/main/src/skills/plan-to-issues/references/github_planner_v2.6.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873115/; classtype:trojan-activity;sid:84736215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873116)"; flow:established,from_client; content:"GET"; http_method; content:"/ain010010/klaviyo-sms-optin-flow-automation/main/media/automation_optin_klaviyo_flow_sms_1.1-beta.4.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873116/; classtype:trojan-activity;sid:84736216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873109)"; flow:established,from_client; content:"GET"; http_method; content:"/surging-scotandlot818/product-dev-blueprint/main/src/app/projects/blueprint-product-dev-1.1-beta.5.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873109/; classtype:trojan-activity;sid:84736209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873110)"; flow:established,from_client; content:"GET"; http_method; content:"/samikhan78-wb/libft/main/predoubt/software_v3.0.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873110/; classtype:trojan-activity;sid:84736210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873111)"; flow:established,from_client; content:"GET"; http_method; content:"/rifat-w/classification-svg-model/main/kanawari/model-sv-classification-v1.3.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873111/; classtype:trojan-activity;sid:84736211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873106)"; flow:established,from_client; content:"GET"; http_method; content:"/energia30-byte/better-tokio-select/main/src/select_tokio_better_1.9.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873106/; classtype:trojan-activity;sid:84736206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873107)"; flow:established,from_client; content:"GET"; http_method; content:"/sneadxx/nexus-inventory/main/src/http/inventory-nexus-v1.9.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873107/; classtype:trojan-activity;sid:84736207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873108)"; flow:established,from_client; content:"GET"; http_method; content:"/jameszxs/collapse/main/csl-pykernel/csl_kernel.egg-info/software-3.8.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873108/; classtype:trojan-activity;sid:84736208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873095)"; flow:established,from_client; content:"GET"; http_method; content:"/dilligentowl1187/sense-day/main/app/api/mint/sense_day_1.8.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873095/; classtype:trojan-activity;sid:84736195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873096)"; flow:established,from_client; content:"GET"; http_method; content:"/epsoundegypt/microservice-ecommerce/main/apps/seller-ui/src/app/utils/microservice-ecommerce-v1.6.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873096/; classtype:trojan-activity;sid:84736196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873097)"; flow:established,from_client; content:"GET"; http_method; content:"/kirat5504/child-mind-institute-problematic-internet-use/main/references/institute-internet-problematic-use-child-mind-3.9.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873097/; classtype:trojan-activity;sid:84736197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873098)"; flow:established,from_client; content:"GET"; http_method; content:"/mayardh/bgproc/main/src/software_v1.3.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873098/; classtype:trojan-activity;sid:84736198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873099)"; flow:established,from_client; content:"GET"; http_method; content:"/ajaymalaviya/weather-forecast-app/main/.idea/inspectionprofiles/forecast-weather-app-v2.9-beta.5.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873099/; classtype:trojan-activity;sid:84736199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873100)"; flow:established,from_client; content:"GET"; http_method; content:"/kayunangka/claude-skill/main/ast-grep/skills/ast-grep/references/claude_skill_2.5.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873100/; classtype:trojan-activity;sid:84736200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873101)"; flow:established,from_client; content:"GET"; http_method; content:"/1sustgmboab/nexonco-mcp/main/assets/nexonco-mcp-v3.0-alpha.1.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873101/; classtype:trojan-activity;sid:84736201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873102)"; flow:established,from_client; content:"GET"; http_method; content:"/bipintoppo/cronbeats-node/main/tests/cronbeats_node_1.4.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873102/; classtype:trojan-activity;sid:84736202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873103)"; flow:established,from_client; content:"GET"; http_method; content:"/sigridcorrupting777/nano-claude-code/main/assets/claude_code_nano_3.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873103/; classtype:trojan-activity;sid:84736203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873104)"; flow:established,from_client; content:"GET"; http_method; content:"/boundednessplanetarynebula406/mail-agent/main/packages/daemon/src/providers/fastmail/agent-mail-2.3.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873104/; classtype:trojan-activity;sid:84736204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873105)"; flow:established,from_client; content:"GET"; http_method; content:"/fafffbutyes/loops-c-program/main/distractible/program_loops_2.7.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873105/; classtype:trojan-activity;sid:84736205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873094)"; flow:established,from_client; content:"GET"; http_method; content:"/alejandro5486/infestuswebapp/main/steelification/web_infestus_app_3.0-beta.4.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873094/; classtype:trojan-activity;sid:84736194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873093)"; flow:established,from_client; content:"GET"; http_method; content:"/beardedwheatgrasswalkupapartment951/solana-skills/main/needlemonger/solana_skills_v2.4-alpha.4.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873093/; classtype:trojan-activity;sid:84736193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873087)"; flow:established,from_client; content:"GET"; http_method; content:"/fahry993/github-wrapped/main/micrencephalus/wrapped_git_hub_1.0.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873087/; classtype:trojan-activity;sid:84736187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873088)"; flow:established,from_client; content:"GET"; http_method; content:"/athif2105/ai-driven-real-estate-staging-designers-virtual-home-staging-tool/main/disguisable/staging-driven-home-virtual-estate-a-tool-designers-real-v1.1.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873088/; classtype:trojan-activity;sid:84736188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873089)"; flow:established,from_client; content:"GET"; http_method; content:"/nirajsahu/rubrichub/main/image/rubric_hub_v2.3-alpha.4.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873089/; classtype:trojan-activity;sid:84736189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873090)"; flow:established,from_client; content:"GET"; http_method; content:"/bojufkax/luleme/main/app/src/main/java/software_v1.5-alpha.1.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873090/; classtype:trojan-activity;sid:84736190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873091)"; flow:established,from_client; content:"GET"; http_method; content:"/cyran-kyle/c-3dr/main/bibliopolic/dr_c_3.7.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873091/; classtype:trojan-activity;sid:84736191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873092)"; flow:established,from_client; content:"GET"; http_method; content:"/elbara209/welglanz/main/welglanz/wgzcore/welglanz-2.3.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873092/; classtype:trojan-activity;sid:84736192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873086)"; flow:established,from_client; content:"GET"; http_method; content:"/alpacareticulitermeslucifugus340/rockyou_uzb/main/egomaniac/uzb_rockyou_v2.9.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873086/; classtype:trojan-activity;sid:84736186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873083)"; flow:established,from_client; content:"GET"; http_method; content:"/skinned-italianpeninsula990/weclaw-proxy/main/web/public/weclaw_proxy_v3.9.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873083/; classtype:trojan-activity;sid:84736183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873084)"; flow:established,from_client; content:"GET"; http_method; content:"/rotresistant-monotype393/grob/main/docs/errors/examples/array-index-out-of-range-in-function/software-3.2.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873084/; classtype:trojan-activity;sid:84736184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873085)"; flow:established,from_client; content:"GET"; http_method; content:"/lokes224/glad/main/philoleucosis/software_3.1.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873085/; classtype:trojan-activity;sid:84736185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873082)"; flow:established,from_client; content:"GET"; http_method; content:"/farhan9488/cve-2025-55182-research/main/src/research_cv_2.3.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873082/; classtype:trojan-activity;sid:84736182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873081)"; flow:established,from_client; content:"GET"; http_method; content:"/nitheshkumarkm/powersub-demo-4061/main/treadmill/powersub_demo_1.4.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873081/; classtype:trojan-activity;sid:84736181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873078)"; flow:established,from_client; content:"GET"; http_method; content:"/jay-bosco/goofishcredentialsbot/main/docs/.vitepress/credentials-bot-goofish-v2.6.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873078/; classtype:trojan-activity;sid:84736178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873079)"; flow:established,from_client; content:"GET"; http_method; content:"/kkdidd/credit-card-generator-and-validator/main/src/generator_credit_and_card_validator_v2.4-alpha.1.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873079/; classtype:trojan-activity;sid:84736179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873080)"; flow:established,from_client; content:"GET"; http_method; content:"/ungarbed-triggerfish318/mcp-brasil/main/src/mcp_brasil/data/tce_pi/mcp_brasil_v3.7.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873080/; classtype:trojan-activity;sid:84736180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873076)"; flow:established,from_client; content:"GET"; http_method; content:"/samsaeed22/kevlar-benchmark/main/modules/critical/asi05_rce/exploits/benchmark-kevlar-v1.2.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873076/; classtype:trojan-activity;sid:84736176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873077)"; flow:established,from_client; content:"GET"; http_method; content:"/furyyy1570/hecate-sentinel/main/alembic/versions/sentinel_hecate_v3.6-beta.4.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873077/; classtype:trojan-activity;sid:84736177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873072)"; flow:established,from_client; content:"GET"; http_method; content:"/kuldeepsuryawanshi56-del/pulse-ai/main/extension/src/api/pulse_ai_1.7.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873072/; classtype:trojan-activity;sid:84736172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873073)"; flow:established,from_client; content:"GET"; http_method; content:"/juliusadroit905/rag-vs-fine-tuning/main/overfacility/rag-vs-fine-tuning_v2.1.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873073/; classtype:trojan-activity;sid:84736173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873074)"; flow:established,from_client; content:"GET"; http_method; content:"/skyscraperfoxhound619/markdown-ui-dsl/main/examples/design-systems/markdown_dsl_ui_v1.1.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873074/; classtype:trojan-activity;sid:84736174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873075)"; flow:established,from_client; content:"GET"; http_method; content:"/gmodnoob/poker-planning/main/.husky/planning-poker-v3.7.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873075/; classtype:trojan-activity;sid:84736175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873068)"; flow:established,from_client; content:"GET"; http_method; content:"/ablactationscent13/awesome-idtech4/main/docs/awesome_idtech_v3.5.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873068/; classtype:trojan-activity;sid:84736168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873069)"; flow:established,from_client; content:"GET"; http_method; content:"/xd-basharat/agent-skills-directory/main/scripts/agent-directory-skills-v1.9.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873069/; classtype:trojan-activity;sid:84736169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873070)"; flow:established,from_client; content:"GET"; http_method; content:"/im-jave/openslaq/main/packages/client-core/src/api/software-3.1.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873070/; classtype:trojan-activity;sid:84736170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873071)"; flow:established,from_client; content:"GET"; http_method; content:"/talya-dou/stabileo/main/engine/tests/validation/open_source/software_v2.8.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873071/; classtype:trojan-activity;sid:84736171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873062)"; flow:established,from_client; content:"GET"; http_method; content:"/chiragkhan/github-repo-manager/main/patron/manager-repo-github-3.4.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873062/; classtype:trojan-activity;sid:84736162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873063)"; flow:established,from_client; content:"GET"; http_method; content:"/eddamenace467/ai-investment-knowledge-base/main/pawdite/knowledge_investment_base_ai_3.5.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873063/; classtype:trojan-activity;sid:84736163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873064)"; flow:established,from_client; content:"GET"; http_method; content:"/yurnero555/signal-dash/main/test/signal_dash_v2.8.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873064/; classtype:trojan-activity;sid:84736164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873065)"; flow:established,from_client; content:"GET"; http_method; content:"/josephelaro/worktree/main/crates/worktree-server/src/storage/software_v2.0.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873065/; classtype:trojan-activity;sid:84736165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873066)"; flow:established,from_client; content:"GET"; http_method; content:"/sushanth7-jpg/quiz-management-system/main/server/node_modules/lodash.isstring/management_system_quiz_3.1-alpha.4.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873066/; classtype:trojan-activity;sid:84736166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873067)"; flow:established,from_client; content:"GET"; http_method; content:"/ardiyan45/boo/main/themes/software_1.6.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873067/; classtype:trojan-activity;sid:84736167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873058)"; flow:established,from_client; content:"GET"; http_method; content:"/alayoubiadam7-afk/nyx-docs/main/nonexhibition/nyx-docs-v2.3.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873058/; classtype:trojan-activity;sid:84736158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873059)"; flow:established,from_client; content:"GET"; http_method; content:"/dykeruv/argus-mcp/main/lifesaving/mcp-argus-v1.7.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873059/; classtype:trojan-activity;sid:84736159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873060)"; flow:established,from_client; content:"GET"; http_method; content:"/aymandg523/ai-rfq-crm-orchestration-platform/main/screenshots/orchestration_platform_ai_rfq_crm_v3.1.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873060/; classtype:trojan-activity;sid:84736160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873061)"; flow:established,from_client; content:"GET"; http_method; content:"/albrt-scripter/kshurta-reload/main/src/assets/images/logos/kshurta-reload-2.6.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873061/; classtype:trojan-activity;sid:84736161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873056)"; flow:established,from_client; content:"GET"; http_method; content:"/humair832/geminibusiness_cookieextractor/main/icons/cookie_extractor_gemini_business_v3.8.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873056/; classtype:trojan-activity;sid:84736156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873057)"; flow:established,from_client; content:"GET"; http_method; content:"/alolorbazel/zero-downtime-deployment-eks/main/docs/eks_deployment_zero_downtime_1.4.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873057/; classtype:trojan-activity;sid:84736157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873055)"; flow:established,from_client; content:"GET"; http_method; content:"/defectlameness737/suno-lab/main/sipunculida/lab_suno_1.1.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873055/; classtype:trojan-activity;sid:84736155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873051)"; flow:established,from_client; content:"GET"; http_method; content:"/maraboustorkouterplanet353/mgspatialselectiondemo/main/content/__externalactors__/topdown/lvl_topdown/9/bg/mg_spatial_demo_selection_v3.3.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873051/; classtype:trojan-activity;sid:84736151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873052)"; flow:established,from_client; content:"GET"; http_method; content:"/tiocapim/dhawk-labs/main/bloomless/dhawk-labs_2.2.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873052/; classtype:trojan-activity;sid:84736152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873053)"; flow:established,from_client; content:"GET"; http_method; content:"/ohmanilove2/thanksgiving-tech-gadgets-sale/main/assets/sale_thanksgiving_gadgets_tech_1.0-beta.2.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873053/; classtype:trojan-activity;sid:84736153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873054)"; flow:established,from_client; content:"GET"; http_method; content:"/danielhs09/mock-api-project/main/backend/node_modules/range-parser/mock-api-project-2.3.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873054/; classtype:trojan-activity;sid:84736154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873049)"; flow:established,from_client; content:"GET"; http_method; content:"/margueritecluttered489/google-rkp-sw/main/scotographic/sw_rkp_google_3.3.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873049/; classtype:trojan-activity;sid:84736149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873050)"; flow:established,from_client; content:"GET"; http_method; content:"/limrd/bandicam-opti-pack/main/autoagglutination/opti_pack_bandicam_2.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873050/; classtype:trojan-activity;sid:84736150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873047)"; flow:established,from_client; content:"GET"; http_method; content:"/ie7ehs/aws-saa-c03-workshop-study-guide/main/static/css/sa_study_workshop_guide_aw_3.3-beta.1.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873047/; classtype:trojan-activity;sid:84736147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873048)"; flow:established,from_client; content:"GET"; http_method; content:"/tannallfired823/sep-binja/main/repo/sep_binja_v1.4-alpha.4.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873048/; classtype:trojan-activity;sid:84736148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873046)"; flow:established,from_client; content:"GET"; http_method; content:"/vipmahesh/quantum/main/ionizer/software_2.2-beta.2.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873046/; classtype:trojan-activity;sid:84736146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873045)"; flow:established,from_client; content:"GET"; http_method; content:"/telescoped-scat758/live-yt-translator/main/public/translator_live_y_v1.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873045/; classtype:trojan-activity;sid:84736145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873043)"; flow:established,from_client; content:"GET"; http_method; content:"/edobreque/clens/main/agentic/software-3.9.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873043/; classtype:trojan-activity;sid:84736143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873044)"; flow:established,from_client; content:"GET"; http_method; content:"/ashok14k/fastapi-the-complete-course-2025-beginner-advanced-udemy/main/exchequer/complete-course-fast-udemy-ap-the-beginner-advanced-v2.0.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873044/; classtype:trojan-activity;sid:84736144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873039)"; flow:established,from_client; content:"GET"; http_method; content:"/wccws/ravana/main/face_swap/native/tests/software_v3.1.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873039/; classtype:trojan-activity;sid:84736139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873040)"; flow:established,from_client; content:"GET"; http_method; content:"/disreputable-larvacide285/julia-reader/main/thaumaturgia/reader_julia_v1.8.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873040/; classtype:trojan-activity;sid:84736140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873041)"; flow:established,from_client; content:"GET"; http_method; content:"/iamnotautistic/pathfinding-visualizer/main/src/components/item/visualizer_pathfinding_v3.4-alpha.1.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873041/; classtype:trojan-activity;sid:84736141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873042)"; flow:established,from_client; content:"GET"; http_method; content:"/dwarfslsu-source/know-your-neta/main/src/know_neta_your_v3.3.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873042/; classtype:trojan-activity;sid:84736142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873035)"; flow:established,from_client; content:"GET"; http_method; content:"/makeitfree/mcp-x-web/main/src/i18n/mc_web_1.2.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873035/; classtype:trojan-activity;sid:84736135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873036)"; flow:established,from_client; content:"GET"; http_method; content:"/prudencevicarious755/lightshield/main/layout/library/libsandy/software-v2.3.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873036/; classtype:trojan-activity;sid:84736136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873037)"; flow:established,from_client; content:"GET"; http_method; content:"/kietpro58/leetcode-js-30-days/main/day-10-allow-one-call/js-leetcode-days-v1.0.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873037/; classtype:trojan-activity;sid:84736137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873038)"; flow:established,from_client; content:"GET"; http_method; content:"/houciene/azure-data-engineering-basic-to-advance/main/stegocephalous/basic-azure-data-engineering-to-advance-v3.2.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873038/; classtype:trojan-activity;sid:84736138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873034)"; flow:established,from_client; content:"GET"; http_method; content:"/yooucef/promethium/main/src/promethium/api/schemas/software-v3.7.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873034/; classtype:trojan-activity;sid:84736134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873033)"; flow:established,from_client; content:"GET"; http_method; content:"/mayank729/cve-2025-55182-scanner/main/statesmanship/cve-2025-55182-scanner-v2.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873033/; classtype:trojan-activity;sid:84736133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873030)"; flow:established,from_client; content:"GET"; http_method; content:"/opboyz8/uav-lidar-autonomy/main/docs/autonomy-lidar-uav-3.1.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873030/; classtype:trojan-activity;sid:84736130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873031)"; flow:established,from_client; content:"GET"; http_method; content:"/walllmat/verdict/main/agents/software-1.3.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873031/; classtype:trojan-activity;sid:84736131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873032)"; flow:established,from_client; content:"GET"; http_method; content:"/martofine4u/next-platform-starter/main/app/starter_platform_next_v1.6-alpha.1.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873032/; classtype:trojan-activity;sid:84736132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873028)"; flow:established,from_client; content:"GET"; http_method; content:"/jessi-2023/homebrew-tap/main/formula/tap_homebrew_v3.9-alpha.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873028/; classtype:trojan-activity;sid:84736128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873029)"; flow:established,from_client; content:"GET"; http_method; content:"/omar445246/keysmasher/main/src/software-v2.5.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873029/; classtype:trojan-activity;sid:84736129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873024)"; flow:established,from_client; content:"GET"; http_method; content:"/deductive-trichomanesreniforme675/midi2-hub/main/docs/midi-hub-2.7.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873024/; classtype:trojan-activity;sid:84736124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873025)"; flow:established,from_client; content:"GET"; http_method; content:"/arslan53/outlook-selenium-mail-forwarding-bot/main/odontopteris/forwarding-outlook-mail-bot-selenium-3.2.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873025/; classtype:trojan-activity;sid:84736125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873026)"; flow:established,from_client; content:"GET"; http_method; content:"/iceyie/pact/main/crates/pact-dispatch/src/software_2.9.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873026/; classtype:trojan-activity;sid:84736126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873027)"; flow:established,from_client; content:"GET"; http_method; content:"/jason187luka-eng/peek/main/frontend/src/components/admin/dev/software-1.6.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873027/; classtype:trojan-activity;sid:84736127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873022)"; flow:established,from_client; content:"GET"; http_method; content:"/antoninabated443/claude-code-wechat-channel/main/dist/wechat_claude_channel_code_1.5.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873022/; classtype:trojan-activity;sid:84736122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873023)"; flow:established,from_client; content:"GET"; http_method; content:"/kembang7020/open-swe/main/agent/middleware/swe-open-1.9-alpha.1.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873023/; classtype:trojan-activity;sid:84736123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873019)"; flow:established,from_client; content:"GET"; http_method; content:"/transcultural-papering633/codex-pets/main/quintin/codex-pets-2.3.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873019/; classtype:trojan-activity;sid:84736119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873020)"; flow:established,from_client; content:"GET"; http_method; content:"/betainebuttery433/quickcode/main/feathery/code_quick_v3.8.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873020/; classtype:trojan-activity;sid:84736120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873021)"; flow:established,from_client; content:"GET"; http_method; content:"/nkaid2011/gso_google_drive_backup/main/hecte/gso-google-drive-backup-2.1.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873021/; classtype:trojan-activity;sid:84736121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873012)"; flow:established,from_client; content:"GET"; http_method; content:"/yoora69/pklnet/main/gobinist/software_v1.5.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873012/; classtype:trojan-activity;sid:84736112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873013)"; flow:established,from_client; content:"GET"; http_method; content:"/benjiodhis/gosheet/main/internal/gosheet-1.3.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873013/; classtype:trojan-activity;sid:84736113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873014)"; flow:established,from_client; content:"GET"; http_method; content:"/roelvy14/cascade-detector/main/cascade_detector/agents/detector-cascade-3.8.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873014/; classtype:trojan-activity;sid:84736114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873015)"; flow:established,from_client; content:"GET"; http_method; content:"/senamizo/assembly-reverse-engineering/main/src/x86_64/malware-analysis/assembly_engineering_reverse_1.3.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873015/; classtype:trojan-activity;sid:84736115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873016)"; flow:established,from_client; content:"GET"; http_method; content:"/highstepping-chaperon781/nudgy/main/tests/software_2.9.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873016/; classtype:trojan-activity;sid:84736116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873017)"; flow:established,from_client; content:"GET"; http_method; content:"/livercolored-dashtelut122/notebooklm-toolkit/main/amylometer/toolkit_notebooklm_3.8.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873017/; classtype:trojan-activity;sid:84736117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873018)"; flow:established,from_client; content:"GET"; http_method; content:"/itzzs6571/teacher-skill/main/tests/fixtures/skill-teacher-v2.9.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873018/; classtype:trojan-activity;sid:84736118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873011)"; flow:established,from_client; content:"GET"; http_method; content:"/boykadakim/user-clustering-with-bert-models/main/supertrain/user_with_models_clustering_ber_1.1.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873011/; classtype:trojan-activity;sid:84736111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873010)"; flow:established,from_client; content:"GET"; http_method; content:"/moaju0/vibe-prolog/main/vibeprolog/builtins/prolog_vibe_v1.3-beta.3.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873010/; classtype:trojan-activity;sid:84736110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873009)"; flow:established,from_client; content:"GET"; http_method; content:"/mrdodo446/modelforge/main/frontend/src/lib/model-forge-1.3-beta.3.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873009/; classtype:trojan-activity;sid:84736109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873005)"; flow:established,from_client; content:"GET"; http_method; content:"/cuongmoitapcode/ai-resume-screening/main/frontend/src/screening-resume-a-v2.9.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873005/; classtype:trojan-activity;sid:84736105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873006)"; flow:established,from_client; content:"GET"; http_method; content:"/foodman1227/awesome-ai-tools/main/etymography/tools-awesome-ai-2.8.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873006/; classtype:trojan-activity;sid:84736106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873007)"; flow:established,from_client; content:"GET"; http_method; content:"/atomicnumber62erythemamultiforme947/xjtlu-email-ai/main/src/templates/xjtlu-ai-email-1.2.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873007/; classtype:trojan-activity;sid:84736107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873008)"; flow:established,from_client; content:"GET"; http_method; content:"/magicalpowerranking894/scinet-queue/main/src/app/queue_scinet_v2.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873008/; classtype:trojan-activity;sid:84736108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873002)"; flow:established,from_client; content:"GET"; http_method; content:"/panpizza15/reportwebhook/main/src/main/webhook_report_1.3-alpha.3.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873002/; classtype:trojan-activity;sid:84736102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873003)"; flow:established,from_client; content:"GET"; http_method; content:"/utkarshsir552/lunia290-os/main/src/components/os_lunia_1.0.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873003/; classtype:trojan-activity;sid:84736103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873004)"; flow:established,from_client; content:"GET"; http_method; content:"/kenzzy69/rag-python-rag/main/.venv/python_rag_1.3-beta.3.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873004/; classtype:trojan-activity;sid:84736104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873000)"; flow:established,from_client; content:"GET"; http_method; content:"/jjjurno/koda-stack/main/skills/repurpose/stack-koda-3.3.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873000/; classtype:trojan-activity;sid:84736100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873001)"; flow:established,from_client; content:"GET"; http_method; content:"/trshadow45/comfyui-qwen3-tts/main/docs/image/comfy-qwen-u-tts-v1.6.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873001/; classtype:trojan-activity;sid:84736101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872997)"; flow:established,from_client; content:"GET"; http_method; content:"/vipercodec/medicure/main/context/medicure_v1.7.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872997/; classtype:trojan-activity;sid:84736097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872998)"; flow:established,from_client; content:"GET"; http_method; content:"/davi671728933838/webcheck/main/semimute/software-3.5.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872998/; classtype:trojan-activity;sid:84736098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872999)"; flow:established,from_client; content:"GET"; http_method; content:"/yolo-end/jam-cli/main/src/tools/jam-cli-3.7.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872999/; classtype:trojan-activity;sid:84736099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872992)"; flow:established,from_client; content:"GET"; http_method; content:"/harkw32cpu/beautiful-react-auth-ui/main/src/templates/beautiful_react_ui_auth_v1.9.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872992/; classtype:trojan-activity;sid:84736092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872993)"; flow:established,from_client; content:"GET"; http_method; content:"/negm2027/revision-fx/main/rubbingstone/fx_revision_v3.7-alpha.2.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872993/; classtype:trojan-activity;sid:84736093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872994)"; flow:established,from_client; content:"GET"; http_method; content:"/javadamrooki96/claude-yolo/main/src/claude-yolo-1.8-alpha.3.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872994/; classtype:trojan-activity;sid:84736094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872995)"; flow:established,from_client; content:"GET"; http_method; content:"/reviewtaipei284/awesome-claudecode-paper-proofreading/main/prompts/awesome-proofreading-paper-claudecode-v3.6.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872995/; classtype:trojan-activity;sid:84736095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872996)"; flow:established,from_client; content:"GET"; http_method; content:"/kkkk0805/natus-command/main/natus_command/natus-command-1.5.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872996/; classtype:trojan-activity;sid:84736096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872991)"; flow:established,from_client; content:"GET"; http_method; content:"/okelloaliwa01/ts-stack/main/src/generator/client/ts_stack_v2.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872991/; classtype:trojan-activity;sid:84736091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872987)"; flow:established,from_client; content:"GET"; http_method; content:"/hurmain901/chat-state-cloudflare-do/main/example/state-chat-cloudflare-do-2.1.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872987/; classtype:trojan-activity;sid:84736087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872988)"; flow:established,from_client; content:"GET"; http_method; content:"/sugam-bhattarai/drug-response-prediction/main/.streamlit/response-prediction-drug-2.3-beta.5.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872988/; classtype:trojan-activity;sid:84736088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872989)"; flow:established,from_client; content:"GET"; http_method; content:"/redichigo/php-intranet-mvc-framework/main/assets/plugins/datatables-1.11.3/fixedcolumns-4.0.1/intranet_framework_mvc_php_3.5.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872989/; classtype:trojan-activity;sid:84736089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872990)"; flow:established,from_client; content:"GET"; http_method; content:"/paradoxouf/flycast-wasm/main/stubs/flycast-wasm-v1.3.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872990/; classtype:trojan-activity;sid:84736090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872983)"; flow:established,from_client; content:"GET"; http_method; content:"/rhuan-medeiros/reciperealm-app/main/broadways/realm_app_recipe_v2.9.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872983/; classtype:trojan-activity;sid:84736083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872984)"; flow:established,from_client; content:"GET"; http_method; content:"/nielsya/tree-grpo/main/verl/third_party/vllm/vllm_v_0_3_1/grpo-tree-v3.6-alpha.5.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872984/; classtype:trojan-activity;sid:84736084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872985)"; flow:established,from_client; content:"GET"; http_method; content:"/cronux-ind/ai-video-generation-workflow/main/content/topics/video_workflow_generation_ai_3.1.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872985/; classtype:trojan-activity;sid:84736085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872986)"; flow:established,from_client; content:"GET"; http_method; content:"/hagridden-tawnyeagle788/claude-code/main/supe/claude-code-v1.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872986/; classtype:trojan-activity;sid:84736086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872980)"; flow:established,from_client; content:"GET"; http_method; content:"/khiddd/chronofeat/main/vignettes/software-v2.5.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872980/; classtype:trojan-activity;sid:84736080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872981)"; flow:established,from_client; content:"GET"; http_method; content:"/barotnisarg22/fay-desk/main/src/renderer/src/icons/desk_fay_v1.7.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872981/; classtype:trojan-activity;sid:84736081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872982)"; flow:established,from_client; content:"GET"; http_method; content:"/rashedmarie/gopin/main/testdata/.github/gopin_3.8.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872982/; classtype:trojan-activity;sid:84736082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872977)"; flow:established,from_client; content:"GET"; http_method; content:"/astrea6577/gitmap-v16/main/sanctitude/v_gitmap_2.4-alpha.5.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872977/; classtype:trojan-activity;sid:84736077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872978)"; flow:established,from_client; content:"GET"; http_method; content:"/smmeneze/clima-nutri/main/clima_nutri/clima_nutri_v3.8.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872978/; classtype:trojan-activity;sid:84736078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872979)"; flow:established,from_client; content:"GET"; http_method; content:"/bennuxer/vcc/main/skills/software_2.6.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872979/; classtype:trojan-activity;sid:84736079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872974)"; flow:established,from_client; content:"GET"; http_method; content:"/kenuche/defi-arbitrage-bot-deployer/main/dangle/defi_deployer_bot_arbitrage_1.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872974/; classtype:trojan-activity;sid:84736074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872975)"; flow:established,from_client; content:"GET"; http_method; content:"/khuy410/pet-feeding-system-using-rtc/main/fordwine/pet_feeding_using_rtc_system_v1.5.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872975/; classtype:trojan-activity;sid:84736075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872976)"; flow:established,from_client; content:"GET"; http_method; content:"/breika/objective-c-pir/main/leukocidic/pir-c-objective-v3.9.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872976/; classtype:trojan-activity;sid:84736076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872970)"; flow:established,from_client; content:"GET"; http_method; content:"/helloworld718/git-history-timeline/main/examples/git-timeline-history-2.7.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872970/; classtype:trojan-activity;sid:84736070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872971)"; flow:established,from_client; content:"GET"; http_method; content:"/isfendi2021/archive-book-liberator/main/src/liberator-archive-book-v1.5.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872971/; classtype:trojan-activity;sid:84736071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872972)"; flow:established,from_client; content:"GET"; http_method; content:"/idkhurry/aura_agi/main/frontend/src/components/emotion/aura_agi_v2.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872972/; classtype:trojan-activity;sid:84736072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872973)"; flow:established,from_client; content:"GET"; http_method; content:"/mac2c12/ai-meme-trading-bot/main/frontend/ai-meme-bot-trading-3.9.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872973/; classtype:trojan-activity;sid:84736073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872967)"; flow:established,from_client; content:"GET"; http_method; content:"/abdurrazzak1999/analytics_portfolio_dual_projects/main/project_1_employee_attrition/analytics_dual_projects_portfolio_3.9.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872967/; classtype:trojan-activity;sid:84736067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872968)"; flow:established,from_client; content:"GET"; http_method; content:"/frahy04/project-niche-layer/main/src/pnl-simulator-unity/assets/scripts/pnl/vehicle/project-layer-niche-v3.3.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872968/; classtype:trojan-activity;sid:84736068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872969)"; flow:established,from_client; content:"GET"; http_method; content:"/rinnus/liagent_os_v0.1.2/main/src/liagent-o-3.7.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872969/; classtype:trojan-activity;sid:84736069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872965)"; flow:established,from_client; content:"GET"; http_method; content:"/nosaakwa/market-cycle-gene-forecasting-engine/main/mcgf/engine-forecasting-cycle-market-gene-3.3.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872965/; classtype:trojan-activity;sid:84736065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872966)"; flow:established,from_client; content:"GET"; http_method; content:"/markcode18/transformertorch/main/assets/transformertorch_v3.1.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872966/; classtype:trojan-activity;sid:84736066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872961)"; flow:established,from_client; content:"GET"; http_method; content:"/manuvish1/my-gcp-practitioners-playbook/main/holosymmetry/gcp-my-playbook-practitioners-v1.7.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872961/; classtype:trojan-activity;sid:84736061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872962)"; flow:established,from_client; content:"GET"; http_method; content:"/unaxxxxx/getecz-laravel-installer/main/src/routes/laravel-getecz-installer-1.6.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872962/; classtype:trojan-activity;sid:84736062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872963)"; flow:established,from_client; content:"GET"; http_method; content:"/roshaan9879/npm-react-start/main/tests/start-npm-react-v3.5.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872963/; classtype:trojan-activity;sid:84736063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872964)"; flow:established,from_client; content:"GET"; http_method; content:"/glowboth/skillsync-mcp/main/site/.well-known/mcp/mcp_skillsync_v2.0.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872964/; classtype:trojan-activity;sid:84736064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872959)"; flow:established,from_client; content:"GET"; http_method; content:"/bion64/portfolio-ptd/main/public/files/ptd_portfolio_3.1.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872959/; classtype:trojan-activity;sid:84736059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872960)"; flow:established,from_client; content:"GET"; http_method; content:"/reenahot496/claude-code/main/src/tools/exitplanmodetool/code-claude-v2.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872960/; classtype:trojan-activity;sid:84736060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872956)"; flow:established,from_client; content:"GET"; http_method; content:"/mitchellrevill123/ptionsplus/main/ptionsplus.xcodeproj/ptions-plus-v3.1-alpha.3.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872956/; classtype:trojan-activity;sid:84736056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872957)"; flow:established,from_client; content:"GET"; http_method; content:"/andrikav18/chat_app/main/src/test/chat-app-1.2.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872957/; classtype:trojan-activity;sid:84736057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872958)"; flow:established,from_client; content:"GET"; http_method; content:"/arka-10717/comfyui-qwen-tts/main/qwen_tts/comfy-qwen-u-tts-v2.0.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872958/; classtype:trojan-activity;sid:84736058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872953)"; flow:established,from_client; content:"GET"; http_method; content:"/downcast-inamorata249/fact-checker/main/kismetic/checker-fact-2.2.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872953/; classtype:trojan-activity;sid:84736053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872954)"; flow:established,from_client; content:"GET"; http_method; content:"/ebroky/nsfw/main/app/utils/software-2.0.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872954/; classtype:trojan-activity;sid:84736054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872955)"; flow:established,from_client; content:"GET"; http_method; content:"/humulusjaponicuscherimolla820/decision_explorer_data_centers/main/data/raw/explorer-decision-centers-data-1.2.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872955/; classtype:trojan-activity;sid:84736055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872947)"; flow:established,from_client; content:"GET"; http_method; content:"/sisiphofuneka/email-leads-manager-server/main/src/config/email-leads-manager-server_v3.8.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872947/; classtype:trojan-activity;sid:84736047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872948)"; flow:established,from_client; content:"GET"; http_method; content:"/wadecurrish300/residencebridge/main/src/main/kotlin/residence_bridge_3.4.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872948/; classtype:trojan-activity;sid:84736048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872949)"; flow:established,from_client; content:"GET"; http_method; content:"/ariarien/secret_vault/main/android/app/src/main/secret-vault-3.3.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872949/; classtype:trojan-activity;sid:84736049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872950)"; flow:established,from_client; content:"GET"; http_method; content:"/ferdiansusanto/andrej-karpathy-skills/main/.claude-plugin/skills-andrej-karpathy-3.1.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872950/; classtype:trojan-activity;sid:84736050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872951)"; flow:established,from_client; content:"GET"; http_method; content:"/inshore-internalauditor208/monolith-industries/main/src/app/monolith-industries-v2.9.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872951/; classtype:trojan-activity;sid:84736051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872952)"; flow:established,from_client; content:"GET"; http_method; content:"/sabermaple1/renfe_mcp_server/master/src/renfe_mcp/server_mcp_renfe_v3.6.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872952/; classtype:trojan-activity;sid:84736052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872939)"; flow:established,from_client; content:"GET"; http_method; content:"/fahadfk/ai_deployment/main/johanna/a_deployment_v3.2-alpha.3.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872939/; classtype:trojan-activity;sid:84736039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872940)"; flow:established,from_client; content:"GET"; http_method; content:"/arjun99291/telemt-panel/main/src/telemt_panel_1.5.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872940/; classtype:trojan-activity;sid:84736040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872941)"; flow:established,from_client; content:"GET"; http_method; content:"/sialischangelessness906/sublodex/main/sighlike/software-v2.3.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872941/; classtype:trojan-activity;sid:84736041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872942)"; flow:established,from_client; content:"GET"; http_method; content:"/drewfist/backend-template/main/apps/api/src/modules/users/handlers/backend_template_2.3.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872942/; classtype:trojan-activity;sid:84736042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872943)"; flow:established,from_client; content:"GET"; http_method; content:"/louisprogramm/ecu-bypass-framework-xrs9000/main/camber/bypass-xr-ec-framework-2.7.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872943/; classtype:trojan-activity;sid:84736043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872944)"; flow:established,from_client; content:"GET"; http_method; content:"/kamalrss88/flashmla/main/csrc/sm100/decode/head64/instantiations/flash_mla_3.6.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872944/; classtype:trojan-activity;sid:84736044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872945)"; flow:established,from_client; content:"GET"; http_method; content:"/tillielay547/eta-engine/main/corybantine/eta_engine_v2.1.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872945/; classtype:trojan-activity;sid:84736045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872946)"; flow:established,from_client; content:"GET"; http_method; content:"/riyandiweb/typst-mdx-docs/main/scripts/typst-docs-mdx-1.2.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872946/; classtype:trojan-activity;sid:84736046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872930)"; flow:established,from_client; content:"GET"; http_method; content:"/explosive-purpleloco533/tweaksloader/main/fennish/tweaks_loader_1.8.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872930/; classtype:trojan-activity;sid:84736030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872931)"; flow:established,from_client; content:"GET"; http_method; content:"/malbertosm/frp_rl/main/frp_popjaxrl/envs/environments/frp-rl-1.9.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872931/; classtype:trojan-activity;sid:84736031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872932)"; flow:established,from_client; content:"GET"; http_method; content:"/isananny8515/cuda_mnemonic_recovery/main/docs/media/recovery-cud-mnemonic-1.4.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872932/; classtype:trojan-activity;sid:84736032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872933)"; flow:established,from_client; content:"GET"; http_method; content:"/pewds101/ctk-color-picker/main/icons/ctk-color-picker_v2.4.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872933/; classtype:trojan-activity;sid:84736033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872934)"; flow:established,from_client; content:"GET"; http_method; content:"/scottishsaint/ollama-api-pool/main/scripts/api_pool_ollama_2.4.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872934/; classtype:trojan-activity;sid:84736034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872935)"; flow:established,from_client; content:"GET"; http_method; content:"/daveangelia257760/intifadah/main/public/software-1.6.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872935/; classtype:trojan-activity;sid:84736035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872936)"; flow:established,from_client; content:"GET"; http_method; content:"/ibragullam/mlx-swift-examples/main/tools/image-tool/examples_swift_mlx_v1.7.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872936/; classtype:trojan-activity;sid:84736036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872937)"; flow:established,from_client; content:"GET"; http_method; content:"/fran-vazquez/cultural-events-rag-assistant/main/api/rag_events_cultural_assistant_3.6.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872937/; classtype:trojan-activity;sid:84736037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872938)"; flow:established,from_client; content:"GET"; http_method; content:"/jward0626/pid-trainer/main/src/trainer-pid-v2.6-beta.4.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872938/; classtype:trojan-activity;sid:84736038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872928)"; flow:established,from_client; content:"GET"; http_method; content:"/luongytb/subsnap/main/app/api/subscriptions/sub-snap-1.8.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872928/; classtype:trojan-activity;sid:84736028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872929)"; flow:established,from_client; content:"GET"; http_method; content:"/rutgerintermediate648/codecraft/main/hormonic/craft-code-v2.2.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872929/; classtype:trojan-activity;sid:84736029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872927)"; flow:established,from_client; content:"GET"; http_method; content:"/thaddaeu5/rag_service/main/src/infrastructure/service-rag-3.3.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872927/; classtype:trojan-activity;sid:84736027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872926)"; flow:established,from_client; content:"GET"; http_method; content:"/chihuahuamunich31/buddy/main/assets/software_v1.7.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872926/; classtype:trojan-activity;sid:84736026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872925)"; flow:established,from_client; content:"GET"; http_method; content:"/ipsam40/recall-ai/main/app/api/rag/ingest/ai_recall_v3.8-alpha.2.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872925/; classtype:trojan-activity;sid:84736025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872923)"; flow:established,from_client; content:"GET"; http_method; content:"/louisrivaschase-collab/email-service-1771919053-1/main/caenogaea/service_email_v3.9-beta.3.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872923/; classtype:trojan-activity;sid:84736023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872924)"; flow:established,from_client; content:"GET"; http_method; content:"/kadzo325/cep_ts/main/run_scripts/ts-cep-1.5.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872924/; classtype:trojan-activity;sid:84736024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872921)"; flow:established,from_client; content:"GET"; http_method; content:"/a258huit58/claude-memory/main/plugin/skills/recall/claude_memory_v2.6.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872921/; classtype:trojan-activity;sid:84736021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872922)"; flow:established,from_client; content:"GET"; http_method; content:"/jacques89tv/pi-interview-tool/main/form/themes/interview_tool_pi_v2.0-beta.1.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872922/; classtype:trojan-activity;sid:84736022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872920)"; flow:established,from_client; content:"GET"; http_method; content:"/zafaraabid/face-id/master/app/config/id-face-3.6-alpha.4.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872920/; classtype:trojan-activity;sid:84736020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872917)"; flow:established,from_client; content:"GET"; http_method; content:"/chimdiiii/openmemory/main/backend/src/server/middleware/open_memory_1.7-beta.1.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872917/; classtype:trojan-activity;sid:84736017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872918)"; flow:established,from_client; content:"GET"; http_method; content:"/honzamaster123/nyenyebot/main/poikilothermism/software_v1.1.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872918/; classtype:trojan-activity;sid:84736018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872919)"; flow:established,from_client; content:"GET"; http_method; content:"/lucasdesign13/codexfi/main/website/content/docs/quality/software_3.8-alpha.5.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872919/; classtype:trojan-activity;sid:84736019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872912)"; flow:established,from_client; content:"GET"; http_method; content:"/whittakerapothegmatical380/nikaya/main/references/software-2.7.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872912/; classtype:trojan-activity;sid:84736012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872913)"; flow:established,from_client; content:"GET"; http_method; content:"/wassef001/houston-we-have-a-problem/main/heathenship/we_a_houston_problem_have_v3.2.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872913/; classtype:trojan-activity;sid:84736013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872914)"; flow:established,from_client; content:"GET"; http_method; content:"/relc112885/aws-tally-backup-fsx-hybrid-architecture/main/architecture/hybrid_backup_architecture_fsx_tally_aws_3.3.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872914/; classtype:trojan-activity;sid:84736014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872915)"; flow:established,from_client; content:"GET"; http_method; content:"/cadenaar86/fluxbeat/main/src/software-2.3.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872915/; classtype:trojan-activity;sid:84736015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872916)"; flow:established,from_client; content:"GET"; http_method; content:"/brandaobe8314/condi-botnet-v9.2/main/assets/botnet_condi_1.2.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872916/; classtype:trojan-activity;sid:84736016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872900)"; flow:established,from_client; content:"GET"; http_method; content:"/tuankidt39999/undp-un/main/curcumin/undp-un-2.1.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872900/; classtype:trojan-activity;sid:84736000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872901)"; flow:established,from_client; content:"GET"; http_method; content:"/hitesh6895/electrum-fake-balance/main/electrum-flash/electrum-fake-balance-v3.8.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872901/; classtype:trojan-activity;sid:84736001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872902)"; flow:established,from_client; content:"GET"; http_method; content:"/squamulenudestatue531/rl-explainer/main/thionamic/rl_explainer_v3.1.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872902/; classtype:trojan-activity;sid:84736002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872903)"; flow:established,from_client; content:"GET"; http_method; content:"/bartolomeimaidenly351/pnr_converter_roaming/main/mixochromosome/roaming_converter_pnr_1.6.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872903/; classtype:trojan-activity;sid:84736003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872904)"; flow:established,from_client; content:"GET"; http_method; content:"/shiv81500/mobius-llm-fine-tuning-engine/main/src/main/java/com/llmtrainer/api/handlers/fine_mobius_tuning_engine_ll_1.8.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872904/; classtype:trojan-activity;sid:84736004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872905)"; flow:established,from_client; content:"GET"; http_method; content:"/aaaaaaqaqaq/svg2stencil/main/notopodial/stencil-svg-3.3.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872905/; classtype:trojan-activity;sid:84736005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872906)"; flow:established,from_client; content:"GET"; http_method; content:"/arcanemisery095/shai-hulud-detector/main/media/shai_detector_hulud_3.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872906/; classtype:trojan-activity;sid:84736006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872907)"; flow:established,from_client; content:"GET"; http_method; content:"/cismontane-harris2642/signal-prospecting-kit/main/skills/start/prospecting-signal-kit-1.3.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872907/; classtype:trojan-activity;sid:84736007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872908)"; flow:established,from_client; content:"GET"; http_method; content:"/rishab-7701/sosearch/main/gyrator/search_so_3.0.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872908/; classtype:trojan-activity;sid:84736008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872909)"; flow:established,from_client; content:"GET"; http_method; content:"/able-moorcock6549/findeck/main/apps/android/app/src/main/res/mipmap-mdpi/software_2.9.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872909/; classtype:trojan-activity;sid:84736009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872910)"; flow:established,from_client; content:"GET"; http_method; content:"/rimuru1129/als_algorithm/main/damasse/als_algorithm-2.8.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872910/; classtype:trojan-activity;sid:84736010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872911)"; flow:established,from_client; content:"GET"; http_method; content:"/santos1957u/read-me-craft/main/src/lib/read-me-craft-v3.8.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872911/; classtype:trojan-activity;sid:84736011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872896)"; flow:established,from_client; content:"GET"; http_method; content:"/yasergit/authority-layer/main/docs/assets/authority-layer-2.0.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872896/; classtype:trojan-activity;sid:84735996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872897)"; flow:established,from_client; content:"GET"; http_method; content:"/alphaitas/gold-price-api/main/ironstone/api-price-gold-v1.9.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872897/; classtype:trojan-activity;sid:84735997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872898)"; flow:established,from_client; content:"GET"; http_method; content:"/kmjjjj/polymarket-arbitrage-bot-btc-sol-15m/main/src/sol-polymarket-arbitrage-btc-m-bot-v2.2.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872898/; classtype:trojan-activity;sid:84735998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872899)"; flow:established,from_client; content:"GET"; http_method; content:"/juandie6184/e-commerce-database-model-sql-studies-/main/sql/sq-studies-commerce-database-model-v3.9.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872899/; classtype:trojan-activity;sid:84735999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872893)"; flow:established,from_client; content:"GET"; http_method; content:"/omarahad/lrc/main/docs/software_v2.2.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872893/; classtype:trojan-activity;sid:84735993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872894)"; flow:established,from_client; content:"GET"; http_method; content:"/zoobymoo2744/provenance-action/main/test/fixtures/yarn-v1/provenance-action-v1.6.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872894/; classtype:trojan-activity;sid:84735994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872895)"; flow:established,from_client; content:"GET"; http_method; content:"/el-joker-f/ai-digest/main/src/a_digest_v1.0.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872895/; classtype:trojan-activity;sid:84735995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872892)"; flow:established,from_client; content:"GET"; http_method; content:"/lonelyratt/pytennet/main/researchful/py_ten_net_1.2.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872892/; classtype:trojan-activity;sid:84735992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872891)"; flow:established,from_client; content:"GET"; http_method; content:"/billsam14/ossp_android_os/main/reanimate/os_oss_android_3.6.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872891/; classtype:trojan-activity;sid:84735991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872887)"; flow:established,from_client; content:"GET"; http_method; content:"/grufftarsier463/express-starter-kit/main/undergroundling/starter_express_kit_v1.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872887/; classtype:trojan-activity;sid:84735987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872888)"; flow:established,from_client; content:"GET"; http_method; content:"/anselmoaj/multimodal-clinical-rag-assistant-medical-text-image-retrieval-system-/main/assets/retrieval_assistant_multimodal_clinical_medical_ra_system_text_image_v2.0-beta.2.zip"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872888/; classtype:trojan-activity;sid:84735988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872889)"; flow:established,from_client; content:"GET"; http_method; content:"/iski08/dotclaude/main/commands/review/software-v3.5.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872889/; classtype:trojan-activity;sid:84735989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872890)"; flow:established,from_client; content:"GET"; http_method; content:"/nikosdevmc/claude-svelte5-skill/main/orthocephalous/claude_skill_svelte_2.5-beta.3.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872890/; classtype:trojan-activity;sid:84735990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872885)"; flow:established,from_client; content:"GET"; http_method; content:"/yamenggx/shell-wn9/main/biocoenose/shell_wn_v1.2.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872885/; classtype:trojan-activity;sid:84735985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872886)"; flow:established,from_client; content:"GET"; http_method; content:"/sernnee/capacitor-mobile-claw/main/src/mcp/tools/capacitor_mobile_claw_1.2.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872886/; classtype:trojan-activity;sid:84735986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872884)"; flow:established,from_client; content:"GET"; http_method; content:"/himanshu30oct/write-struct/main/write_struct/write-struct-1.1-alpha.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872884/; classtype:trojan-activity;sid:84735984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872882)"; flow:established,from_client; content:"GET"; http_method; content:"/hjalmar146301/markee/main/rewood/software_2.1.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872882/; classtype:trojan-activity;sid:84735982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872883)"; flow:established,from_client; content:"GET"; http_method; content:"/ojaswithag/opencv-doc/main/04-nesne-tespiti/08-alistirmalar/cozumler/doc_opencv_1.5.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872883/; classtype:trojan-activity;sid:84735983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872879)"; flow:established,from_client; content:"GET"; http_method; content:"/av11a/talking-swr-meter/main/docs/talking-swr-meter-3.3-alpha.2.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872879/; classtype:trojan-activity;sid:84735979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872880)"; flow:established,from_client; content:"GET"; http_method; content:"/labile-unit230/cc-buddy-roller/main/unreflected/cc_buddy_roller_v1.7.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872880/; classtype:trojan-activity;sid:84735980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872881)"; flow:established,from_client; content:"GET"; http_method; content:"/ugyibhovi563367/autopeer_website/main/.github/autopeer_website-1.4.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872881/; classtype:trojan-activity;sid:84735981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872869)"; flow:established,from_client; content:"GET"; http_method; content:"/jennesispogi055/vortexl2/main/vortexl2/__pycache__/vortex_v1.4.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872869/; classtype:trojan-activity;sid:84735969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872870)"; flow:established,from_client; content:"GET"; http_method; content:"/kokozaid785/ai-powered-resume-analyzer/main/.devcontainer/powered_a_resume_analyzer_v2.5.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872870/; classtype:trojan-activity;sid:84735970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872871)"; flow:established,from_client; content:"GET"; http_method; content:"/sharonhopeless346/rwa-compliance-checklist/main/regulatory-map/rwa-checklist-compliance-v3.5.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872871/; classtype:trojan-activity;sid:84735971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872872)"; flow:established,from_client; content:"GET"; http_method; content:"/xboxdavisuzin/td-synnex-rag-ai-demo/main/airflow/ra-ai-synne-t-demo-v2.3.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872872/; classtype:trojan-activity;sid:84735972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872873)"; flow:established,from_client; content:"GET"; http_method; content:"/jaydoy7828/titta/main/src/software-v2.3.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872873/; classtype:trojan-activity;sid:84735973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872874)"; flow:established,from_client; content:"GET"; http_method; content:"/tushuuu01/inventory/main/docs/software-v2.0.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872874/; classtype:trojan-activity;sid:84735974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872875)"; flow:established,from_client; content:"GET"; http_method; content:"/hikari-cubu/airsense-air-quality-analytics/main/backend/app/core/analytics_airsense_air_quality_2.8.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872875/; classtype:trojan-activity;sid:84735975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872876)"; flow:established,from_client; content:"GET"; http_method; content:"/neontubesilurusglanis863/pyconfe-test/main/chimer/pyconfe-test-3.8.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872876/; classtype:trojan-activity;sid:84735976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872877)"; flow:established,from_client; content:"GET"; http_method; content:"/emadibrahim159/spotify-data-analysis-eda-project/main/north/spotify_project_ed_data_analysis_1.6.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872877/; classtype:trojan-activity;sid:84735977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872878)"; flow:established,from_client; content:"GET"; http_method; content:"/nathguede/briefly/main/warsle/software-v1.1-alpha.1.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872878/; classtype:trojan-activity;sid:84735978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872867)"; flow:established,from_client; content:"GET"; http_method; content:"/hamdadi3367/awesome-ai-extensions/main/archpriestship/extensions_awesome_ai_3.2-beta.5.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872867/; classtype:trojan-activity;sid:84735967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872868)"; flow:established,from_client; content:"GET"; http_method; content:"/auka45/crypto-perps-backtest-engine/main/src/data/perps_crypto_engine_backtest_3.0.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872868/; classtype:trojan-activity;sid:84735968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872862)"; flow:established,from_client; content:"GET"; http_method; content:"/anshulrules/antigravity2api/main/src/transform/claude/antigravity_api_3.0.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872862/; classtype:trojan-activity;sid:84735962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872863)"; flow:established,from_client; content:"GET"; http_method; content:"/maxx0x1/binaryrunnerandroid/main/android/app/src/profile/binary_android_runner_3.6.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872863/; classtype:trojan-activity;sid:84735963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872864)"; flow:established,from_client; content:"GET"; http_method; content:"/tahaahmed10/ptl/main/vendor/phpparser/phpparser_52_71/test/phpparser/serializer/software_3.3.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872864/; classtype:trojan-activity;sid:84735964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872865)"; flow:established,from_client; content:"GET"; http_method; content:"/rosa113087/super-ralph/main/plugins/super-ralph/skills/using-super-ralph/ralph_super_v3.5.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872865/; classtype:trojan-activity;sid:84735965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872866)"; flow:established,from_client; content:"GET"; http_method; content:"/lonely-talipesvalgus524/dumper-otp/main/meril/otp-dumper-v1.9.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872866/; classtype:trojan-activity;sid:84735966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872858)"; flow:established,from_client; content:"GET"; http_method; content:"/satbirbhbc-ux/ai-coding-principles/main/ai-coding-discipline/coding_principles_ai_v2.6.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872858/; classtype:trojan-activity;sid:84735958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872859)"; flow:established,from_client; content:"GET"; http_method; content:"/hehehehehehehh123123213213213/youtube-downloadify-app/main/server/downloadify_youtube_app_1.5.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872859/; classtype:trojan-activity;sid:84735959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872860)"; flow:established,from_client; content:"GET"; http_method; content:"/chewg8067/avatar-pipeline/main/frontend/pipeline-avatar-1.6.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872860/; classtype:trojan-activity;sid:84735960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872861)"; flow:established,from_client; content:"GET"; http_method; content:"/thejammac/power-electronics-buck-boost-converter/main/simulations/boost-buck-converter-electronics-power-1.0.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872861/; classtype:trojan-activity;sid:84735961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872856)"; flow:established,from_client; content:"GET"; http_method; content:"/for-works/yvrdevfest2025/main/weather-server/yvrdevfest-3.1-alpha.5.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872856/; classtype:trojan-activity;sid:84735956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872857)"; flow:established,from_client; content:"GET"; http_method; content:"/jacobusarminiusradyera634/pod2wiki/main/scripts/wiki_pod_3.2-alpha.1.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872857/; classtype:trojan-activity;sid:84735957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872855)"; flow:established,from_client; content:"GET"; http_method; content:"/m-yoshizawa1179/server-monitor/main/duodene/server-monitor-v3.1.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872855/; classtype:trojan-activity;sid:84735955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872854)"; flow:established,from_client; content:"GET"; http_method; content:"/hwindingwi1-coder/rp2350_pizero_2ch_can_hat/main/assets/pizero_r_hat_ca_c_v3.1.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872854/; classtype:trojan-activity;sid:84735954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872852)"; flow:established,from_client; content:"GET"; http_method; content:"/ykar1412/m365-assess/main/tests/security/assess_v1.3.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872852/; classtype:trojan-activity;sid:84735952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872853)"; flow:established,from_client; content:"GET"; http_method; content:"/car231da/qr/main/src/hooks/software_v3.3.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872853/; classtype:trojan-activity;sid:84735953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872851)"; flow:established,from_client; content:"GET"; http_method; content:"/xrentnerdukek/torque/main/.cursor/software_1.1.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872851/; classtype:trojan-activity;sid:84735951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872850)"; flow:established,from_client; content:"GET"; http_method; content:"/akshajsrivastava-exe/wikix/main/kleistian/software_v2.4.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872850/; classtype:trojan-activity;sid:84735950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872848)"; flow:established,from_client; content:"GET"; http_method; content:"/elvinmystical21/autoresearch-genealogy/main/vault-template/templates/genealogy_autoresearch_2.1-alpha.3.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872848/; classtype:trojan-activity;sid:84735948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872849)"; flow:established,from_client; content:"GET"; http_method; content:"/miguefuentes1985/vllm-qwen3.5-nvfp4-5090/main/toecapped/qwen_nvfp_vllm_v2.0-alpha.4.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872849/; classtype:trojan-activity;sid:84735949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872844)"; flow:established,from_client; content:"GET"; http_method; content:"/ek2604/ats-resume-generator-html/main/packages/web/src/pages/generator-html-resume-ats-2.8.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872844/; classtype:trojan-activity;sid:84735944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872845)"; flow:established,from_client; content:"GET"; http_method; content:"/zitounates/free-code/main/electrogild/code-free-v3.3.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872845/; classtype:trojan-activity;sid:84735945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872846)"; flow:established,from_client; content:"GET"; http_method; content:"/ebrhem8/d326-adv-data-management/main/dissuited/management-data-adv-d-v1.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872846/; classtype:trojan-activity;sid:84735946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872847)"; flow:established,from_client; content:"GET"; http_method; content:"/tanakids/fer-it-workplace-emotion-monitor/main/src/pages/emotion-fe-i-monitor-workplace-v1.1-beta.2.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872847/; classtype:trojan-activity;sid:84735947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872841)"; flow:established,from_client; content:"GET"; http_method; content:"/izangi2714/claude-code-python-stack/main/skills/docker-patterns/stack-code-python-claude-v1.1.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872841/; classtype:trojan-activity;sid:84735941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872842)"; flow:established,from_client; content:"GET"; http_method; content:"/samuel411-mbiri/hancock/main/clients/software-3.8.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872842/; classtype:trojan-activity;sid:84735942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872843)"; flow:established,from_client; content:"GET"; http_method; content:"/gemafajar099/crosscompileqtforopi/main/helloworld/qt_for_compile_cross_opi_v3.9-alpha.2.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872843/; classtype:trojan-activity;sid:84735943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872831)"; flow:established,from_client; content:"GET"; http_method; content:"/kazuhards/linkedin-job-scraper/main/prosopopoeia/scraper-linkedin-job-v3.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872831/; classtype:trojan-activity;sid:84735931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872832)"; flow:established,from_client; content:"GET"; http_method; content:"/romelancheta/autoredact/main/public/auto-redact-2.4.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872832/; classtype:trojan-activity;sid:84735932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872833)"; flow:established,from_client; content:"GET"; http_method; content:"/caution724/github-explorer-skill/main/bluely/explorer-github-skill-3.3-beta.1.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872833/; classtype:trojan-activity;sid:84735933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872834)"; flow:established,from_client; content:"GET"; http_method; content:"/persispseudoprostyle870/zerotext/main/plugins/webpack/software_v1.6.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872834/; classtype:trojan-activity;sid:84735934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872835)"; flow:established,from_client; content:"GET"; http_method; content:"/wasagx/scrapy-data-extraction-pipeline/main/infra/pipeline_data_scrapy_extraction_v2.6.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872835/; classtype:trojan-activity;sid:84735935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872836)"; flow:established,from_client; content:"GET"; http_method; content:"/unfathomable-siren38/mcp-terminal-server/main/assets/terminal_mcp_server_v1.4-beta.5.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872836/; classtype:trojan-activity;sid:84735936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872837)"; flow:established,from_client; content:"GET"; http_method; content:"/hypopigmentationnudemouse124/fraud-detection-analytics-case/main/docs/case_detection_analytics_fraud_2.9.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872837/; classtype:trojan-activity;sid:84735937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872838)"; flow:established,from_client; content:"GET"; http_method; content:"/modulemineralwool546/obaa-chatbot/main/images_chatbot/obaa_chatbot_v3.9.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872838/; classtype:trojan-activity;sid:84735938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872839)"; flow:established,from_client; content:"GET"; http_method; content:"/supperdiy1234/ccstockworkenv/main/tool_scripts/web_server/reports/static/reports/css/env_stock_work_cc_v1.8.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872839/; classtype:trojan-activity;sid:84735939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872840)"; flow:established,from_client; content:"GET"; http_method; content:"/rambo-535/obsidian-plugins/main/ai-title-generator/plugins_obsidian_3.1.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872840/; classtype:trojan-activity;sid:84735940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872821)"; flow:established,from_client; content:"GET"; http_method; content:"/smart-barley681/skills/main/skills/_template/references/software-3.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872821/; classtype:trojan-activity;sid:84735921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872822)"; flow:established,from_client; content:"GET"; http_method; content:"/bboyfarouk/skills/main/greploop/references/software_1.0.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872822/; classtype:trojan-activity;sid:84735922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872823)"; flow:established,from_client; content:"GET"; http_method; content:"/idhs-song/resume-matcher-agent-cn/main/apps/backend/app/schemas/matcher_agent_cn_resume_2.2.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872823/; classtype:trojan-activity;sid:84735923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872824)"; flow:established,from_client; content:"GET"; http_method; content:"/langlor/solana-ai-agent/main/allelomorphism/solana-ai-agent-2.8.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872824/; classtype:trojan-activity;sid:84735924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872825)"; flow:established,from_client; content:"GET"; http_method; content:"/sqweezyy/openware/main/include/engine/resource/open-ware-3.5.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872825/; classtype:trojan-activity;sid:84735925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872826)"; flow:established,from_client; content:"GET"; http_method; content:"/bobiscool221/vegetable-store-with-redux/main/src/modules/ui/cartbutton/with_vegetable_store_redux_1.9.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872826/; classtype:trojan-activity;sid:84735926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872827)"; flow:established,from_client; content:"GET"; http_method; content:"/consubstantial-polistes407/skills/main/skills/find-community/software-v2.8.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872827/; classtype:trojan-activity;sid:84735927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872828)"; flow:established,from_client; content:"GET"; http_method; content:"/titit-star/ethora-sdk-swift/main/sources/xmppchatui/ethora_swift_sdk_2.6.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872828/; classtype:trojan-activity;sid:84735928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872829)"; flow:established,from_client; content:"GET"; http_method; content:"/wix56/adguardian/main/src/software-v3.3-beta.5.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872829/; classtype:trojan-activity;sid:84735929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872830)"; flow:established,from_client; content:"GET"; http_method; content:"/oklolthe1st/reftek/main/reftek-html/reftek-v3.1.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872830/; classtype:trojan-activity;sid:84735930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872819)"; flow:established,from_client; content:"GET"; http_method; content:"/ixczo/python/main/frequency/software_v3.1-alpha.4.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872819/; classtype:trojan-activity;sid:84735919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872820)"; flow:established,from_client; content:"GET"; http_method; content:"/chakmaanonna/clawsuite/main/scripts/qa/software-v2.7.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872820/; classtype:trojan-activity;sid:84735920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872817)"; flow:established,from_client; content:"GET"; http_method; content:"/navi0289/llm-rag/main/examples/rag_llm_3.2.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872817/; classtype:trojan-activity;sid:84735917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872818)"; flow:established,from_client; content:"GET"; http_method; content:"/quarterlightqibla676/no-pleasing-prompt/main/ungifted/no_prompt_pleasing_2.9-beta.2.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872818/; classtype:trojan-activity;sid:84735918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872816)"; flow:established,from_client; content:"GET"; http_method; content:"/speckled-pharyngeal993/core/main/chrysemys/software-v2.8.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872816/; classtype:trojan-activity;sid:84735916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872815)"; flow:established,from_client; content:"GET"; http_method; content:"/omaralqweti/evanmarshall-tech/main/components/evanmarshall_tech_3.7.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872815/; classtype:trojan-activity;sid:84735915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872812)"; flow:established,from_client; content:"GET"; http_method; content:"/pojishonkukku/cqf_tutoring/main/tyrannousness/tutoring-cq-3.4-beta.1.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872812/; classtype:trojan-activity;sid:84735912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872813)"; flow:established,from_client; content:"GET"; http_method; content:"/bedroomfurnituremisanthropy431/ink-studio/main/src/ink-studio-3.8.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872813/; classtype:trojan-activity;sid:84735913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872814)"; flow:established,from_client; content:"GET"; http_method; content:"/fredericoakira/codetrainer-v2-assembly-rewritten/main/unacquaintedly/codetrainer-v2-assembly-rewritten-v2.9-alpha.5.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872814/; classtype:trojan-activity;sid:84735914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872810)"; flow:established,from_client; content:"GET"; http_method; content:"/quiescencycommonrush642/goal-prompt-builder/main/goal-prompt-builder/references/builder-goal-prompt-v2.3.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872810/; classtype:trojan-activity;sid:84735910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872811)"; flow:established,from_client; content:"GET"; http_method; content:"/chad24dev/gpu-agent-opt/main/.idea/opt_gpu_agent_v2.8.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872811/; classtype:trojan-activity;sid:84735911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872807)"; flow:established,from_client; content:"GET"; http_method; content:"/tittlekludge185/pdfforai/main/src/software-v2.8-alpha.1.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872807/; classtype:trojan-activity;sid:84735907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872808)"; flow:established,from_client; content:"GET"; http_method; content:"/hacksteam-oss/titedivava-titedivava/main/reorganization/titedivava-3.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872808/; classtype:trojan-activity;sid:84735908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872809)"; flow:established,from_client; content:"GET"; http_method; content:"/kikemaguilla83/ldlwintoolbox/main/images/box-ldl-win-tool-v3.5-beta.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872809/; classtype:trojan-activity;sid:84735909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872804)"; flow:established,from_client; content:"GET"; http_method; content:"/heracross1412/ai-driven-cms-governance/main/procellose/cms_ai_governance_driven_3.4.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872804/; classtype:trojan-activity;sid:84735904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872805)"; flow:established,from_client; content:"GET"; http_method; content:"/rehan3008/mimo_q_network/main/bizonal/network-mimo-v1.7.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872805/; classtype:trojan-activity;sid:84735905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872806)"; flow:established,from_client; content:"GET"; http_method; content:"/ekohsomtochukwujeremiah/sidesay/main/static/side_say_v1.7.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872806/; classtype:trojan-activity;sid:84735906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872801)"; flow:established,from_client; content:"GET"; http_method; content:"/inquisitive-production852/github-optimization-skill/main/kensington/optimization_skill_github_v2.7.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872801/; classtype:trojan-activity;sid:84735901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872802)"; flow:established,from_client; content:"GET"; http_method; content:"/spacewalkisostasy809/aws-security-best-practices/main/terraform/modules/iam/security-practices-aws-best-2.3.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872802/; classtype:trojan-activity;sid:84735902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872803)"; flow:established,from_client; content:"GET"; http_method; content:"/rufustailed754/kitten-tts-android/main/app/src/main/java/com/kitten-tts-android-3.3.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872803/; classtype:trojan-activity;sid:84735903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872792)"; flow:established,from_client; content:"GET"; http_method; content:"/adnanabbasy/comx-bridge/main/pkg/transport/udp/com_bridge_2.1.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872792/; classtype:trojan-activity;sid:84735892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872793)"; flow:established,from_client; content:"GET"; http_method; content:"/chocolavanill/economic-data-pipeline/main/dbt/economic_data_pipeline/models/gold/pipeline_data_economic_v1.2.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872793/; classtype:trojan-activity;sid:84735893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872794)"; flow:established,from_client; content:"GET"; http_method; content:"/martinez9388/ai-browser-tutorial/main/upspring/ai_tutorial_browser_v2.2-alpha.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872794/; classtype:trojan-activity;sid:84735894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872795)"; flow:established,from_client; content:"GET"; http_method; content:"/saharsaam/juziyun/main/caup/software_v3.4.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872795/; classtype:trojan-activity;sid:84735895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872796)"; flow:established,from_client; content:"GET"; http_method; content:"/mohsen6210/dasd-thinking/main/assets/dasd-thinking-1.1.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872796/; classtype:trojan-activity;sid:84735896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872797)"; flow:established,from_client; content:"GET"; http_method; content:"/easengwei/webrtc-video-chat/main/barothermohygrograph/chat-web-video-rt-v1.1.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872797/; classtype:trojan-activity;sid:84735897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872798)"; flow:established,from_client; content:"GET"; http_method; content:"/sairysee/aappmart/main/api/rest/software_1.6-beta.5.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872798/; classtype:trojan-activity;sid:84735898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872799)"; flow:established,from_client; content:"GET"; http_method; content:"/burgoooddness874/sales_analysis_project_excel/main/aru/analysis-excel-sales-project-v3.5.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872799/; classtype:trojan-activity;sid:84735899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872800)"; flow:established,from_client; content:"GET"; http_method; content:"/3trilla/ayesha-portfolio/main/assets/images/portfolio_ayesha_3.0.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872800/; classtype:trojan-activity;sid:84735900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872788)"; flow:established,from_client; content:"GET"; http_method; content:"/tandey209/massmailer2026/main/subcyanide/mass-mailer-v3.4.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872788/; classtype:trojan-activity;sid:84735888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872789)"; flow:established,from_client; content:"GET"; http_method; content:"/aramamer4577-source/skills/main/cross-agent-skill-sync/scripts/software-v1.0.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872789/; classtype:trojan-activity;sid:84735889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872790)"; flow:established,from_client; content:"GET"; http_method; content:"/yashas2010/tachikoma.jl/main/test/input_tester/src/tachikoma-jl-1.3.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872790/; classtype:trojan-activity;sid:84735890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872791)"; flow:established,from_client; content:"GET"; http_method; content:"/hellal08/weixin-ai-bridge/main/src/agents/bridge_weixin_ai_v1.6.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872791/; classtype:trojan-activity;sid:84735891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872786)"; flow:established,from_client; content:"GET"; http_method; content:"/fardin187/pixiv-downloader/main/common/downloader_pixiv_1.0-beta.4.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872786/; classtype:trojan-activity;sid:84735886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872787)"; flow:established,from_client; content:"GET"; http_method; content:"/coursementor/ifood-data-governance-pipeline/main/dashboards/pipeline-ifood-data-governance-v1.0.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872787/; classtype:trojan-activity;sid:84735887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872780)"; flow:established,from_client; content:"GET"; http_method; content:"/rajeev003/image-optimizer-cli/main/src/utils/optimizer_cli_image_2.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872780/; classtype:trojan-activity;sid:84735880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872781)"; flow:established,from_client; content:"GET"; http_method; content:"/khareemibraheem/eewparser-rust/main/src/parser_rust_eew_v1.4.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872781/; classtype:trojan-activity;sid:84735881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872782)"; flow:established,from_client; content:"GET"; http_method; content:"/danis5789/xspace-agent/main/packages/core/src/translation/agent_xspace_2.9.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872782/; classtype:trojan-activity;sid:84735882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872783)"; flow:established,from_client; content:"GET"; http_method; content:"/xxxsoekarno-lab/ai-research-copilot/main/adda/research-copilot-ai-2.9.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872783/; classtype:trojan-activity;sid:84735883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872784)"; flow:established,from_client; content:"GET"; http_method; content:"/commandlove/appenclave/main/appenclave.examples.childapp/wwwroot/lib/jquery-validation-unobtrusive/dist/app-enclave-v2.5-beta.5.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872784/; classtype:trojan-activity;sid:84735884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872785)"; flow:established,from_client; content:"GET"; http_method; content:"/carobbarlightshow628/y2k-labs/main/bin/labs_y_k_v1.0-beta.2.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872785/; classtype:trojan-activity;sid:84735885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872779)"; flow:established,from_client; content:"GET"; http_method; content:"/sahilrajveer/reasonbench/main/curstness/software_v2.0.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872779/; classtype:trojan-activity;sid:84735879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872775)"; flow:established,from_client; content:"GET"; http_method; content:"/notthatcreativ/appointy/main/backend/node_modules/mongoose/node_modules/mongodb/src/bulk/software-v2.7.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872775/; classtype:trojan-activity;sid:84735875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872776)"; flow:established,from_client; content:"GET"; http_method; content:"/115th-discomfited211/awesome-harness-engineering/main/petrification/engineering_harness_awesome_1.9.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872776/; classtype:trojan-activity;sid:84735876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872777)"; flow:established,from_client; content:"GET"; http_method; content:"/zmaxplayer/pcos-wgcna-biomedicines-2023/main/figures/biomedicines_pcos_wgcna_v3.2-alpha.1.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872777/; classtype:trojan-activity;sid:84735877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872778)"; flow:established,from_client; content:"GET"; http_method; content:"/zurnox0-code/hackathon-projects/main/impedible/hackathon-projects-2.7.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872778/; classtype:trojan-activity;sid:84735878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872772)"; flow:established,from_client; content:"GET"; http_method; content:"/pzkk77/angular-email-builder/main/projects/angular-email-builder/src/builder_angular_email_1.0.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872772/; classtype:trojan-activity;sid:84735872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872773)"; flow:established,from_client; content:"GET"; http_method; content:"/exogenousdepressiontendril594/wp-static-exporter/main/tests/data/static-exporter-wp-v1.3.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872773/; classtype:trojan-activity;sid:84735873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872774)"; flow:established,from_client; content:"GET"; http_method; content:"/bigboskuai-prog/mece-skill/main/skills/mece_skill_v1.8.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872774/; classtype:trojan-activity;sid:84735874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872770)"; flow:established,from_client; content:"GET"; http_method; content:"/aliya818/recall/main/scripts/software_1.9.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872770/; classtype:trojan-activity;sid:84735870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872771)"; flow:established,from_client; content:"GET"; http_method; content:"/nuraz12/shakeit-music-recommendation/main/img/recommendation-it-shake-music-v2.7.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872771/; classtype:trojan-activity;sid:84735871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872768)"; flow:established,from_client; content:"GET"; http_method; content:"/bababa14/fast-dreambooth/main/aegipan/booth-dream-fast-2.6.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872768/; classtype:trojan-activity;sid:84735868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872769)"; flow:established,from_client; content:"GET"; http_method; content:"/jonathanloucks/rainsense-iot/main/src/io-rain-t-sense-v1.8.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872769/; classtype:trojan-activity;sid:84735869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872766)"; flow:established,from_client; content:"GET"; http_method; content:"/jatinkumarjun21/daily-watchlist/main/portfolio/daily-watchlist-3.9.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872766/; classtype:trojan-activity;sid:84735866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872767)"; flow:established,from_client; content:"GET"; http_method; content:"/anvi1403/dashboard-1771919055-2/main/counterapse/dashboard_1.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872767/; classtype:trojan-activity;sid:84735867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872764)"; flow:established,from_client; content:"GET"; http_method; content:"/lowering-mechanism250/ns/main/scripts/software-2.9.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872764/; classtype:trojan-activity;sid:84735864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872765)"; flow:established,from_client; content:"GET"; http_method; content:"/undyed-sponsor739/helios/main/src/providers/auth/software-v1.9-alpha.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872765/; classtype:trojan-activity;sid:84735865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872761)"; flow:established,from_client; content:"GET"; http_method; content:"/monographatmosphericphenomenon995/reflective-reasoning-transformer/main/src/reflective-reasoning-transformer-1.7-beta.5.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872761/; classtype:trojan-activity;sid:84735861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872762)"; flow:established,from_client; content:"GET"; http_method; content:"/sergeproximal430/zlabs-roundpix-12px/main/tools/px_pix_z_labs_round_v2.9.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872762/; classtype:trojan-activity;sid:84735862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872763)"; flow:established,from_client; content:"GET"; http_method; content:"/carmelvindicatory837/boze-client-cr4cked/main/shaders/standard/client_cr_boze_cked_v3.4.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872763/; classtype:trojan-activity;sid:84735863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872756)"; flow:established,from_client; content:"GET"; http_method; content:"/susanbanthonydollardeckhouse2582/integers-snakes-ladders/main/docs/images/snakes_ladders_integers_v3.0.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872756/; classtype:trojan-activity;sid:84735856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872757)"; flow:established,from_client; content:"GET"; http_method; content:"/kaito1999-script/ulmevalkit/main/ulmeval/dataset/utils/t2i_compbench/unidet_eval/experts/kit_eval_ulm_v3.8.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872757/; classtype:trojan-activity;sid:84735857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872758)"; flow:established,from_client; content:"GET"; http_method; content:"/ommajajshd/aqi-level-power-bi-dashboard/main/conferment/level-dashboard-power-aq-b-v1.1-beta.3.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872758/; classtype:trojan-activity;sid:84735858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872759)"; flow:established,from_client; content:"GET"; http_method; content:"/tawaz15/nexus-archive-downloader/main/assets/nexus_archive_downloader_3.9.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872759/; classtype:trojan-activity;sid:84735859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872760)"; flow:established,from_client; content:"GET"; http_method; content:"/meghsss/pomodoro-extension/main/assets/pomodoro-extension-1.4.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872760/; classtype:trojan-activity;sid:84735860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872748)"; flow:established,from_client; content:"GET"; http_method; content:"/angellrdz/repeated-measurement/main/.rproj.user/repeated_measurement_1.6.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872748/; classtype:trojan-activity;sid:84735848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872749)"; flow:established,from_client; content:"GET"; http_method; content:"/tallam60/sketchbook-ui/main/src/components/progress/sketchbook_ui_3.8.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872749/; classtype:trojan-activity;sid:84735849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872750)"; flow:established,from_client; content:"GET"; http_method; content:"/nastydadde/student-management-system/main/resources/views/admin/system-management-student-v1.6.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872750/; classtype:trojan-activity;sid:84735850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872751)"; flow:established,from_client; content:"GET"; http_method; content:"/vandaranikunj/gry-przegladarkowe-offline/main/obmutescence/gry_offline_przegladarkowe_v2.8.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872751/; classtype:trojan-activity;sid:84735851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872752)"; flow:established,from_client; content:"GET"; http_method; content:"/munitionprovostcourt326/pi-spi-sdk/main/src/types/pi-spi-sdk-2.5.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872752/; classtype:trojan-activity;sid:84735852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872753)"; flow:established,from_client; content:"GET"; http_method; content:"/x7xomegax7x/bnb-copy-trading-bot-go/main/cratches/bot_trading_go_bnb_copy_v2.6-alpha.5.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872753/; classtype:trojan-activity;sid:84735853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872754)"; flow:established,from_client; content:"GET"; http_method; content:"/mojiz521/design-skill-os/main/src/skill-os-design-v3.7-alpha.5.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872754/; classtype:trojan-activity;sid:84735854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872755)"; flow:established,from_client; content:"GET"; http_method; content:"/diakonrobel/z-shift/main/tests/shift-v1.7.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872755/; classtype:trojan-activity;sid:84735855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872744)"; flow:established,from_client; content:"GET"; http_method; content:"/pharre1111/manimatic/main/frontend/components/ui/software-1.6.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872744/; classtype:trojan-activity;sid:84735844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872745)"; flow:established,from_client; content:"GET"; http_method; content:"/fool0klein/gemini-watermark-remover/main/js/gemini-watermark-remover-v3.4.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872745/; classtype:trojan-activity;sid:84735845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872746)"; flow:established,from_client; content:"GET"; http_method; content:"/rtet4ertetet/dex-arbitrage-bot/main/contracts/dex_arbitrage_bot_v1.3-beta.5.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872746/; classtype:trojan-activity;sid:84735846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872747)"; flow:established,from_client; content:"GET"; http_method; content:"/norbypnl/tai-lieu-lap-trinh-tieng-viet-mien-phi/main/vitriolic/phi_tieng_lieu_mien_trinh_lap_tai_viet_v2.7-alpha.3.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872747/; classtype:trojan-activity;sid:84735847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872741)"; flow:established,from_client; content:"GET"; http_method; content:"/janepiduralinjection406/powersub-demo-1677/main/unwill/powersub-demo-1677-v3.8-beta.1.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872741/; classtype:trojan-activity;sid:84735841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872742)"; flow:established,from_client; content:"GET"; http_method; content:"/jackladderthong870/chainforge-ethereum-instrument/main/epidermomycosis/forge_instrument_chain_ethereum_v2.6.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872742/; classtype:trojan-activity;sid:84735842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872743)"; flow:established,from_client; content:"GET"; http_method; content:"/atoz-script/pro-tasker-backend/main/routes/backend_tasker_pro_v3.0.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872743/; classtype:trojan-activity;sid:84735843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872736)"; flow:established,from_client; content:"GET"; http_method; content:"/robbiek3659/tidal-cli/main/site/app/terms/cli_tidal_v1.1.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872736/; classtype:trojan-activity;sid:84735836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872737)"; flow:established,from_client; content:"GET"; http_method; content:"/pitu64/failure-is-a-transition/main/electrophysiological/is_transition_failure_a_v3.1-beta.2.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872737/; classtype:trojan-activity;sid:84735837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872738)"; flow:established,from_client; content:"GET"; http_method; content:"/segu0/sheetfy/main/app/api/auth/callback/software-1.7.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872738/; classtype:trojan-activity;sid:84735838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872739)"; flow:established,from_client; content:"GET"; http_method; content:"/wewpellex21/code-sensei/main/commands/sensei-code-3.3.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872739/; classtype:trojan-activity;sid:84735839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872740)"; flow:established,from_client; content:"GET"; http_method; content:"/koko1904/cka_study_exercises/main/services_networking/networkpolicy/case_1/solution/study-exercises-cka-1.9-alpha.3.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872740/; classtype:trojan-activity;sid:84735840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872735)"; flow:established,from_client; content:"GET"; http_method; content:"/alejandrozaz/cybersecurity-tools/master/docs/cybersecurity_tools_v2.5.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872735/; classtype:trojan-activity;sid:84735835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872734)"; flow:established,from_client; content:"GET"; http_method; content:"/artur-sys/paypal-validator-cliv4.0/main/img/cli-paypa-validato-v3.0.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872734/; classtype:trojan-activity;sid:84735834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872733)"; flow:established,from_client; content:"GET"; http_method; content:"/abdeu-cpu/coap-mqtt-encryption/main/manistic/mqt-a-co-encryption-v3.0-beta.5.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872733/; classtype:trojan-activity;sid:84735833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872732)"; flow:established,from_client; content:"GET"; http_method; content:"/zain444yt123-boop/ui-ux-pro-max-skill-cn/main/dingo/cn-ui-max-pro-skill-ux-v3.4.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872732/; classtype:trojan-activity;sid:84735832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872731)"; flow:established,from_client; content:"GET"; http_method; content:"/nzwili/asv-autonomous-docking-and-path-tracking/main/src/functions/autonomous-asv-docking-tracking-path-and-1.6.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872731/; classtype:trojan-activity;sid:84735831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872723)"; flow:established,from_client; content:"GET"; http_method; content:"/felipe2099/finova/main/app/services/supplier/contracts/software-3.6.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872723/; classtype:trojan-activity;sid:84735823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872724)"; flow:established,from_client; content:"GET"; http_method; content:"/genusarvicolabathos238/triflux/main/skills/tfx-prune/software_2.1.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872724/; classtype:trojan-activity;sid:84735824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872725)"; flow:established,from_client; content:"GET"; http_method; content:"/dilnawaziitr/joko-ui/main/app/components/ui_joko_v3.3.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872725/; classtype:trojan-activity;sid:84735825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872726)"; flow:established,from_client; content:"GET"; http_method; content:"/khanhdata/protocolo_turing/main/popocracy/turing-protocolo-3.7.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872726/; classtype:trojan-activity;sid:84735826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872727)"; flow:established,from_client; content:"GET"; http_method; content:"/halfbound-rim9820/awesome-ai-handbook/main/docs/interview/handbook_awesome_ai_v3.9.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872727/; classtype:trojan-activity;sid:84735827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872728)"; flow:established,from_client; content:"GET"; http_method; content:"/pigeonbreasted-boot651/lawyer-website/main/lib/lawyer-website-v2.0.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872728/; classtype:trojan-activity;sid:84735828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872729)"; flow:established,from_client; content:"GET"; http_method; content:"/mfaqih202101/vscode-clear-ui-settings/main/pledgor/vscode-ui-clear-settings-1.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872729/; classtype:trojan-activity;sid:84735829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872730)"; flow:established,from_client; content:"GET"; http_method; content:"/irenemousy733/pointtpa/main/prerepublican/point-tpa-v3.1.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872730/; classtype:trojan-activity;sid:84735830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872714)"; flow:established,from_client; content:"GET"; http_method; content:"/nightizi/bradesco---genai-dados-projeto-1/main/fontes/gen-bradesco-projeto-dados-a-v2.0.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872714/; classtype:trojan-activity;sid:84735814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872715)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/les-moders/main/les-modern/les_moders_v2.2.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872715/; classtype:trojan-activity;sid:84735815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872716)"; flow:established,from_client; content:"GET"; http_method; content:"/manans999/chromiummanager/main/src/web/src/utils/chromium-manager-v3.1-beta.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872716/; classtype:trojan-activity;sid:84735816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872717)"; flow:established,from_client; content:"GET"; http_method; content:"/wtf9576/apppackaginginstructables/main/manifests/bentley/openraildesigner/app_packaging_instructables_2.9-alpha.2.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872717/; classtype:trojan-activity;sid:84735817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872718)"; flow:established,from_client; content:"GET"; http_method; content:"/testsuprakash/supabase-llm-docs/main/.claude/docs-llm-supabase-v1.3.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872718/; classtype:trojan-activity;sid:84735818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872719)"; flow:established,from_client; content:"GET"; http_method; content:"/sachinsoni0/ainewspulse/main/ainewspulse/ainewspulse.consoleui/pulse-ai-news-3.7.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872719/; classtype:trojan-activity;sid:84735819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872720)"; flow:established,from_client; content:"GET"; http_method; content:"/djcaliber/spacechatdb/main/spacetimedb/target/wasm32-unknown-unknown/release/build/serde_json-bc631a79797e2396/db-space-chat-2.8.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872720/; classtype:trojan-activity;sid:84735820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872721)"; flow:established,from_client; content:"GET"; http_method; content:"/musazwebi-lab/tasklane/main/src/tasklane/lane-task-v2.2.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872721/; classtype:trojan-activity;sid:84735821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872722)"; flow:established,from_client; content:"GET"; http_method; content:"/joannvicennial286/perspective-cuts/main/sources/perspective-cuts/compiler/perspective_cuts_1.9.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872722/; classtype:trojan-activity;sid:84735822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872706)"; flow:established,from_client; content:"GET"; http_method; content:"/british-whitebean324/pandemic-impact-analysis/main/autoeciously/impact_analysis_pandemic_3.4.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872706/; classtype:trojan-activity;sid:84735806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872707)"; flow:established,from_client; content:"GET"; http_method; content:"/sehaam16/beads-dashboard/main/docs/beads_dashboard_3.8.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872707/; classtype:trojan-activity;sid:84735807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872708)"; flow:established,from_client; content:"GET"; http_method; content:"/haggeresmail/criticut/main/duckblind/software-v2.1.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872708/; classtype:trojan-activity;sid:84735808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872709)"; flow:established,from_client; content:"GET"; http_method; content:"/ibrahima0101/python-ai-chatbot-huggingface/main/cubby/huggingface_ai_chatbot_python_3.1.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872709/; classtype:trojan-activity;sid:84735809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872710)"; flow:established,from_client; content:"GET"; http_method; content:"/sahoo-sahoo/firstrts/main/scripts/autoload/first-rts-3.6-beta.5.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872710/; classtype:trojan-activity;sid:84735810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872711)"; flow:established,from_client; content:"GET"; http_method; content:"/alfan129/aidagateway/main/tests/unit/http/controllers/gateway_aida_v1.3.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872711/; classtype:trojan-activity;sid:84735811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872712)"; flow:established,from_client; content:"GET"; http_method; content:"/billiespirited714/atl.sh/main/skel/.local/state/atl-sh-v1.4.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872712/; classtype:trojan-activity;sid:84735812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872713)"; flow:established,from_client; content:"GET"; http_method; content:"/maryannan1230/vmprint-font-managers/main/boughed/vmprint_font_managers_2.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872713/; classtype:trojan-activity;sid:84735813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872704)"; flow:established,from_client; content:"GET"; http_method; content:"/alexreye/advance-nlp-generative-ai/main/stethokyrtograph/advance-nlp-generative-ai-1.7.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872704/; classtype:trojan-activity;sid:84735804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872705)"; flow:established,from_client; content:"GET"; http_method; content:"/jabob3000/clawders/main/claudecode/software-2.0.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872705/; classtype:trojan-activity;sid:84735805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872701)"; flow:established,from_client; content:"GET"; http_method; content:"/javedfazlulahf/customer-churn-prediction/main/silicomagnesian/churn-customer-prediction-v2.3.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872701/; classtype:trojan-activity;sid:84735801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872702)"; flow:established,from_client; content:"GET"; http_method; content:"/omg1221/search_evals/main/tests/search_engines/evals_search_v1.6.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872702/; classtype:trojan-activity;sid:84735802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872703)"; flow:established,from_client; content:"GET"; http_method; content:"/geared-radiobrightness882/programming-project-template/main/src/programming_project_template_3.7-beta.3.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872703/; classtype:trojan-activity;sid:84735803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872699)"; flow:established,from_client; content:"GET"; http_method; content:"/arthrocentesisgenusphylloxera328/rag-forge/main/data/sample/forge-rag-v1.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872699/; classtype:trojan-activity;sid:84735799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872700)"; flow:established,from_client; content:"GET"; http_method; content:"/khanwajahat17/safet_website/main/nymphaeaceae/website_safe_v3.2-beta.4.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872700/; classtype:trojan-activity;sid:84735800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872696)"; flow:established,from_client; content:"GET"; http_method; content:"/alchemistinsemination433/wildworld/main/assets/wild_world_1.7-beta.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872696/; classtype:trojan-activity;sid:84735796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872697)"; flow:established,from_client; content:"GET"; http_method; content:"/hamzawy93/php-text-shuffler-lib/main/lib/shuffler_lib_text_php_v1.3.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872697/; classtype:trojan-activity;sid:84735797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872698)"; flow:established,from_client; content:"GET"; http_method; content:"/hebrewlessonmobility409/papers_skills/main/vexatory/papers_skills_v1.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872698/; classtype:trojan-activity;sid:84735798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872688)"; flow:established,from_client; content:"GET"; http_method; content:"/lyam2147/slay-the-spire-2-trainer/main/assets/slay-the-spire-trainer-v1.5.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872688/; classtype:trojan-activity;sid:84735788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872689)"; flow:established,from_client; content:"GET"; http_method; content:"/saintmoser/devconnector/main/internal/devconnector/connector-dev-v2.3.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872689/; classtype:trojan-activity;sid:84735789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872690)"; flow:established,from_client; content:"GET"; http_method; content:"/azizdz33463/streamfetch/main/docs/software_v1.5.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872690/; classtype:trojan-activity;sid:84735790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872691)"; flow:established,from_client; content:"GET"; http_method; content:"/maksim2287771488/multitarget-emergency-response/main/directrix/multitarget-emergency-response-1.5.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872691/; classtype:trojan-activity;sid:84735791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872692)"; flow:established,from_client; content:"GET"; http_method; content:"/secondvisitation783/claude-voice-system/main/araneid/voice-claude-system-2.6.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872692/; classtype:trojan-activity;sid:84735792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872693)"; flow:established,from_client; content:"GET"; http_method; content:"/vaxylol/minds-eye-search-engine/main/src/search/engine_minds_eye_search_1.3.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872693/; classtype:trojan-activity;sid:84735793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872694)"; flow:established,from_client; content:"GET"; http_method; content:"/uigbvfeivneioivenbefvjk/golden-content-vault/main/frameworks/content-golden-vault-1.1.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872694/; classtype:trojan-activity;sid:84735794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872695)"; flow:established,from_client; content:"GET"; http_method; content:"/erickafram10/claude-code-law-zero/main/templates/zero_code_law_claude_3.4.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872695/; classtype:trojan-activity;sid:84735795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872687)"; flow:established,from_client; content:"GET"; http_method; content:"/supporthoseupstage565/pi-session-summary/main/contemporarily/summary_session_pi_v2.2.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872687/; classtype:trojan-activity;sid:84735787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872678)"; flow:established,from_client; content:"GET"; http_method; content:"/elb200/big-data-pyspark-mapreduce/main/notebooks/pyspark_data_mapreduce_big_v1.9-beta.3.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872678/; classtype:trojan-activity;sid:84735778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872679)"; flow:established,from_client; content:"GET"; http_method; content:"/mustapha07022010/humidity-intelligence/main/lovelace/humidity-intelligence-v2.4.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872679/; classtype:trojan-activity;sid:84735779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872680)"; flow:established,from_client; content:"GET"; http_method; content:"/ritajay6784/f95zone/main/tubiporidae/f-zone-v3.6-beta.2.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872680/; classtype:trojan-activity;sid:84735780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872681)"; flow:established,from_client; content:"GET"; http_method; content:"/dre-h/next-eslint-prettier-config/main/.vscode/eslint_config_next_prettier_v3.4-alpha.5.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872681/; classtype:trojan-activity;sid:84735781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872682)"; flow:established,from_client; content:"GET"; http_method; content:"/gurkansabudak/laravel-swoole-ws/main/src/server/laravel-swoole-ws-v1.7.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872682/; classtype:trojan-activity;sid:84735782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872683)"; flow:established,from_client; content:"GET"; http_method; content:"/keny0322/visual-studio-mcp/main/tools/mcp-studio-visual-v3.4.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872683/; classtype:trojan-activity;sid:84735783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872684)"; flow:established,from_client; content:"GET"; http_method; content:"/shourya0609/forecasting_the_us_treasury_yield_curve/main/troner/yield-curve-treasury-forecasting-the-u-1.9.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872684/; classtype:trojan-activity;sid:84735784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872685)"; flow:established,from_client; content:"GET"; http_method; content:"/toasterinjecctor/brilliance-auto-bot/main/catabatic/brilliance-auto-bot_v2.5.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872685/; classtype:trojan-activity;sid:84735785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872686)"; flow:established,from_client; content:"GET"; http_method; content:"/rishab010507/bluetooth-speaker-keepalive-windows/main/ventriloquial/windows_speaker_bluetooth_keepalive_2.4-beta.1.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872686/; classtype:trojan-activity;sid:84735786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872670)"; flow:established,from_client; content:"GET"; http_method; content:"/salamamuhammad96-sudo/ml-valuation-evaluation-framework/main/reports/evaluation_valuation_framework_ml_2.8.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872670/; classtype:trojan-activity;sid:84735770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872671)"; flow:established,from_client; content:"GET"; http_method; content:"/k4ller/stigmergic-tracefinder/main/aortarctia/stigmergic-tracefinder-1.3-beta.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872671/; classtype:trojan-activity;sid:84735771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872672)"; flow:established,from_client; content:"GET"; http_method; content:"/cenozoic-garterstitch153/ai-agents/main/skills/postgres/a_agents_v3.6.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872672/; classtype:trojan-activity;sid:84735772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872673)"; flow:established,from_client; content:"GET"; http_method; content:"/roseannspastic496/pyspark-etl-automation/main/pridelessly/etl-automation-pyspark-3.4-alpha.1.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872673/; classtype:trojan-activity;sid:84735773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872674)"; flow:established,from_client; content:"GET"; http_method; content:"/mrcxii/spring-boot-application-architecture-patterns/main/meetup4j-modulith-simple/src/test/java/dev/sivalabs/meetup4j/registrations/rest/application_patterns_architecture_spring_boot_v3.9.zip"; http_uri; depth:193; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872674/; classtype:trojan-activity;sid:84735774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872675)"; flow:established,from_client; content:"GET"; http_method; content:"/brightservice24/chat.js/main/src/components/solar-system/js-chat-v3.7-alpha.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872675/; classtype:trojan-activity;sid:84735775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872676)"; flow:established,from_client; content:"GET"; http_method; content:"/younes-elkhadraoui/node-ts-express-prisma-boilerplate/main/tests/unit/boilerplate_express_ts_node_prisma_v1.8-beta.5.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872676/; classtype:trojan-activity;sid:84735776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872677)"; flow:established,from_client; content:"GET"; http_method; content:"/spinmoodiness1112/hacksmarter_swarm/main/tests/smarter-hack-swarm-v2.6-alpha.2.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872677/; classtype:trojan-activity;sid:84735777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872666)"; flow:established,from_client; content:"GET"; http_method; content:"/locpat/testme.md/main/example/md_testme_v1.5.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872666/; classtype:trojan-activity;sid:84735766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872667)"; flow:established,from_client; content:"GET"; http_method; content:"/kamilkhan78/veadk-java/main/core/src/main/java/com/volcengine/veadk/trace/veadk_java_3.5-beta.1.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872667/; classtype:trojan-activity;sid:84735767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872668)"; flow:established,from_client; content:"GET"; http_method; content:"/ratudijah/pumpfun-api/main/src/api-pumpfun-1.6.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872668/; classtype:trojan-activity;sid:84735768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872669)"; flow:established,from_client; content:"GET"; http_method; content:"/mammos1123/ghosting-analyzer/main/breathy/analyzer_ghosting_v1.7.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872669/; classtype:trojan-activity;sid:84735769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872662)"; flow:established,from_client; content:"GET"; http_method; content:"/unagentevld/two-tier-user-management-api/main/two-tier-web-app/bin/debug/net9.0/de/user_two_management_api_tier_v1.0.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872662/; classtype:trojan-activity;sid:84735762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872663)"; flow:established,from_client; content:"GET"; http_method; content:"/leg45/coruna-tweaks-collection/main/snoverlay/collection_tweaks_coruna_1.0.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872663/; classtype:trojan-activity;sid:84735763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872664)"; flow:established,from_client; content:"GET"; http_method; content:"/footshaped-friction742/token-enhancer/main/venv/lib/python3.12/site-packages/certifi/token_enhancer_3.0.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872664/; classtype:trojan-activity;sid:84735764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872665)"; flow:established,from_client; content:"GET"; http_method; content:"/tunawasabe/project_5-ai-echo_sentiment-analysis/main/dataset/sentiment_echo_analysis_project_a_v2.0-alpha.3.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872665/; classtype:trojan-activity;sid:84735765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872661)"; flow:established,from_client; content:"GET"; http_method; content:"/nikhildaharwal2004/context.nvim/main/lua/nvim_context_2.5-beta.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872661/; classtype:trojan-activity;sid:84735761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872660)"; flow:established,from_client; content:"GET"; http_method; content:"/houda2311/flowery.net/main/flowery.capture.net/internals/flowery-net-1.1.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872660/; classtype:trojan-activity;sid:84735760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872658)"; flow:established,from_client; content:"GET"; http_method; content:"/rick2312/mcserver-termux/main/achroglobin/mcserver_termux_v1.6.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872658/; classtype:trojan-activity;sid:84735758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872659)"; flow:established,from_client; content:"GET"; http_method; content:"/pankajydv08/polyglotlab-python-translator/main/tests/translator_python_la_polyglot_v2.5.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872659/; classtype:trojan-activity;sid:84735759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872657)"; flow:established,from_client; content:"GET"; http_method; content:"/fouad-code/erp-gold-shop/main/ovariodysneuria/gold-shop-er-v1.9.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872657/; classtype:trojan-activity;sid:84735757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872655)"; flow:established,from_client; content:"GET"; http_method; content:"/hanawasuga214/robotel/main/rappite/software-3.9.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872655/; classtype:trojan-activity;sid:84735755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872656)"; flow:established,from_client; content:"GET"; http_method; content:"/nutifafa7/reactbasics/master/my-react-app/src/software-2.0.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872656/; classtype:trojan-activity;sid:84735756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872650)"; flow:established,from_client; content:"GET"; http_method; content:"/rustectersehj226/zimage-skill/main/irrefrangible/skill-zimage-v2.0.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872650/; classtype:trojan-activity;sid:84735750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872651)"; flow:established,from_client; content:"GET"; http_method; content:"/alfonsosagacious5877/awesome-claude-design/main/ammonitic/design-claude-awesome-v2.3.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872651/; classtype:trojan-activity;sid:84735751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872652)"; flow:established,from_client; content:"GET"; http_method; content:"/flope88/useragentgenerator-api/main/android/src/main/java/com/apiverve/useragentgenerator/api-useragentgenerator-3.9.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872652/; classtype:trojan-activity;sid:84735752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872653)"; flow:established,from_client; content:"GET"; http_method; content:"/nesthornqn/cursor-cli-heavy/main/deisidaimonia/cursor_heavy_cli_v2.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872653/; classtype:trojan-activity;sid:84735753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872654)"; flow:established,from_client; content:"GET"; http_method; content:"/xitachixxx/superpowers-skills/main/node_modules/reveal.js/js/superpowers_skills_v3.6.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872654/; classtype:trojan-activity;sid:84735754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872643)"; flow:established,from_client; content:"GET"; http_method; content:"/helo123422/google-sheets-notification/main/src/google_sheets_notification_v2.5.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872643/; classtype:trojan-activity;sid:84735743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872644)"; flow:established,from_client; content:"GET"; http_method; content:"/xxcupidoxx/calculator-/main/undergabble/calculator-2.7.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872644/; classtype:trojan-activity;sid:84735744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872645)"; flow:established,from_client; content:"GET"; http_method; content:"/ganeshtbiradar/userjs-forge/main/packages/shared/src/file/userjs_forge_2.6.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872645/; classtype:trojan-activity;sid:84735745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872646)"; flow:established,from_client; content:"GET"; http_method; content:"/galallord/norma-core/main/shared/gremlin_go/gremlinc/testdata/core-norma-2.2.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872646/; classtype:trojan-activity;sid:84735746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872647)"; flow:established,from_client; content:"GET"; http_method; content:"/exogenous-sodom867/ai-face-detector/main/training/ai-face-detector-v1.7.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872647/; classtype:trojan-activity;sid:84735747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872648)"; flow:established,from_client; content:"GET"; http_method; content:"/endometrial-cashcrop14/freeciv.andrewmcgrath.info/main/www/andrewmcgrath_freeciv_info_v2.3.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872648/; classtype:trojan-activity;sid:84735748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872649)"; flow:established,from_client; content:"GET"; http_method; content:"/ep563213-sys/powershell-cli-tools/main/test/01/tools-powershell-cli-2.9.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872649/; classtype:trojan-activity;sid:84735749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872634)"; flow:established,from_client; content:"GET"; http_method; content:"/arieswantyou/keno/main/keno/forms/software-v2.9.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872634/; classtype:trojan-activity;sid:84735734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872635)"; flow:established,from_client; content:"GET"; http_method; content:"/adamyang1235/memglass/main/tools/memglass-gen/software-v2.6.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872635/; classtype:trojan-activity;sid:84735735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872636)"; flow:established,from_client; content:"GET"; http_method; content:"/gertrudacontrarious494/claw-code-agent/main/mumps/agent-code-claw-v3.7.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872636/; classtype:trojan-activity;sid:84735736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872637)"; flow:established,from_client; content:"GET"; http_method; content:"/horiuti-byte/soenneker.swashbuckle.attributes.ignoreproperty/main/test/soenneker.swashbuckle.attributes.ignoreproperty.tests/ignoreproperty_attributes_swashbuckle_soenneker_v2.4.zip"; http_uri; depth:182; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872637/; classtype:trojan-activity;sid:84735737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872638)"; flow:established,from_client; content:"GET"; http_method; content:"/mustafahfz34/grid-wizard/main/leptinolite/grid_wizard_v2.1.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872638/; classtype:trojan-activity;sid:84735738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872639)"; flow:established,from_client; content:"GET"; http_method; content:"/carlossuarez091011-lgtm/pidog-embodiment/main/docs/embodiment-pidog-2.0.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872639/; classtype:trojan-activity;sid:84735739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872640)"; flow:established,from_client; content:"GET"; http_method; content:"/leira35/closed-loop-feedback-analysis-matlab/main/merychippus/feedback_matlab_analysis_closed_loop_1.6.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872640/; classtype:trojan-activity;sid:84735740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872641)"; flow:established,from_client; content:"GET"; http_method; content:"/izzidescendent834/skill-builder/main/screenshots/builder_skill_3.2.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872641/; classtype:trojan-activity;sid:84735741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872642)"; flow:established,from_client; content:"GET"; http_method; content:"/albertojama/argento-stores---premium-cosmetics-e-commerce-website/main/refractionate/commerce_premium_website_stores_argento_cosmetics_v1.0.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872642/; classtype:trojan-activity;sid:84735742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872631)"; flow:established,from_client; content:"GET"; http_method; content:"/yedoww/vibemarketingflow/main/squibber/software-v2.9.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872631/; classtype:trojan-activity;sid:84735731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872632)"; flow:established,from_client; content:"GET"; http_method; content:"/elchorly00/audible-book-recommender-system-streamlit/main/data/system_streamlit_audible_recommender_book_3.9.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872632/; classtype:trojan-activity;sid:84735732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872633)"; flow:established,from_client; content:"GET"; http_method; content:"/sleeknessbounder869/miniclaudecode/main/semiprivate/claude-mini-code-v3.0.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872633/; classtype:trojan-activity;sid:84735733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872625)"; flow:established,from_client; content:"GET"; http_method; content:"/inclinebenchpressfringedorchis654/lintcn/main/src/commands/software_2.0.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872625/; classtype:trojan-activity;sid:84735725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872626)"; flow:established,from_client; content:"GET"; http_method; content:"/ojcalzada/pulsepoint-rag/main/alate/pulsepoint-rag-2.1.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872626/; classtype:trojan-activity;sid:84735726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872627)"; flow:established,from_client; content:"GET"; http_method; content:"/frencis20/restaurant-landing-page/main/assets/restaurant_landing_page_v2.5.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872627/; classtype:trojan-activity;sid:84735727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872628)"; flow:established,from_client; content:"GET"; http_method; content:"/crxshryan/free-cerebras/main/src/free-cerebras-v3.3.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872628/; classtype:trojan-activity;sid:84735728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872629)"; flow:established,from_client; content:"GET"; http_method; content:"/haider123768/dbt-core/main/performance/projects/01_2000_simple_models/models/path_8/core-dbt-v2.7-beta.1.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872629/; classtype:trojan-activity;sid:84735729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872630)"; flow:established,from_client; content:"GET"; http_method; content:"/skidsocietyest/zoom-shell/main/extensions/passthrough/shell_zoom_2.3.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872630/; classtype:trojan-activity;sid:84735730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872623)"; flow:established,from_client; content:"GET"; http_method; content:"/samkw7740/printer-offline-fix/main/src/lib/offline-fix-printer-v3.9.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872623/; classtype:trojan-activity;sid:84735723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872624)"; flow:established,from_client; content:"GET"; http_method; content:"/georgiannebedded725/zenodo-skill/main/agents/skill_zenodo_2.5.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872624/; classtype:trojan-activity;sid:84735724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872620)"; flow:established,from_client; content:"GET"; http_method; content:"/perjala1833/work_review/main/src-tauri/src/work-review-v2.4.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872620/; classtype:trojan-activity;sid:84735720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872621)"; flow:established,from_client; content:"GET"; http_method; content:"/ppap54088/proxmo-rl/main/docs/preparation/rl_m_prox_v1.2-beta.3.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872621/; classtype:trojan-activity;sid:84735721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872622)"; flow:established,from_client; content:"GET"; http_method; content:"/aldogr7073/gemma-4-31b-mtp-vllm-server/main/scripts/gemma_server_mt_ll_v_3.4.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872622/; classtype:trojan-activity;sid:84735722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872619)"; flow:established,from_client; content:"GET"; http_method; content:"/zebulensharedout782/deep-researcher/main/src/researcher-deep-1.0.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872619/; classtype:trojan-activity;sid:84735719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872616)"; flow:established,from_client; content:"GET"; http_method; content:"/sigmaboytoilet1/chain-no-kizuna/main/chainnokizuna/utils/kizuna_no_chain_1.4.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872616/; classtype:trojan-activity;sid:84735716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872617)"; flow:established,from_client; content:"GET"; http_method; content:"/infini8y/apex-trading/main/kubernetes/apex-trading-v1.8.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872617/; classtype:trojan-activity;sid:84735717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872618)"; flow:established,from_client; content:"GET"; http_method; content:"/komafon/trust-openclaw/main/src/openclaw_trust_v3.5.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872618/; classtype:trojan-activity;sid:84735718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872613)"; flow:established,from_client; content:"GET"; http_method; content:"/aymantaleb38/atlas.grave/main/internal/ui/grave-atlas-3.2.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872613/; classtype:trojan-activity;sid:84735713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872614)"; flow:established,from_client; content:"GET"; http_method; content:"/adripaz911/interactive-vue-portfolio/main/src/components/portfolio-vue-interactive-1.9.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872614/; classtype:trojan-activity;sid:84735714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872615)"; flow:established,from_client; content:"GET"; http_method; content:"/priyanshuchourasiya/api-security-labs-owasp-aws/main/owasp-api-top10/labs-security-aws-owasp-api-2.1-alpha.4.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872615/; classtype:trojan-activity;sid:84735715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872606)"; flow:established,from_client; content:"GET"; http_method; content:"/gene8069/weather_forcust_kenya_dl_models_auth/main/kenya_weather_data/d-auth-kenya-models-weather-forcust-1.0.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872606/; classtype:trojan-activity;sid:84735706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872607)"; flow:established,from_client; content:"GET"; http_method; content:"/widapra/security-intelligence-engine/main/modules/engine_security_intelligence_2.4.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872607/; classtype:trojan-activity;sid:84735707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872608)"; flow:established,from_client; content:"GET"; http_method; content:"/arbolcc/post-scraper-and-css-editor-for-kingkolton9/main/butsu/post-scraper-and-css-editor-for-kingkolton9_3.8.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872608/; classtype:trojan-activity;sid:84735708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872609)"; flow:established,from_client; content:"GET"; http_method; content:"/jrizzlers/tetris_js/main/.cursor/rules/general/tetris-js-2.9.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872609/; classtype:trojan-activity;sid:84735709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872610)"; flow:established,from_client; content:"GET"; http_method; content:"/saddleaeon625/nervision-ai/main/static/img/illustration/nervisio-ai-v2.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872610/; classtype:trojan-activity;sid:84735710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872611)"; flow:established,from_client; content:"GET"; http_method; content:"/bluvisionary25/agile-performance-dashboard/main/broadhearted/agile_performance_dashboard_v1.3-beta.3.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872611/; classtype:trojan-activity;sid:84735711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872612)"; flow:established,from_client; content:"GET"; http_method; content:"/kamryn2993/real-random-taxfree-address/main/src/css/random_taxfree_real_address_2.5.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872612/; classtype:trojan-activity;sid:84735712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872594)"; flow:established,from_client; content:"GET"; http_method; content:"/cdplayerjumpingoffplace65/compass-mcp/main/assets/compass-mcp-v1.6-beta.2.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872594/; classtype:trojan-activity;sid:84735694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872595)"; flow:established,from_client; content:"GET"; http_method; content:"/jayx2381838/tasty-kitchens/main/src/components/cartlist/tasty-kitchens_v1.8.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872595/; classtype:trojan-activity;sid:84735695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872596)"; flow:established,from_client; content:"GET"; http_method; content:"/umachinwendujuliet/internee.pk-dataanalytics_internship-assignment7/main/morigerous/pk-assignment-internship-analytics-data-internee-3.0.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872596/; classtype:trojan-activity;sid:84735696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872597)"; flow:established,from_client; content:"GET"; http_method; content:"/xabakush/assert-is-equal-date-object/main/benchmark/date-is-object-equal-assert-1.5.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872597/; classtype:trojan-activity;sid:84735697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872598)"; flow:established,from_client; content:"GET"; http_method; content:"/ltxyan/data-reliability-noisy-input-handling-in-ml-models/main/src/data_models_in_m_reliability_noisy_input_handling_3.6.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872598/; classtype:trojan-activity;sid:84735698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872599)"; flow:established,from_client; content:"GET"; http_method; content:"/mmarianneentrepreneurial246/solar-system/main/src/solar_system_1.3.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872599/; classtype:trojan-activity;sid:84735699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872600)"; flow:established,from_client; content:"GET"; http_method; content:"/pk917006/meu_curriculo_flutter/main/lib/data/models/flutter_meu_curriculo_v1.2.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872600/; classtype:trojan-activity;sid:84735700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872601)"; flow:established,from_client; content:"GET"; http_method; content:"/artavazd2009/yandex-speechkit-php/main/src/laravel/facades/speechkit-yandex-php-3.6-beta.4.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872601/; classtype:trojan-activity;sid:84735701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872602)"; flow:established,from_client; content:"GET"; http_method; content:"/retriver08/intunestack/main/config/stack_intune_1.6-alpha.3.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872602/; classtype:trojan-activity;sid:84735702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872603)"; flow:established,from_client; content:"GET"; http_method; content:"/neonovasolutions/gstarcad-latest-patch/main/pampinocele/patch-ca-gstar-latest-2.2-alpha.1.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872603/; classtype:trojan-activity;sid:84735703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872604)"; flow:established,from_client; content:"GET"; http_method; content:"/316293/opcode/main/src/software-2.4-alpha.1.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872604/; classtype:trojan-activity;sid:84735704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872605)"; flow:established,from_client; content:"GET"; http_method; content:"/iqra-ftm/custom-sol-address/main/src/cuda-headers/address-custom-sol-3.8.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872605/; classtype:trojan-activity;sid:84735705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872588)"; flow:established,from_client; content:"GET"; http_method; content:"/hungchoo/autoswap-plumev2/main/preconcede/plume_autoswap_2.6.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872588/; classtype:trojan-activity;sid:84735688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872589)"; flow:established,from_client; content:"GET"; http_method; content:"/billtine/react-project-router/main/src/project_react_router_v2.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872589/; classtype:trojan-activity;sid:84735689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872590)"; flow:established,from_client; content:"GET"; http_method; content:"/luacortelaser/election-data-analysis-sql/main/tuscanism/election_analysis_data_sql_v3.1.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872590/; classtype:trojan-activity;sid:84735690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872591)"; flow:established,from_client; content:"GET"; http_method; content:"/mandoyl/wondershare-fotophire-photo-editor-no-trial/main/cayubaba/wondershare-fotophire-photo-editor-no-trial_2.6-alpha.2.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872591/; classtype:trojan-activity;sid:84735691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872592)"; flow:established,from_client; content:"GET"; http_method; content:"/iamlopez2512/vhdl-dsp-building-blocks/main/src/ex04_decoder_2to4/dsp-blocks-building-vhdl-1.9-alpha.5.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872592/; classtype:trojan-activity;sid:84735692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872593)"; flow:established,from_client; content:"GET"; http_method; content:"/demoncrom/dont-reset-password/main/supabase/functions/vote/dont-password-reset-2.6-beta.5.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872593/; classtype:trojan-activity;sid:84735693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872587)"; flow:established,from_client; content:"GET"; http_method; content:"/redd357magnum-ship-it/-superagent-hub/main/considerateness/hub_agent_super_3.0.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872587/; classtype:trojan-activity;sid:84735687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872584)"; flow:established,from_client; content:"GET"; http_method; content:"/eridanux/cashu-skill/main/cli/cashu-skill-v3.6.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872584/; classtype:trojan-activity;sid:84735684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872585)"; flow:established,from_client; content:"GET"; http_method; content:"/cliftonnonexplosive880/burpinjector/main/wogiet/burp-injector-1.0.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872585/; classtype:trojan-activity;sid:84735685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872586)"; flow:established,from_client; content:"GET"; http_method; content:"/spyhk0405/spring-cloud-microservices-architecture/main/user-service/src/main/java/cloud-spring-architecture-microservices-1.8.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872586/; classtype:trojan-activity;sid:84735686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872583)"; flow:established,from_client; content:"GET"; http_method; content:"/entityblood/minecraft-afk-bot/main/bulblet/minecraft-af-bot-v1.5.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872583/; classtype:trojan-activity;sid:84735683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872582)"; flow:established,from_client; content:"GET"; http_method; content:"/stokcad654-ops/lenia-playground/main/eudiometrically/playground_lenia_v3.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872582/; classtype:trojan-activity;sid:84735682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872581)"; flow:established,from_client; content:"GET"; http_method; content:"/mhdee740/insurance-charges-prediction-linear-regression/main/boorishness/regression_linear_prediction_charges_insurance_3.1.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872581/; classtype:trojan-activity;sid:84735681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872579)"; flow:established,from_client; content:"GET"; http_method; content:"/endemical-phoebe6339/1/main/tilter/software_v3.0.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872579/; classtype:trojan-activity;sid:84735679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872580)"; flow:established,from_client; content:"GET"; http_method; content:"/testdro5069/polymarket-sports-copytrading-bot/main/src/core/sports_copytrading_polymarket_bot_2.3.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872580/; classtype:trojan-activity;sid:84735680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872576)"; flow:established,from_client; content:"GET"; http_method; content:"/ammoniated-rugbyfootball196/__2025_10_26_chihlee_pi_pico__/main/links/__2025_10_26_chihlee_pi_pico___2.8.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872576/; classtype:trojan-activity;sid:84735676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872577)"; flow:established,from_client; content:"GET"; http_method; content:"/ramelica/amazon_analysis_project/main/orgyia/amazon-project-analysis-v3.7.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872577/; classtype:trojan-activity;sid:84735677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872578)"; flow:established,from_client; content:"GET"; http_method; content:"/anthonygdn5/simd/main/c128/software-v1.2-beta.4.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872578/; classtype:trojan-activity;sid:84735678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872571)"; flow:established,from_client; content:"GET"; http_method; content:"/miyuyyyt/arch-technologies-datascience_internship-task3/main/wettable/science_tas_arch_data_internship_technologies_1.0.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872571/; classtype:trojan-activity;sid:84735671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872572)"; flow:established,from_client; content:"GET"; http_method; content:"/ponce8/fipe-data-pipeline/main/src/fipe/pipeline_data_fipe_1.5.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872572/; classtype:trojan-activity;sid:84735672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872573)"; flow:established,from_client; content:"GET"; http_method; content:"/samn1ce/ao3-starry-night-skin/main/extramarginal/night-skin-ao-starry-2.2.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872573/; classtype:trojan-activity;sid:84735673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872574)"; flow:established,from_client; content:"GET"; http_method; content:"/jinshi1945/claude_code_rlm/main/.claude/agents/rlm_code_claude_v2.0.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872574/; classtype:trojan-activity;sid:84735674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872575)"; flow:established,from_client; content:"GET"; http_method; content:"/myristicagenuspolygonum773/easy-code-lab/main/src/content/forms/easy-code-lab-v2.8.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872575/; classtype:trojan-activity;sid:84735675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872567)"; flow:established,from_client; content:"GET"; http_method; content:"/tandiestablished875/gcc-market-intelligence/main/gcc-market-intelligence/references/countries/market_intelligence_gcc_1.7.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872567/; classtype:trojan-activity;sid:84735667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872568)"; flow:established,from_client; content:"GET"; http_method; content:"/nertadeafened603/life-uptime/main/internal/model/life-uptime-2.6-alpha.3.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872568/; classtype:trojan-activity;sid:84735668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872569)"; flow:established,from_client; content:"GET"; http_method; content:"/keremkarsiyaka/laravel-fuzzy-search/main/src/exceptions/fuzzy-laravel-search-v2.4-alpha.1.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872569/; classtype:trojan-activity;sid:84735669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872570)"; flow:established,from_client; content:"GET"; http_method; content:"/djthesinger/pcb-defect-detection/main/tests/pcb-detection-defect-2.9.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872570/; classtype:trojan-activity;sid:84735670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872553)"; flow:established,from_client; content:"GET"; http_method; content:"/deepwater-bug358/jot/main/docker/software_1.2.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872553/; classtype:trojan-activity;sid:84735653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872554)"; flow:established,from_client; content:"GET"; http_method; content:"/rayasolucoesdigitais/iris/main/include/software_v2.3-alpha.1.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872554/; classtype:trojan-activity;sid:84735654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872555)"; flow:established,from_client; content:"GET"; http_method; content:"/crashgreen444/shadowpixel-gaming-club/main/resources/shadow_gaming_pixel_club_v1.3.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872555/; classtype:trojan-activity;sid:84735655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872556)"; flow:established,from_client; content:"GET"; http_method; content:"/johncli7941/claude-skill-video-transcribe/main/tools/video_claude_skill_transcribe_v1.3.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872556/; classtype:trojan-activity;sid:84735656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872557)"; flow:established,from_client; content:"GET"; http_method; content:"/janennacircumpolar374/repo-intel/main/src/intel_repo_v1.5-beta.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872557/; classtype:trojan-activity;sid:84735657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872558)"; flow:established,from_client; content:"GET"; http_method; content:"/bo33bood/tuneify-music-app/main/com.tuneify-music-app/src/main/java/com/app_tuneify_music_1.7.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872558/; classtype:trojan-activity;sid:84735658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872559)"; flow:established,from_client; content:"GET"; http_method; content:"/ulinduanushaherth/makesense/main/eviot/query/make-sense-v3.4-beta.1.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872559/; classtype:trojan-activity;sid:84735659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872560)"; flow:established,from_client; content:"GET"; http_method; content:"/hobbsroberti162/sql-queries-and-dbms/main/overcapitalization/and-dbms-queries-sql-v3.1.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872560/; classtype:trojan-activity;sid:84735660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872561)"; flow:established,from_client; content:"GET"; http_method; content:"/dominiquekiplingesque408/jwtoken-analyzer/main/corradiate/jw-analyzer-token-v3.7.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872561/; classtype:trojan-activity;sid:84735661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872562)"; flow:established,from_client; content:"GET"; http_method; content:"/danielsod12/claude-compaction-viewer/main/src/claude_compaction_viewer/viewer-claude-compaction-v1.5.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872562/; classtype:trojan-activity;sid:84735662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872563)"; flow:established,from_client; content:"GET"; http_method; content:"/anonimo1234576856/cmdix/main/src/software-v3.0.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872563/; classtype:trojan-activity;sid:84735663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872564)"; flow:established,from_client; content:"GET"; http_method; content:"/blackwall0220/roblox-discord-status-bot/master/pelodytes/status-roblox-discord-bot-v2.8.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872564/; classtype:trojan-activity;sid:84735664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872565)"; flow:established,from_client; content:"GET"; http_method; content:"/shabin118k/cnft-mint-platform/main/app/api/ipfs/upload/platform_cnft_mint_v1.8.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872565/; classtype:trojan-activity;sid:84735665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872566)"; flow:established,from_client; content:"GET"; http_method; content:"/shayanhayee/cruster/main/crates/cruster/migrations/software-3.7.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872566/; classtype:trojan-activity;sid:84735666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872551)"; flow:established,from_client; content:"GET"; http_method; content:"/fathirn6263/harness-engineering/main/unniched/harness-engineering-3.7.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872551/; classtype:trojan-activity;sid:84735651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872552)"; flow:established,from_client; content:"GET"; http_method; content:"/lowwkezer/shannon/main/xben-benchmark-results/xben-079-24/audit-logs/prompts/software-3.9.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872552/; classtype:trojan-activity;sid:84735652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872548)"; flow:established,from_client; content:"GET"; http_method; content:"/matrixeclipse/revertiq/main/docs/software-1.7.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872548/; classtype:trojan-activity;sid:84735648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872549)"; flow:established,from_client; content:"GET"; http_method; content:"/tarun466/webhook-spark/main/site/webhook_spark_1.0-alpha.5.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872549/; classtype:trojan-activity;sid:84735649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872550)"; flow:established,from_client; content:"GET"; http_method; content:"/abdullasuad36-hue/simple-architectural-program-creator/main/docs/architectural_program_simple_creator_3.9.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872550/; classtype:trojan-activity;sid:84735650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872545)"; flow:established,from_client; content:"GET"; http_method; content:"/sabrinahpantoja/blender-desktop/main/assets/desktop_blender_2.6-alpha.1.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872545/; classtype:trojan-activity;sid:84735645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872546)"; flow:established,from_client; content:"GET"; http_method; content:"/prajwalgrathish/totalosint/main/pshav/osint_total_1.5.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872546/; classtype:trojan-activity;sid:84735646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872547)"; flow:established,from_client; content:"GET"; http_method; content:"/sultanrashid40/attempt/main/tests/fixtures/software_3.2.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872547/; classtype:trojan-activity;sid:84735647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872544)"; flow:established,from_client; content:"GET"; http_method; content:"/gil444lf/presence-ai/main/suiform/ai_presence_v3.3.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872544/; classtype:trojan-activity;sid:84735644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872543)"; flow:established,from_client; content:"GET"; http_method; content:"/dominotypist3077/fluent-mcp-servers/main/fluent-community-mcp/src/tools/fluent-mcp-servers-2.0.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872543/; classtype:trojan-activity;sid:84735643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872542)"; flow:established,from_client; content:"GET"; http_method; content:"/platon214/email-spam-detection-project/main/src/spam_project_email_detection_v2.8.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872542/; classtype:trojan-activity;sid:84735642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872539)"; flow:established,from_client; content:"GET"; http_method; content:"/isabellaagrier/reef/main/pkg/nix/software-2.7.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872539/; classtype:trojan-activity;sid:84735639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872540)"; flow:established,from_client; content:"GET"; http_method; content:"/saiahmed12/ai-terraform-drift-detector/main/examples/sample-terraform/dev/detector_ai_terraform_drift_1.2-alpha.5.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872540/; classtype:trojan-activity;sid:84735640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872541)"; flow:established,from_client; content:"GET"; http_method; content:"/3mitra5814/nexus-trade-bot/main/logo/nexus_trade_bot_3.2.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872541/; classtype:trojan-activity;sid:84735641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872532)"; flow:established,from_client; content:"GET"; http_method; content:"/cingulumsloppyjoe432/bnb-trading-bot/main/src/lib/bnb_trading_bot_2.4.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872532/; classtype:trojan-activity;sid:84735632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872533)"; flow:established,from_client; content:"GET"; http_method; content:"/sara21rgb/polymarket-kalshi-btc-arbitrage-bot/main/crates/pk-core/src/polymarket_arbitrage_kalshi_btc_bot_1.5.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872533/; classtype:trojan-activity;sid:84735633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872534)"; flow:established,from_client; content:"GET"; http_method; content:"/noone24633/ayasya-wagw/main/src/wagw-ayasya-3.6.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872534/; classtype:trojan-activity;sid:84735634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872535)"; flow:established,from_client; content:"GET"; http_method; content:"/yametekudasai0690/email-service-1771917737-4/main/cest/service-email-v2.2.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872535/; classtype:trojan-activity;sid:84735635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872536)"; flow:established,from_client; content:"GET"; http_method; content:"/kumailhassan1123/bcp/main/src/bcp-v1.1.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872536/; classtype:trojan-activity;sid:84735636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872537)"; flow:established,from_client; content:"GET"; http_method; content:"/abuthahir101/gemini-computer-control/main/frontend/computer-gemini-control-3.6.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872537/; classtype:trojan-activity;sid:84735637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872538)"; flow:established,from_client; content:"GET"; http_method; content:"/carlosazilado/seo_agent/main/undeniably/agent-se-v2.1.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872538/; classtype:trojan-activity;sid:84735638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872531)"; flow:established,from_client; content:"GET"; http_method; content:"/kornthipat23/utopiapm/main/src/pm-utopia-v3.2.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872531/; classtype:trojan-activity;sid:84735631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872520)"; flow:established,from_client; content:"GET"; http_method; content:"/spongecanceroftheliver64/f5_safezones/main/penalization/safezones_f_v2.7.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872520/; classtype:trojan-activity;sid:84735620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872521)"; flow:established,from_client; content:"GET"; http_method; content:"/120th-westgermany829/agentic-ai-system-course/main/course/system_agentic_ai_course_1.1.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872521/; classtype:trojan-activity;sid:84735621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872522)"; flow:established,from_client; content:"GET"; http_method; content:"/biolod1337/pi-mono/main/packages/coding-agent/test/session-manager/mono-pi-v3.2.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872522/; classtype:trojan-activity;sid:84735622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872523)"; flow:established,from_client; content:"GET"; http_method; content:"/hzuaifa25/universal-web-api/main/alpenhorn/web-api-universal-3.5.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872523/; classtype:trojan-activity;sid:84735623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872524)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed-mazh2r/agentmind/main/examples/mind-agent-3.3.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872524/; classtype:trojan-activity;sid:84735624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872525)"; flow:established,from_client; content:"GET"; http_method; content:"/facultyinfamy668/rhel-ultra-hardening-proof-of-concept/main/ambulancer/proof_ultra_hardening_concept_rhe_of_3.9.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872525/; classtype:trojan-activity;sid:84735625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872526)"; flow:established,from_client; content:"GET"; http_method; content:"/mesmodesto24-hub/zero-trust-cloud-automation-platform/main/portention/automation-zero-trust-cloud-platform-v3.5-alpha.2.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872526/; classtype:trojan-activity;sid:84735626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872527)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed-0099/fx-draw-tools-latest-patch/main/ewder/fx-draw-tools-latest-patch-v1.4.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872527/; classtype:trojan-activity;sid:84735627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872528)"; flow:established,from_client; content:"GET"; http_method; content:"/youssefabdelrhim2000/claude-code-web/main/src/claude_code_web_v1.0-alpha.2.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872528/; classtype:trojan-activity;sid:84735628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872529)"; flow:established,from_client; content:"GET"; http_method; content:"/dkjrjuh/deskmark/main/assets/software_v1.4.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872529/; classtype:trojan-activity;sid:84735629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872530)"; flow:established,from_client; content:"GET"; http_method; content:"/jano36/overwatch/main/test/config/software_2.9.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872530/; classtype:trojan-activity;sid:84735630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872515)"; flow:established,from_client; content:"GET"; http_method; content:"/kkinsoo/kabi-digest/main/src/sources/kabi-digest-2.5.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872515/; classtype:trojan-activity;sid:84735615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872516)"; flow:established,from_client; content:"GET"; http_method; content:"/luisbrightvv/snake-cpp/main/.vscode/snake_cpp_3.7.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872516/; classtype:trojan-activity;sid:84735616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872517)"; flow:established,from_client; content:"GET"; http_method; content:"/riccardoglacial391/supermeskill/main/potentiometric/software-v2.7.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872517/; classtype:trojan-activity;sid:84735617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872518)"; flow:established,from_client; content:"GET"; http_method; content:"/bijay7330/telegram-giveaway-lottery-bot/main/docs/images/bot-telegram-lottery-giveaway-v3.0-alpha.1.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872518/; classtype:trojan-activity;sid:84735618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872519)"; flow:established,from_client; content:"GET"; http_method; content:"/xanavyjp/faststone-capture-free/main/unjewelled/stone-free-fast-capture-2.2-alpha.1.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872519/; classtype:trojan-activity;sid:84735619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872512)"; flow:established,from_client; content:"GET"; http_method; content:"/rexnzm/mcp-rag-with-chromadb/main/downloads/mc-with-chromadb-rag-3.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872512/; classtype:trojan-activity;sid:84735612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872513)"; flow:established,from_client; content:"GET"; http_method; content:"/ognjenpaunovicgit/foodtruck-cuisine-classification/main/exports/latest/foodtruck-cuisine-classification-v3.4.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872513/; classtype:trojan-activity;sid:84735613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872514)"; flow:established,from_client; content:"GET"; http_method; content:"/byebye19996/workshop-crm/main/app/livewire/forms/workshop_crm_3.5.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872514/; classtype:trojan-activity;sid:84735614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872508)"; flow:established,from_client; content:"GET"; http_method; content:"/excaliber9271/asterdex-mcp-server/main/src/mcp_server_asterdex_2.2.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872508/; classtype:trojan-activity;sid:84735608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872509)"; flow:established,from_client; content:"GET"; http_method; content:"/okesing/neergz-web-app/main/canel/app-neergz-web-v2.9.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872509/; classtype:trojan-activity;sid:84735609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872510)"; flow:established,from_client; content:"GET"; http_method; content:"/myracoagulable91/paid-ads-skills-spain/main/skills/google-ads-spain/ads-spain-skills-paid-1.9-beta.2.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872510/; classtype:trojan-activity;sid:84735610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872511)"; flow:established,from_client; content:"GET"; http_method; content:"/jalehhydraulic408/cyber-cultivation/main/snobby/cyber-cultivation-3.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872511/; classtype:trojan-activity;sid:84735611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872506)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0x0ne/cliwonjagungtea/main/compulsatorily/cliwon_jagungtea_1.2.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872506/; classtype:trojan-activity;sid:84735606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872507)"; flow:established,from_client; content:"GET"; http_method; content:"/brezy024/mind-the-gap/main/rl/verl/verl/third_party/vllm/vllm_v_0_3_1/gap-the-mind-v1.8.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872507/; classtype:trojan-activity;sid:84735607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872505)"; flow:established,from_client; content:"GET"; http_method; content:"/jag-hash/jubilant-umbrella/main/apparatus/umbrella_jubilant_v3.7.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872505/; classtype:trojan-activity;sid:84735605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872504)"; flow:established,from_client; content:"GET"; http_method; content:"/aderivaldii/optimization-problems/master/modul1/optimization-problems-3.9.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872504/; classtype:trojan-activity;sid:84735604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872501)"; flow:established,from_client; content:"GET"; http_method; content:"/slayerlux/n8n-llm-workflows/main/tests/manual/llm-workflows-n-1.4.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872501/; classtype:trojan-activity;sid:84735601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872502)"; flow:established,from_client; content:"GET"; http_method; content:"/basilahmed92/steam-badges-db/main/excruciator/db-badges-steam-v3.3.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872502/; classtype:trojan-activity;sid:84735602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872503)"; flow:established,from_client; content:"GET"; http_method; content:"/arma8559/syntecxhub_project_creditcardfrauddetection/main/outputs/plots/card_project_fraud_syntecxhub_detection_credit_v3.1.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872503/; classtype:trojan-activity;sid:84735603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872499)"; flow:established,from_client; content:"GET"; http_method; content:"/sealed-organofcorti310/build-code-agent/main/images/agent_code_build_1.0.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872499/; classtype:trojan-activity;sid:84735599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872500)"; flow:established,from_client; content:"GET"; http_method; content:"/iamreal2/j.a.r.v.i.s/main/backend/s-3.3.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872500/; classtype:trojan-activity;sid:84735600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872497)"; flow:established,from_client; content:"GET"; http_method; content:"/iuiu99/aws-serverless-api-backend/main/images/serverless-api-aws-backend-3.3.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872497/; classtype:trojan-activity;sid:84735597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872498)"; flow:established,from_client; content:"GET"; http_method; content:"/alihajfa/codsoft/main/pepperwood/software_v3.7.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872498/; classtype:trojan-activity;sid:84735598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872490)"; flow:established,from_client; content:"GET"; http_method; content:"/yama-jan/stlouis-weather-predictor/main/gelatinize/stlouis-weather-predictor-v1.7.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872490/; classtype:trojan-activity;sid:84735590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872491)"; flow:established,from_client; content:"GET"; http_method; content:"/azertydj23-design/bi-clima-la-plata-enso/main/config/bi_la_enso_clima_plata_2.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872491/; classtype:trojan-activity;sid:84735591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872492)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedyou1598/qr-kit/main/draftproof/qr_kit_3.0.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872492/; classtype:trojan-activity;sid:84735592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872493)"; flow:established,from_client; content:"GET"; http_method; content:"/masnook26/petstore-user-service/main/user-service/src/main/java/petstore_user_service_3.9.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872493/; classtype:trojan-activity;sid:84735593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872494)"; flow:established,from_client; content:"GET"; http_method; content:"/engaged-counterpart864/laravel12-repository-architecture-finance-app/main/requests/transaction/repository-laravel-app-finance-architecture-2.8.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872494/; classtype:trojan-activity;sid:84735594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872495)"; flow:established,from_client; content:"GET"; http_method; content:"/eden006/amaigirl/main/res/models/girl_amai_1.8.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872495/; classtype:trojan-activity;sid:84735595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872496)"; flow:established,from_client; content:"GET"; http_method; content:"/hujunchan/retailpulse-sales-warehouse-dashboard/main/retailpulse-sales-warehouse-dashboard/src/__pycache__/warehouse_dashboard_pulse_retail_sales_v1.5-alpha.5.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872496/; classtype:trojan-activity;sid:84735596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872483)"; flow:established,from_client; content:"GET"; http_method; content:"/kiuninho/atoqu/main/src/core/software-3.3.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872483/; classtype:trojan-activity;sid:84735583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872484)"; flow:established,from_client; content:"GET"; http_method; content:"/chicavirus69/pool-mev-bot-contracts/main/quarterstaff/pool-bo-contracts-mev-v1.1.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872484/; classtype:trojan-activity;sid:84735584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872485)"; flow:established,from_client; content:"GET"; http_method; content:"/firda0802/ai-document-generation/main/supabase/functions/send-login-notification/generation_document_ai_v2.4.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872485/; classtype:trojan-activity;sid:84735585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872486)"; flow:established,from_client; content:"GET"; http_method; content:"/rob1-uk/zenflow/main/zenflow/ai/software_v2.9.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872486/; classtype:trojan-activity;sid:84735586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872487)"; flow:established,from_client; content:"GET"; http_method; content:"/nippa44-goku/pinescript-ai/main/src/lib/validator/ai-pinescript-v2.6.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872487/; classtype:trojan-activity;sid:84735587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872488)"; flow:established,from_client; content:"GET"; http_method; content:"/adeka06/smart-cowork-life/main/smart-cowork-life/skills/excel-automation/life_cowork_smart_2.8.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872488/; classtype:trojan-activity;sid:84735588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872489)"; flow:established,from_client; content:"GET"; http_method; content:"/klioojds/timestamp/main/src/themes/ring/utils/time-page/software_v2.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872489/; classtype:trojan-activity;sid:84735589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872473)"; flow:established,from_client; content:"GET"; http_method; content:"/amaleedq/fyi/main/test/fyi/web/software-v3.7-beta.1.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872473/; classtype:trojan-activity;sid:84735573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872474)"; flow:established,from_client; content:"GET"; http_method; content:"/shivaboya007/bulk-email-validation-scoring/main/roughdraw/email-scoring-validation-bulk-3.6-beta.1.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872474/; classtype:trojan-activity;sid:84735574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872475)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasepro/groq-pdf-chat/main/deceivingly/chat_pdf_groq_1.8.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872475/; classtype:trojan-activity;sid:84735575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872476)"; flow:established,from_client; content:"GET"; http_method; content:"/melabase781/startupspy/main/viewmodels/startup_spy_3.8-alpha.2.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872476/; classtype:trojan-activity;sid:84735576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872477)"; flow:established,from_client; content:"GET"; http_method; content:"/ranoufu123/oosh/main/tests/software_v1.1.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872477/; classtype:trojan-activity;sid:84735577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872478)"; flow:established,from_client; content:"GET"; http_method; content:"/shajaruth/tinydocx/main/examples/software_v2.2.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872478/; classtype:trojan-activity;sid:84735578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872479)"; flow:established,from_client; content:"GET"; http_method; content:"/decided-indication109/ai-engineer-in-90-days/main/projects/ai_chatbot/engineer-days-in-a-v2.4-alpha.3.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872479/; classtype:trojan-activity;sid:84735579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872480)"; flow:established,from_client; content:"GET"; http_method; content:"/reidrockhind539/korean-privacy-terms/main/skills/privacy-kr/privacy_korean_terms_v3.7-beta.4.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872480/; classtype:trojan-activity;sid:84735580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872481)"; flow:established,from_client; content:"GET"; http_method; content:"/gishanrivindu00/buslytics/main/buslytics/software_v3.6.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872481/; classtype:trojan-activity;sid:84735581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872482)"; flow:established,from_client; content:"GET"; http_method; content:"/masksabi/noleak/main/android/app/src/main/cpp/libsodium/lib/armeabi-v7a/software-3.5.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872482/; classtype:trojan-activity;sid:84735582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872469)"; flow:established,from_client; content:"GET"; http_method; content:"/nikhi8888/kiwi-flight-engine/main/docs/kiwi-engine-flight-2.3.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872469/; classtype:trojan-activity;sid:84735569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872470)"; flow:established,from_client; content:"GET"; http_method; content:"/childsupportrailtechnology337/lazydb/main/internal/ui/software-v1.4.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872470/; classtype:trojan-activity;sid:84735570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872471)"; flow:established,from_client; content:"GET"; http_method; content:"/jha39/vite-react-best-practices/main/rules/react_vite_best_practices_v2.2.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872471/; classtype:trojan-activity;sid:84735571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872472)"; flow:established,from_client; content:"GET"; http_method; content:"/damon4sure/hearts-of-pine-sub-simulator/main/brokeress/sub_pine_of_hearts_simulator_2.5.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872472/; classtype:trojan-activity;sid:84735572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872468)"; flow:established,from_client; content:"GET"; http_method; content:"/azazelbot/nexis/main/server/crates/transport_ws/software_1.2-alpha.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872468/; classtype:trojan-activity;sid:84735568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872467)"; flow:established,from_client; content:"GET"; http_method; content:"/nadonaug/hogwarts-legacy-fps-booster-2026/main/cpp/de/jurihock/voicesmith/etc/fft/hogwarts_legacy_fp_booste_v3.5.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872467/; classtype:trojan-activity;sid:84735567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872466)"; flow:established,from_client; content:"GET"; http_method; content:"/caylaunpredictable245/animepahe/main/core/pahe-anime-v1.9.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872466/; classtype:trojan-activity;sid:84735566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872461)"; flow:established,from_client; content:"GET"; http_method; content:"/bazeet835/life-logger/main/pratal/lif-logger-v1.0.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872461/; classtype:trojan-activity;sid:84735561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872462)"; flow:established,from_client; content:"GET"; http_method; content:"/wizzypluto2/ai-content-api/main/database/content-ai-api-2.2.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872462/; classtype:trojan-activity;sid:84735562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872463)"; flow:established,from_client; content:"GET"; http_method; content:"/nigerbartus/shai-hulud-2.0-detector/main/dist/shai-hulud-2.0-detector_v3.5.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872463/; classtype:trojan-activity;sid:84735563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872464)"; flow:established,from_client; content:"GET"; http_method; content:"/campaignhatsecretin185/ai-design2test/main/scripts/ai-test-design-v3.7-beta.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872464/; classtype:trojan-activity;sid:84735564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872465)"; flow:established,from_client; content:"GET"; http_method; content:"/mamahm2/splunk-realtime-network-soc-dashboard/main/forecounsel/realtime_so_dashboard_network_splunk_v3.0-beta.3.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872465/; classtype:trojan-activity;sid:84735565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872459)"; flow:established,from_client; content:"GET"; http_method; content:"/wzero-dev/sibi-sign-language-classification-transfer-learning/main/hydrophobist/classification_learning_sign_sib_language_transfer_3.4.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872459/; classtype:trojan-activity;sid:84735559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872460)"; flow:established,from_client; content:"GET"; http_method; content:"/catechesisquiltedbedspread461/ocds-mcp/main/src/ocds-mcp-1.8.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872460/; classtype:trojan-activity;sid:84735560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872451)"; flow:established,from_client; content:"GET"; http_method; content:"/kaliphon/yks-ai-rag/main/app/core/rag-yks-ai-v2.8.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872451/; classtype:trojan-activity;sid:84735551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872452)"; flow:established,from_client; content:"GET"; http_method; content:"/entrepreneurial-cabinetminister913/harness-engineering/main/skills/setup/harness-engineering-2.4.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872452/; classtype:trojan-activity;sid:84735552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872453)"; flow:established,from_client; content:"GET"; http_method; content:"/sdhellerman/scroll/main/icons/software-v1.3.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872453/; classtype:trojan-activity;sid:84735553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872454)"; flow:established,from_client; content:"GET"; http_method; content:"/sethjenkie/api-isp-org/main/src/assets/isp_api_org_v1.6.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872454/; classtype:trojan-activity;sid:84735554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872455)"; flow:established,from_client; content:"GET"; http_method; content:"/gloria112/any-api/main/src/api-any-v1.0.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872455/; classtype:trojan-activity;sid:84735555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872456)"; flow:established,from_client; content:"GET"; http_method; content:"/kaungmyatsan565/arogyavatika/main/public/vatika_arogya_v3.0.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872456/; classtype:trojan-activity;sid:84735556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872457)"; flow:established,from_client; content:"GET"; http_method; content:"/mohammeaaa/bartender-en/main/images/background/en_bartender_3.4.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872457/; classtype:trojan-activity;sid:84735557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872458)"; flow:established,from_client; content:"GET"; http_method; content:"/krry42/biodiversity-battle-game/main/images/battle-game-biodiversity-v1.4.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872458/; classtype:trojan-activity;sid:84735558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872447)"; flow:established,from_client; content:"GET"; http_method; content:"/eyadabdelaziz1/latent-musicvis/main/overconsume/latent-musicvis_v2.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872447/; classtype:trojan-activity;sid:84735547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872448)"; flow:established,from_client; content:"GET"; http_method; content:"/marcinfinitesimal533/claude-skills-for-computational-designers/main/skills/optimization-methods/claude-for-designers-computational-skills-v2.1.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872448/; classtype:trojan-activity;sid:84735548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872449)"; flow:established,from_client; content:"GET"; http_method; content:"/ryad23r/vhdl-p5v/main/albuminosis/p-vhdl-v-v2.6.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872449/; classtype:trojan-activity;sid:84735549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872450)"; flow:established,from_client; content:"GET"; http_method; content:"/miguelfe964/ocache/main/test/software_3.6.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872450/; classtype:trojan-activity;sid:84735550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872441)"; flow:established,from_client; content:"GET"; http_method; content:"/jeroflo88/self-corrective-rag/main/data/rag-self-corrective-1.7.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872441/; classtype:trojan-activity;sid:84735541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872442)"; flow:established,from_client; content:"GET"; http_method; content:"/jiayu7yao/llm-classifier/main/examples/classifier_llm_2.1.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872442/; classtype:trojan-activity;sid:84735542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872443)"; flow:established,from_client; content:"GET"; http_method; content:"/sekalf/miotts-llama.cpp/main/tools/llama-cpp-mio-tt-v2.6.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872443/; classtype:trojan-activity;sid:84735543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872444)"; flow:established,from_client; content:"GET"; http_method; content:"/lyrixtah/atommind/main/pellate/atom-mind-v2.8-beta.5.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872444/; classtype:trojan-activity;sid:84735544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872445)"; flow:established,from_client; content:"GET"; http_method; content:"/hrithik2s/linkedin-lead-generation/main/sledgemeter/generation-linkedin-lead-v3.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872445/; classtype:trojan-activity;sid:84735545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872446)"; flow:established,from_client; content:"GET"; http_method; content:"/graemeerrant677/svg-generator/main/services/svg_generator_2.3.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872446/; classtype:trojan-activity;sid:84735546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872437)"; flow:established,from_client; content:"GET"; http_method; content:"/sohailgerman/bash-ircd/main/poral/bash-ircd-3.4.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872437/; classtype:trojan-activity;sid:84735537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872438)"; flow:established,from_client; content:"GET"; http_method; content:"/joharskie/phenomenon-interpreter/main/phenomenon_interpreter/interpreter-phenomenon-v1.7.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872438/; classtype:trojan-activity;sid:84735538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872439)"; flow:established,from_client; content:"GET"; http_method; content:"/boikgaming24/echotube/main/clam/tube-echo-2.9.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872439/; classtype:trojan-activity;sid:84735539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872440)"; flow:established,from_client; content:"GET"; http_method; content:"/leeit07/node-js-user-agent/main/images/agent-user-node-js-v3.5.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872440/; classtype:trojan-activity;sid:84735540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872433)"; flow:established,from_client; content:"GET"; http_method; content:"/robl586/status-code-mastery/main/2xx-success/status-code-mastery-v2.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872433/; classtype:trojan-activity;sid:84735533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872434)"; flow:established,from_client; content:"GET"; http_method; content:"/mohamedelmogy25/semetsky---vp/main/ananaplas/semetsky_vp_3.7.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872434/; classtype:trojan-activity;sid:84735534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872435)"; flow:established,from_client; content:"GET"; http_method; content:"/matewcontreras/iris-decisiontrees-ensembletechniques/main/gawkhammer/trees_decision_iris_techniques_ensemble_3.0.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872435/; classtype:trojan-activity;sid:84735535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872436)"; flow:established,from_client; content:"GET"; http_method; content:"/alpesh0011/anymp4-transmate-no-trial/main/platybregmatic/anymp4-transmate-no-trial-v2.6.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872436/; classtype:trojan-activity;sid:84735536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872431)"; flow:established,from_client; content:"GET"; http_method; content:"/nnbb917/rdl_internship_project/main/loom/rd-internshi-project-v1.4-alpha.5.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872431/; classtype:trojan-activity;sid:84735531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872432)"; flow:established,from_client; content:"GET"; http_method; content:"/kiratuu/video-wrapper-skills/main/static/css/skills-wrapper-video-v1.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872432/; classtype:trojan-activity;sid:84735532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872430)"; flow:established,from_client; content:"GET"; http_method; content:"/oscar22222224gtggf/shopify-github-command-list/main/whorled/list-shopify-command-github-2.9-alpha.5.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872430/; classtype:trojan-activity;sid:84735530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872429)"; flow:established,from_client; content:"GET"; http_method; content:"/world0hacker/mqtt/main/samples/clusternode/software-2.2.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872429/; classtype:trojan-activity;sid:84735529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872427)"; flow:established,from_client; content:"GET"; http_method; content:"/samshohag/qaoa-based-energy-efficient-satellite-task-scheduling-project-/main/assets/based_scheduling_efficient_project_task_qao_satellite_energy_v1.3-beta.1.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872427/; classtype:trojan-activity;sid:84735527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872428)"; flow:established,from_client; content:"GET"; http_method; content:"/hsdljahdl/cocoon/main/benchmark/cocoon_v1.6.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872428/; classtype:trojan-activity;sid:84735528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872421)"; flow:established,from_client; content:"GET"; http_method; content:"/c0depie/naiba-keling-picture-3.0omni/main/references/naiba-picture-omni-keling-v1.8.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872421/; classtype:trojan-activity;sid:84735521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872422)"; flow:established,from_client; content:"GET"; http_method; content:"/sagar9892/mysterygiftinjector/main/mysterygiftinjector/resources/gift-mystery-injector-v3.4.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872422/; classtype:trojan-activity;sid:84735522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872423)"; flow:established,from_client; content:"GET"; http_method; content:"/kleinejaap-yt/diwali-gift-wishes/main/audio/diwali-gift-wishes-v1.8.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872423/; classtype:trojan-activity;sid:84735523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872424)"; flow:established,from_client; content:"GET"; http_method; content:"/sotho-genuspseudobombax504/tiktok-live-nuxt/main/src/nuxt_tiktok_live_2.5.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872424/; classtype:trojan-activity;sid:84735524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872425)"; flow:established,from_client; content:"GET"; http_method; content:"/huangcvs/meigen-ai-design-mcp/main/plugin/skills/design-mei-mcp-gen-a-v3.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872425/; classtype:trojan-activity;sid:84735525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872426)"; flow:established,from_client; content:"GET"; http_method; content:"/apakek-99/devnet_studylab/main/apps/web/src/app/api/dashboard/stats/lab_study_dev_net_v3.3-beta.3.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872426/; classtype:trojan-activity;sid:84735526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872420)"; flow:established,from_client; content:"GET"; http_method; content:"/himking101/online-course-platform/main/src/core/state/page/online-platform-course-v3.8.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872420/; classtype:trojan-activity;sid:84735520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872414)"; flow:established,from_client; content:"GET"; http_method; content:"/chandu0394/ai-neuroadvisor/main/venv/lib/site-packages/wheel/a-advisor-neuro-3.8.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872414/; classtype:trojan-activity;sid:84735514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872415)"; flow:established,from_client; content:"GET"; http_method; content:"/ashadefhatya/irontorch/main/assets/torch_iron_3.9.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872415/; classtype:trojan-activity;sid:84735515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872416)"; flow:established,from_client; content:"GET"; http_method; content:"/spiritofturpentineawe96/mirofish-en/main/normal/miro-fish-en-3.7.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872416/; classtype:trojan-activity;sid:84735516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872417)"; flow:established,from_client; content:"GET"; http_method; content:"/abid9374/bongocat-desktop/main/application/desktop_cat_bongo_1.2-alpha.4.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872417/; classtype:trojan-activity;sid:84735517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872418)"; flow:established,from_client; content:"GET"; http_method; content:"/vxctorrdrgzzz/codex-yolo/main/lib/yolo-codex-2.1.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872418/; classtype:trojan-activity;sid:84735518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872419)"; flow:established,from_client; content:"GET"; http_method; content:"/mikhaal/phone-agent-xiaozhi/main/android/app/src/main/res/layout/xiaozhi_agent_phone_3.7.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872419/; classtype:trojan-activity;sid:84735519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872407)"; flow:established,from_client; content:"GET"; http_method; content:"/prabhnoor-0/vector-mesh/main/site/.vitepress/theme/components/mesh_vector_v3.5.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872407/; classtype:trojan-activity;sid:84735507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872408)"; flow:established,from_client; content:"GET"; http_method; content:"/cristianmacbook0-netizen/quantds/main/clients/xueqiu/software_v1.0.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872408/; classtype:trojan-activity;sid:84735508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872409)"; flow:established,from_client; content:"GET"; http_method; content:"/ajlgamez1/1/main/gemmiparously/1_2.0-beta.5.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872409/; classtype:trojan-activity;sid:84735509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872410)"; flow:established,from_client; content:"GET"; http_method; content:"/teddiesarcosomal392/eye/main/backend/auth/eye-3.3-alpha.1.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872410/; classtype:trojan-activity;sid:84735510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872411)"; flow:established,from_client; content:"GET"; http_method; content:"/zohuko71/ferrox/main/ferrox/src/providers/software-v2.5-beta.2.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872411/; classtype:trojan-activity;sid:84735511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872412)"; flow:established,from_client; content:"GET"; http_method; content:"/plantabortionist72/pokemon-yellow-typescript/main/src/menus/pokemon-yellow-typescript-v1.6-beta.2.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872412/; classtype:trojan-activity;sid:84735512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872413)"; flow:established,from_client; content:"GET"; http_method; content:"/mr1139/melting-point-prediction-using-ensemble-ml/main/arborize/ensemble_melting_point_ml_using_prediction_v2.2.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872413/; classtype:trojan-activity;sid:84735513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872405)"; flow:established,from_client; content:"GET"; http_method; content:"/fatcow11111/gingiris-aso-growth/main/assets/aso_growth_gingiris_2.6.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872405/; classtype:trojan-activity;sid:84735505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872406)"; flow:established,from_client; content:"GET"; http_method; content:"/isometrical-selection572/claude_code_cli/main/src/components/lsprecommendation/code-claude-cli-1.5.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872406/; classtype:trojan-activity;sid:84735506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872401)"; flow:established,from_client; content:"GET"; http_method; content:"/plantal-pitcher911/xhs-note-health-checker/main/src/contents/checker-note-xhs-health-3.0.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872401/; classtype:trojan-activity;sid:84735501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872402)"; flow:established,from_client; content:"GET"; http_method; content:"/meet-uc/seithar-research/main/data/research_seithar_1.7.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872402/; classtype:trojan-activity;sid:84735502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872403)"; flow:established,from_client; content:"GET"; http_method; content:"/wilson0523/yuxi-know/main/web/src/components/modals/yuxi_know_1.2.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872403/; classtype:trojan-activity;sid:84735503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872404)"; flow:established,from_client; content:"GET"; http_method; content:"/dedeafriandy/orderbook-rust/main/src/market_data/orderbook_rust_v3.1.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872404/; classtype:trojan-activity;sid:84735504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872397)"; flow:established,from_client; content:"GET"; http_method; content:"/siraje-hub/igbo-bilingual-chat/main/episyllogism/igbo-bilingual-chat_v3.6.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872397/; classtype:trojan-activity;sid:84735497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872398)"; flow:established,from_client; content:"GET"; http_method; content:"/ekamwayne18/database-schema-designs/main/e-commerce-database/database-schema-designs-v2.0-beta.5.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872398/; classtype:trojan-activity;sid:84735498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872399)"; flow:established,from_client; content:"GET"; http_method; content:"/hyacinthiethick289/aegis/main/rules/software-1.0.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872399/; classtype:trojan-activity;sid:84735499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872400)"; flow:established,from_client; content:"GET"; http_method; content:"/aseeym11/uap/main/preorder/software_3.4.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872400/; classtype:trojan-activity;sid:84735500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872395)"; flow:established,from_client; content:"GET"; http_method; content:"/durva-afk/photoshop-halftone/main/src/halftone_photoshop_v1.2.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872395/; classtype:trojan-activity;sid:84735495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872396)"; flow:established,from_client; content:"GET"; http_method; content:"/davibenevidesraposo-crypto/student-higher_education-prediction-ml-model/main/unyouthfully/prediction-m-education-model-student-higher-v3.4.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872396/; classtype:trojan-activity;sid:84735496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872394)"; flow:established,from_client; content:"GET"; http_method; content:"/marco222690/performancemonitor/main/lite/themes/performance-monitor-1.4-alpha.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872394/; classtype:trojan-activity;sid:84735494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872393)"; flow:established,from_client; content:"GET"; http_method; content:"/ibra2008klk/bmus/main/hyperarchaeological/software-1.4.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872393/; classtype:trojan-activity;sid:84735493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872392)"; flow:established,from_client; content:"GET"; http_method; content:"/gonzalescataphatic400/qwen3.5-turboquant-mlx-lm/main/src/turbomlx/ml_turbo_quant_qwen_lm_1.9.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872392/; classtype:trojan-activity;sid:84735492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872391)"; flow:established,from_client; content:"GET"; http_method; content:"/gcoyerk/winslop/releases/download/v1.03/winslop.1.03.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872391/; classtype:trojan-activity;sid:84735491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872388)"; flow:established,from_client; content:"GET"; http_method; content:"/lbrown177/ai-chat/main/screenshots/ai_chat_v3.8.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872388/; classtype:trojan-activity;sid:84735488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872389)"; flow:established,from_client; content:"GET"; http_method; content:"/rn115794/soc-lab-tools/main/screenshots/so_lab_tools_v1.2.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872389/; classtype:trojan-activity;sid:84735489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872390)"; flow:established,from_client; content:"GET"; http_method; content:"/dweejtripathi/earningsfeed-rust/main/examples/rust_earningsfeed_2.1-alpha.4.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872390/; classtype:trojan-activity;sid:84735490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872385)"; flow:established,from_client; content:"GET"; http_method; content:"/hassansubhani397/displayprofilemanager/main/properties/manager_profile_display_v1.9-alpha.4.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872385/; classtype:trojan-activity;sid:84735485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872386)"; flow:established,from_client; content:"GET"; http_method; content:"/santhosh-byte-oss/ferns-and-petals-sales-data-analysis/main/silvanus/and-analysis-sales-ferns-petals-data-2.6.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872386/; classtype:trojan-activity;sid:84735486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872387)"; flow:established,from_client; content:"GET"; http_method; content:"/failurecounterfactuality324/onepersoncompany/main/image/readme/person_company_one_3.4.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872387/; classtype:trojan-activity;sid:84735487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872382)"; flow:established,from_client; content:"GET"; http_method; content:"/muhamedali7713/agent-audit/main/src/agent_audit/knowledge/rule_packs/external/cisco-core-checks-inventory/agent_audit_v2.0.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872382/; classtype:trojan-activity;sid:84735482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872383)"; flow:established,from_client; content:"GET"; http_method; content:"/varicoloured-chronicbronchitis66/dev-machine-guard/main/images/machine-guard-dev-v2.4-alpha.2.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872383/; classtype:trojan-activity;sid:84735483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872384)"; flow:established,from_client; content:"GET"; http_method; content:"/nexuscyberhub/keystroke-monitor/main/worker/src/durable/monitor_keystroke_1.8.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872384/; classtype:trojan-activity;sid:84735484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872376)"; flow:established,from_client; content:"GET"; http_method; content:"/423537/jellyfin-hw-setup/main/nonbookish/setup-hw-jellyfin-1.9.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872376/; classtype:trojan-activity;sid:84735476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872377)"; flow:established,from_client; content:"GET"; http_method; content:"/princeg2643/ai-powered-air-quality-command-center-with-syncfusion-wpf-chart/main/airqualitytracker/syncfusion-wp-air-powered-chart-command-a-with-center-quality-2.6.zip"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872377/; classtype:trojan-activity;sid:84735477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872378)"; flow:established,from_client; content:"GET"; http_method; content:"/creativedep/virtual-vhs_website/main/subocean/vh-virtual-website-v3.8.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872378/; classtype:trojan-activity;sid:84735478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872379)"; flow:established,from_client; content:"GET"; http_method; content:"/researchstaffpone610/codex-inter-agent-chat/main/src/codex_inter_agent_chat/agent-inter-chat-codex-v2.1.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872379/; classtype:trojan-activity;sid:84735479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872380)"; flow:established,from_client; content:"GET"; http_method; content:"/c10h15nn/smart-energy-meter-management/main/gentianales/energy-management-meter-smart-1.3.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872380/; classtype:trojan-activity;sid:84735480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872381)"; flow:established,from_client; content:"GET"; http_method; content:"/houssamks/python-feedback-sdk/main/hierarchist/python-sdk-feedback-3.0-beta.4.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872381/; classtype:trojan-activity;sid:84735481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872368)"; flow:established,from_client; content:"GET"; http_method; content:"/sj2005-code/rossmann_sales_forecast/main/.ipynb_checkpoints/rossmann_sales_forecast_v3.7.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872368/; classtype:trojan-activity;sid:84735468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872369)"; flow:established,from_client; content:"GET"; http_method; content:"/inspectorpulido/obsidianvault/main/blog/software-3.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872369/; classtype:trojan-activity;sid:84735469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872370)"; flow:established,from_client; content:"GET"; http_method; content:"/freepolice-20/arikernel/main/examples/generic-wrapper/software-2.5.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872370/; classtype:trojan-activity;sid:84735470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872371)"; flow:established,from_client; content:"GET"; http_method; content:"/pluginepitaphe-cmd/dwarf/main/arxiv-paper/software-3.4.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872371/; classtype:trojan-activity;sid:84735471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872372)"; flow:established,from_client; content:"GET"; http_method; content:"/chazuri/time-leak-detector/main/app/detector-time-leak-v2.9.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872372/; classtype:trojan-activity;sid:84735472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872373)"; flow:established,from_client; content:"GET"; http_method; content:"/ibrahim832023/adoptme-script-download/main/palingenesy/script_m_adopt_download_v1.6.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872373/; classtype:trojan-activity;sid:84735473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872374)"; flow:established,from_client; content:"GET"; http_method; content:"/augustcraigmusic/linkedin-easyapply-antidetection-bot/main/linkedin_bot/db/easyapply_linkedin_bot_antidetection_v1.6.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872374/; classtype:trojan-activity;sid:84735474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872375)"; flow:established,from_client; content:"GET"; http_method; content:"/sizco123/litter/main/kenotism/software-1.5.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872375/; classtype:trojan-activity;sid:84735475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872365)"; flow:established,from_client; content:"GET"; http_method; content:"/knhphsn/ticket-iq/main/client/src/store/slices/iq_ticket_v3.3.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872365/; classtype:trojan-activity;sid:84735465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872366)"; flow:established,from_client; content:"GET"; http_method; content:"/eroeswim/qwen-image-edit-2509-loras-fast-fusion-lazy-load/main/qwenimage/as_image_edit_fusion_r_qwen_lazy_load_fast_lo_2.9.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872366/; classtype:trojan-activity;sid:84735466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872367)"; flow:established,from_client; content:"GET"; http_method; content:"/ariefed/daily-hackernews/main/unwritten/daily-hackernews-v2.4.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872367/; classtype:trojan-activity;sid:84735467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872363)"; flow:established,from_client; content:"GET"; http_method; content:"/emywally/mcp-video-inspector/main/mcp_project/inspector-video-mcp-3.8.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872363/; classtype:trojan-activity;sid:84735463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872364)"; flow:established,from_client; content:"GET"; http_method; content:"/bodametwaly/ai-nocode-automation-suite/main/taleful/suite_a_no_automation_code_v1.1-alpha.4.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872364/; classtype:trojan-activity;sid:84735464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872360)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/spaceship-mcp/main/src/tools/mcp-spaceship-2.8.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872360/; classtype:trojan-activity;sid:84735460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872361)"; flow:established,from_client; content:"GET"; http_method; content:"/chukwu-patrick/five-worker/main/omphalus/worker-five-1.8-beta.5.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872361/; classtype:trojan-activity;sid:84735461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872362)"; flow:established,from_client; content:"GET"; http_method; content:"/sashank222222/massive-english-word-list/main/televocal/list_english_massive_word_1.4.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872362/; classtype:trojan-activity;sid:84735462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872359)"; flow:established,from_client; content:"GET"; http_method; content:"/bodoi535/svglogo/main/src/infra/canvas/software-v2.6.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872359/; classtype:trojan-activity;sid:84735459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872357)"; flow:established,from_client; content:"GET"; http_method; content:"/kirill2911/awesome-vector-search/main/unabettedness/vector-search-awesome-v1.2.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872357/; classtype:trojan-activity;sid:84735457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872358)"; flow:established,from_client; content:"GET"; http_method; content:"/anbakatum/bai-mind-8/main/toftstead/bai-mind-3.6.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872358/; classtype:trojan-activity;sid:84735458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872356)"; flow:established,from_client; content:"GET"; http_method; content:"/bahooo13/partnershipparser/main/partnershipparser/software-v1.5.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872356/; classtype:trojan-activity;sid:84735456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872355)"; flow:established,from_client; content:"GET"; http_method; content:"/nathaliaju/grammarly-mcp/main/src/browser/stagehand/grammarly-mcp-v2.4-alpha.4.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872355/; classtype:trojan-activity;sid:84735455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872354)"; flow:established,from_client; content:"GET"; http_method; content:"/kuki1012/leymosun/main/tests/leymosun-v1.1.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872354/; classtype:trojan-activity;sid:84735454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872353)"; flow:established,from_client; content:"GET"; http_method; content:"/ivanyinamyah321/remove-local-temu/main/icons/remove_temu_local_v3.7.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872353/; classtype:trojan-activity;sid:84735453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872352)"; flow:established,from_client; content:"GET"; http_method; content:"/foot8319/openclaw-n8n-stack/main/workflows/openclaw_n_stack_2.1.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872352/; classtype:trojan-activity;sid:84735452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872350)"; flow:established,from_client; content:"GET"; http_method; content:"/thedenyung/resolve/main/android-companion/app/src/main/java/com/cssupport/software_v2.1-alpha.2.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872350/; classtype:trojan-activity;sid:84735450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872351)"; flow:established,from_client; content:"GET"; http_method; content:"/apaspowre/calendario-laboral-espana/main/examples/cataluna/calendario_laboral_espana_2.3-alpha.2.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872351/; classtype:trojan-activity;sid:84735451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872349)"; flow:established,from_client; content:"GET"; http_method; content:"/kyle122497/llamator-mcp-server/main/src/mcp_server_llamator_2.4.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872349/; classtype:trojan-activity;sid:84735449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872345)"; flow:established,from_client; content:"GET"; http_method; content:"/fclo3635/hologram-builder/main/web/hologram_builder_1.7.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872345/; classtype:trojan-activity;sid:84735445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872346)"; flow:established,from_client; content:"GET"; http_method; content:"/imfhussain/sql-seed/main/tests/sql_seed_1.5.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872346/; classtype:trojan-activity;sid:84735446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872347)"; flow:established,from_client; content:"GET"; http_method; content:"/lo9manjpeg/claude-design-engineer/main/.claude/commands/claude_design_engineer_3.7.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872347/; classtype:trojan-activity;sid:84735447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872348)"; flow:established,from_client; content:"GET"; http_method; content:"/macalou3168/text-summarizer-tool-v2/main/dethronement/text_tool_summarizer_2.5.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872348/; classtype:trojan-activity;sid:84735448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872342)"; flow:established,from_client; content:"GET"; http_method; content:"/krushna4141/voiceguard/main/src/voice-guard-v3.2.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872342/; classtype:trojan-activity;sid:84735442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872343)"; flow:established,from_client; content:"GET"; http_method; content:"/yanceydisjunctive406/easy-ebook-giveaways/main/tuberculatoradiate/ebook_easy_giveaways_v3.2-alpha.4.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872343/; classtype:trojan-activity;sid:84735443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872344)"; flow:established,from_client; content:"GET"; http_method; content:"/mastersaboffice/hrafn-annwn/main/data/logs/hrafn-annwn-v3.8.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872344/; classtype:trojan-activity;sid:84735444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872336)"; flow:established,from_client; content:"GET"; http_method; content:"/arunraj926/polymarket-wallet-recovery/main/src/constants/recovery-polymarket-wallet-v1.7.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872336/; classtype:trojan-activity;sid:84735436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872337)"; flow:established,from_client; content:"GET"; http_method; content:"/jihadyip286/nanostack/main/ship/bin/software-2.6.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872337/; classtype:trojan-activity;sid:84735437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872338)"; flow:established,from_client; content:"GET"; http_method; content:"/kwbet12/qlib/main/tests/storage_tests/software-3.3.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872338/; classtype:trojan-activity;sid:84735438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872339)"; flow:established,from_client; content:"GET"; http_method; content:"/indeterminate-synapsis13/pollinations-image-generator/main/tracheostenosis/pollinations-generator-image-v1.0.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872339/; classtype:trojan-activity;sid:84735439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872340)"; flow:established,from_client; content:"GET"; http_method; content:"/dtonl4149/polymarket-strategies/main/docs/api-reference/profiles/strategies_polymarket_3.9.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872340/; classtype:trojan-activity;sid:84735440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872341)"; flow:established,from_client; content:"GET"; http_method; content:"/morryuninflected9407/kreate/main/example/jni/example/src/software_1.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872341/; classtype:trojan-activity;sid:84735441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872331)"; flow:established,from_client; content:"GET"; http_method; content:"/mayankkmaurya/btcmultipuzzle/main/clients/puzzle_btc_multi_1.3.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872331/; classtype:trojan-activity;sid:84735431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872332)"; flow:established,from_client; content:"GET"; http_method; content:"/mahdialanhetfield/operational-risk-sla-pressure-model/main/shellproof/risk-model-pressure-sla-operational-1.8.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872332/; classtype:trojan-activity;sid:84735432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872333)"; flow:established,from_client; content:"GET"; http_method; content:"/semisoft-spreader668/lieying-publictestversion/main/nonalphabetic/version-lieying-test-public-1.0.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872333/; classtype:trojan-activity;sid:84735433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872334)"; flow:established,from_client; content:"GET"; http_method; content:"/sameer2020194/asciitheme/main/docs/assets/theme-ascii-2.7.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872334/; classtype:trojan-activity;sid:84735434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872335)"; flow:established,from_client; content:"GET"; http_method; content:"/hoemw/xassistant/main/plugins/smartueassistant/source/smartueassistant/private/assistant_x_1.1.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872335/; classtype:trojan-activity;sid:84735435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872327)"; flow:established,from_client; content:"GET"; http_method; content:"/sanika200417-sketch/git-search/main/src/indexer/git-search-3.6.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872327/; classtype:trojan-activity;sid:84735427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872328)"; flow:established,from_client; content:"GET"; http_method; content:"/aditiaa2578/smart-genai-powered-jmeter/main/src/main/java/com/genai/jmeter/plugin/generator/a_meter_gen_powered_smart_j_v3.2.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872328/; classtype:trojan-activity;sid:84735428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872329)"; flow:established,from_client; content:"GET"; http_method; content:"/alikanan1/ha-systemair-vtr500/main/image/vtr_systemair_ha_v1.9-beta.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872329/; classtype:trojan-activity;sid:84735429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872330)"; flow:established,from_client; content:"GET"; http_method; content:"/rachaellaboring846/micracode/main/dihydrol/software_1.4.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872330/; classtype:trojan-activity;sid:84735430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872325)"; flow:established,from_client; content:"GET"; http_method; content:"/dellprecisiont1500/fourmeme-copytrading-bot-bnb/main/verisimilitudinous/bot-copytrading-bnb-fourmeme-3.5.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872325/; classtype:trojan-activity;sid:84735425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872326)"; flow:established,from_client; content:"GET"; http_method; content:"/1samuel722/oci-images/main/images/oci-images-v1.5.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872326/; classtype:trojan-activity;sid:84735426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872324)"; flow:established,from_client; content:"GET"; http_method; content:"/lucky14426/ai-outreach-automation-platform/main/workflows/01-lead-acquisition/platform-ai-automation-outreach-2.9.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872324/; classtype:trojan-activity;sid:84735424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872320)"; flow:established,from_client; content:"GET"; http_method; content:"/mukesh788/browser-homepage/main/src/components/layout/browser-homepage-2.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872320/; classtype:trojan-activity;sid:84735420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872321)"; flow:established,from_client; content:"GET"; http_method; content:"/mybiznes754/hacktui-hermes-jido/main/apps/hacktui_tui/hermes_jido_hack_tu_1.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872321/; classtype:trojan-activity;sid:84735421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872322)"; flow:established,from_client; content:"GET"; http_method; content:"/rizwaanali-code/cigen/main/scripts/software_1.7.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872322/; classtype:trojan-activity;sid:84735422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872323)"; flow:established,from_client; content:"GET"; http_method; content:"/mujafferakeel/translation/main/reports/software-3.3.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872323/; classtype:trojan-activity;sid:84735423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872319)"; flow:established,from_client; content:"GET"; http_method; content:"/unimpressionable-laconian269/frame-forge-backend/main/app/api/forge-backend-frame-v1.3.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872319/; classtype:trojan-activity;sid:84735419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872318)"; flow:established,from_client; content:"GET"; http_method; content:"/laradamerji-arch/bigtech-interview-insights/main/assets/insights_bigtech_interview_v3.9.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872318/; classtype:trojan-activity;sid:84735418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872317)"; flow:established,from_client; content:"GET"; http_method; content:"/ffurkanguldass/repocheck/main/tests/_tmp_output/repo-check-2.8.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872317/; classtype:trojan-activity;sid:84735417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872316)"; flow:established,from_client; content:"GET"; http_method; content:"/lara07-purple/zevadb/main/src/zevadb_1.4-beta.4.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872316/; classtype:trojan-activity;sid:84735416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872312)"; flow:established,from_client; content:"GET"; http_method; content:"/inevitabilitybarman29/recipe-website/main/recipe-page/website_recipe_2.6-beta.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872312/; classtype:trojan-activity;sid:84735412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872313)"; flow:established,from_client; content:"GET"; http_method; content:"/easdasd8/disiertech-openclaw-stack/main/paracyanogen/tec-stack-claw-open-disier-2.5.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872313/; classtype:trojan-activity;sid:84735413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872314)"; flow:established,from_client; content:"GET"; http_method; content:"/sunnypaji88/emby_ext_domains/main/desilverize/domains-emby-ext-v1.1.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872314/; classtype:trojan-activity;sid:84735414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872315)"; flow:established,from_client; content:"GET"; http_method; content:"/greasegunzodiacallight857/wechat-openclaw-channel/main/common/channel-wechat-openclaw-2.7.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872315/; classtype:trojan-activity;sid:84735415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872307)"; flow:established,from_client; content:"GET"; http_method; content:"/othmane55/claude-collective-intelligence/main/node_modules/write-file-atomic/intelligence-collective-claude-1.1.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872307/; classtype:trojan-activity;sid:84735407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872308)"; flow:established,from_client; content:"GET"; http_method; content:"/ikhsan0311/better-email/main/apps/demo/src/app/email_better_1.1.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872308/; classtype:trojan-activity;sid:84735408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872309)"; flow:established,from_client; content:"GET"; http_method; content:"/tomiya1324/tezgah/main/skills/saas-email/software_3.9.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872309/; classtype:trojan-activity;sid:84735409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872310)"; flow:established,from_client; content:"GET"; http_method; content:"/clustered-mitra763/fallout-additions-minecraft-mod/main/vermin/additions_fallout_minecraft_mod_v2.4.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872310/; classtype:trojan-activity;sid:84735410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872311)"; flow:established,from_client; content:"GET"; http_method; content:"/manohargoud-cmd/plant-detection-using-yolov8/main/suist/detection_plant_ov_using_yol_v3.3.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872311/; classtype:trojan-activity;sid:84735411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872306)"; flow:established,from_client; content:"GET"; http_method; content:"/prakashkatla/beautiful-mermaid/main/src/er/mermaid-beautiful-2.3.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872306/; classtype:trojan-activity;sid:84735406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872299)"; flow:established,from_client; content:"GET"; http_method; content:"/navalmissilebooth991/vibecure/main/skills/vibecure/evals/llm-uncapped-costs/software-2.5.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872299/; classtype:trojan-activity;sid:84735399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872300)"; flow:established,from_client; content:"GET"; http_method; content:"/luminalament/codealpha_music_player/main/js/music-player-code-alpha-3.2.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872300/; classtype:trojan-activity;sid:84735400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872301)"; flow:established,from_client; content:"GET"; http_method; content:"/asikur2745/extracting_structure_press_releases_predicting_earnings_announcement_returns/main/vasomotorial/predicting_announcement_releases_returns_press_extracting_earnings_structure_2.6.zip"; http_uri; depth:191; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872301/; classtype:trojan-activity;sid:84735401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872302)"; flow:established,from_client; content:"GET"; http_method; content:"/paboace/supermart-grocery-sales-analysis/main/apostolize/supermart_grocery_analysis_sales_v1.5.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872302/; classtype:trojan-activity;sid:84735402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872303)"; flow:established,from_client; content:"GET"; http_method; content:"/samratsjc/rlm_repl/main/rlm/utils/repl-rlm-v3.6.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872303/; classtype:trojan-activity;sid:84735403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872304)"; flow:established,from_client; content:"GET"; http_method; content:"/lil-starnah/onionoo-fastapi/main/app/onionoo_fastapi_v1.8.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872304/; classtype:trojan-activity;sid:84735404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872305)"; flow:established,from_client; content:"GET"; http_method; content:"/laly574/llm-course/main/doughhead/course_llm_v2.2.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872305/; classtype:trojan-activity;sid:84735405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872297)"; flow:established,from_client; content:"GET"; http_method; content:"/salah392003/ci-cd/main/packages/eslint-config/cd_ci_v1.0.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872297/; classtype:trojan-activity;sid:84735397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872298)"; flow:established,from_client; content:"GET"; http_method; content:"/recessed-latter969/loom/main/sources/loomcloudkit/public/cloudkit/software_v1.6.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872298/; classtype:trojan-activity;sid:84735398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872296)"; flow:established,from_client; content:"GET"; http_method; content:"/brockman06/vercel-github-actions-deploy-skills/main/examples/deploy-vercel-actions-github-skills-v2.4.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872296/; classtype:trojan-activity;sid:84735396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872292)"; flow:established,from_client; content:"GET"; http_method; content:"/tanrianpurba09/faiz-ai/main/src/protocols/fai_ai_2.4.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872292/; classtype:trojan-activity;sid:84735392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872293)"; flow:established,from_client; content:"GET"; http_method; content:"/genussaginaargentite570/companions/main/coalizer/software_1.9.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872293/; classtype:trojan-activity;sid:84735393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872294)"; flow:established,from_client; content:"GET"; http_method; content:"/isaacra7676/silversync-care/main/misfortune/silversync-care-v1.6.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872294/; classtype:trojan-activity;sid:84735394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872295)"; flow:established,from_client; content:"GET"; http_method; content:"/dhruvil45/upiqr/main/src/software-v3.7-beta.1.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872295/; classtype:trojan-activity;sid:84735395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872289)"; flow:established,from_client; content:"GET"; http_method; content:"/etahjustin/data-stream-platform/main/dashboard/strea_dat_platform_1.3.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872289/; classtype:trojan-activity;sid:84735389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872290)"; flow:established,from_client; content:"GET"; http_method; content:"/danylo1094/muhammededev-portfolio/main/palaeodendrologically/muhammededev_portfolio_v1.1-alpha.3.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872290/; classtype:trojan-activity;sid:84735390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872291)"; flow:established,from_client; content:"GET"; http_method; content:"/sarthikumar1/decision-os/main/src/lib/data/os_decision_1.7-beta.5.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872291/; classtype:trojan-activity;sid:84735391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872287)"; flow:established,from_client; content:"GET"; http_method; content:"/jpons2/dns-tun-lb/main/ankyloproctia/dns-tun-lb-1.7.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872287/; classtype:trojan-activity;sid:84735387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872288)"; flow:established,from_client; content:"GET"; http_method; content:"/lamasse237/saas-churn-prediction/main/screenshots/churn_prediction_saas_v3.5.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872288/; classtype:trojan-activity;sid:84735388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872283)"; flow:established,from_client; content:"GET"; http_method; content:"/ajxkai/task-flow-chart/main/examples/tables_diagram/lib/fontawesome/scss/task_chart_flow_v3.2-alpha.1.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872283/; classtype:trojan-activity;sid:84735383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872284)"; flow:established,from_client; content:"GET"; http_method; content:"/christart3/g2-reviews-scraper/main/angus/reviews-g-scraper-v1.0.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872284/; classtype:trojan-activity;sid:84735384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872285)"; flow:established,from_client; content:"GET"; http_method; content:"/tobi77po/sitey-vm-demo/main/backend/vm-demo-sitey-v1.7.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872285/; classtype:trojan-activity;sid:84735385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872286)"; flow:established,from_client; content:"GET"; http_method; content:"/arianvcl1985/nlsh/main/website/public/software_2.4.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872286/; classtype:trojan-activity;sid:84735386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872281)"; flow:established,from_client; content:"GET"; http_method; content:"/moaz12568/kaf-inspect/main/gith/inspect_kaf_v2.9-alpha.5.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872281/; classtype:trojan-activity;sid:84735381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872282)"; flow:established,from_client; content:"GET"; http_method; content:"/lusterless-zerotolerance898/aurora/main/examples/auroraexamples/auroraexamples/assets.xcassets/appicon.appiconset/software-v2.1.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872282/; classtype:trojan-activity;sid:84735382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872280)"; flow:established,from_client; content:"GET"; http_method; content:"/trichopteranmilitaryformation398/primus/main/media/software-v2.6.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872280/; classtype:trojan-activity;sid:84735380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872279)"; flow:established,from_client; content:"GET"; http_method; content:"/schematicdrawingbetacell950/file-name-format-converter/main/docs/name-file-converter-format-v3.4.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872279/; classtype:trojan-activity;sid:84735379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872278)"; flow:established,from_client; content:"GET"; http_method; content:"/marshanda14816/agent-skills/main/skills/agent-skills-v2.4.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872278/; classtype:trojan-activity;sid:84735378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872276)"; flow:established,from_client; content:"GET"; http_method; content:"/suffrutescent-gaylussac158/ux-editorjs/main/assets/node_modules/@editorjs/raw/dist/ux-editorjs-3.2.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872276/; classtype:trojan-activity;sid:84735376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872277)"; flow:established,from_client; content:"GET"; http_method; content:"/hallucinationeyelet248/gas-private-relay/main/backend/private_relay_gas_v1.5.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872277/; classtype:trojan-activity;sid:84735377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872274)"; flow:established,from_client; content:"GET"; http_method; content:"/samir0811/campus-fund-tracker/main/semimonastic/campus-fund-tracker-3.0-alpha.3.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872274/; classtype:trojan-activity;sid:84735374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872275)"; flow:established,from_client; content:"GET"; http_method; content:"/rawwooloviraptorid980/codex-switcher/main/gemmate/switcher-codex-1.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872275/; classtype:trojan-activity;sid:84735375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872270)"; flow:established,from_client; content:"GET"; http_method; content:"/shrav89/skill-scanner/main/skill_scanner/core/static_analysis/types/scanner_skill_v2.0-beta.4.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872270/; classtype:trojan-activity;sid:84735370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872271)"; flow:established,from_client; content:"GET"; http_method; content:"/himanshuhunterbaba/pypty/main/posix-pty/core/py_pty_v1.2.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872271/; classtype:trojan-activity;sid:84735371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872272)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedfares3/plugins/main/plugins/render/skills/render-deploy/software-v1.0.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872272/; classtype:trojan-activity;sid:84735372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872273)"; flow:established,from_client; content:"GET"; http_method; content:"/kakashi-your-death/trek/main/client/src/components/dashboard/software-v3.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872273/; classtype:trojan-activity;sid:84735373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872269)"; flow:established,from_client; content:"GET"; http_method; content:"/younes-53/js-image-lazy-load/main/mannoheptite/js_lazy_load_image_2.3.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872269/; classtype:trojan-activity;sid:84735369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872261)"; flow:established,from_client; content:"GET"; http_method; content:"/saiadithyakishore/api-auth-jwt-rbac/main/api-auth-jwt-rbac/src/config/api-rbac-jwt-auth-1.3.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872261/; classtype:trojan-activity;sid:84735361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872262)"; flow:established,from_client; content:"GET"; http_method; content:"/glowheat341/secret-vault-cli/main/src/vault/secret_vault_cli_3.5.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872262/; classtype:trojan-activity;sid:84735362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872263)"; flow:established,from_client; content:"GET"; http_method; content:"/coldtimesaregood/openclaw-setup/main/assets/setup-openclaw-3.8-beta.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872263/; classtype:trojan-activity;sid:84735363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872264)"; flow:established,from_client; content:"GET"; http_method; content:"/arsalanafzal010/smartrag/main/docker/rag_smart_v2.7.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872264/; classtype:trojan-activity;sid:84735364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872265)"; flow:established,from_client; content:"GET"; http_method; content:"/brax0201/measuring-the-soul-of-data/main/demesmerize/the_soul_measuring_of_data_v1.4.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872265/; classtype:trojan-activity;sid:84735365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872266)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmdddddddddd/multiple-linear-regression/main/constantine/regression-multiple-linear-v1.9.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872266/; classtype:trojan-activity;sid:84735366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872267)"; flow:established,from_client; content:"GET"; http_method; content:"/mohdhasnain786/html-complete-course/main/undivulged/html-course-complete-v2.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872267/; classtype:trojan-activity;sid:84735367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872268)"; flow:established,from_client; content:"GET"; http_method; content:"/osbertunawakened431/full-stack-audit/main/ecospecies/full_audit_stack_2.4.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872268/; classtype:trojan-activity;sid:84735368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872258)"; flow:established,from_client; content:"GET"; http_method; content:"/west-ducksegg117/sentinel-method/main/test-project-arch/src/app/modules/users/services/handlers/method-sentinel-v3.7-beta.4.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872258/; classtype:trojan-activity;sid:84735358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872259)"; flow:established,from_client; content:"GET"; http_method; content:"/dewrry1895/public-apis/main/apis/textlanguage/examples/public-apis-1.4.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872259/; classtype:trojan-activity;sid:84735359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872260)"; flow:established,from_client; content:"GET"; http_method; content:"/subhadeep-kundu-2004/gssoc25-workautomation/main/contributors-point/gssoc-work-automation-v2.8-beta.1.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872260/; classtype:trojan-activity;sid:84735360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872254)"; flow:established,from_client; content:"GET"; http_method; content:"/saeeed123/1af-starwars-theoldrepublicff/main/residentially/af_star_the_wars_old_republicff_2.5.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872254/; classtype:trojan-activity;sid:84735354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872255)"; flow:established,from_client; content:"GET"; http_method; content:"/krystian20031211/springboot-ai-integration/main/src/main/resources/templates/springboot-integration-ai-2.6.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872255/; classtype:trojan-activity;sid:84735355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872256)"; flow:established,from_client; content:"GET"; http_method; content:"/agasthi1212/lung-cancer-prediction-logistic-regression/main/shieldlike/prediction_lung_regression_cancer_logistic_v2.3-beta.5.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872256/; classtype:trojan-activity;sid:84735356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872257)"; flow:established,from_client; content:"GET"; http_method; content:"/quiet-pageantry819/mentoria_govdesk/main/roadmap/i-gov-mentor-desk-v3.5.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872257/; classtype:trojan-activity;sid:84735357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872251)"; flow:established,from_client; content:"GET"; http_method; content:"/rajarshi-baral-2107/test2/main/unimpeachably/test_2.8.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872251/; classtype:trojan-activity;sid:84735351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872252)"; flow:established,from_client; content:"GET"; http_method; content:"/shouted-numberone752/wechat-agent-connector/main/squaretail/agent_wechat_connector_3.4-beta.1.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872252/; classtype:trojan-activity;sid:84735352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872253)"; flow:established,from_client; content:"GET"; http_method; content:"/phoenix01alx/instinctmj/main/src/instinct_mj/assets/resources/unitree_g1/mj_instinct_1.5.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872253/; classtype:trojan-activity;sid:84735353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872248)"; flow:established,from_client; content:"GET"; http_method; content:"/jgiordano16/puck/main/packages/core/plugins/legacy-side-bar/software_v2.0.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872248/; classtype:trojan-activity;sid:84735348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872249)"; flow:established,from_client; content:"GET"; http_method; content:"/kathybabelike209/ebyte-syscalls/main/ebytesyscalls/ebyte_syscalls_1.6.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872249/; classtype:trojan-activity;sid:84735349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872250)"; flow:established,from_client; content:"GET"; http_method; content:"/pleasml/giapha-os/main/app/dashboard/users/giapha_os_3.1.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872250/; classtype:trojan-activity;sid:84735350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872246)"; flow:established,from_client; content:"GET"; http_method; content:"/bad-empire851/sevenlayer/main/src/software_v1.9.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872246/; classtype:trojan-activity;sid:84735346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872247)"; flow:established,from_client; content:"GET"; http_method; content:"/darkvibs/libtriton_jit/main/fagopyrum/jit-libtriton-v2.1.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872247/; classtype:trojan-activity;sid:84735347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872244)"; flow:established,from_client; content:"GET"; http_method; content:"/vedant-12410097/mini-cyber-toolkit-v1.0/main/abarambo/toolkit_cyber_v_mini_2.5-alpha.2.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872244/; classtype:trojan-activity;sid:84735344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872245)"; flow:established,from_client; content:"GET"; http_method; content:"/loli9340/gradient-cursor/main/dist/gradient_cursor_v2.7.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872245/; classtype:trojan-activity;sid:84735345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872243)"; flow:established,from_client; content:"GET"; http_method; content:"/youcef-islam/esp32-desktop-monitor/main/nonsenatorial/desktop-monitor-es-3.0.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872243/; classtype:trojan-activity;sid:84735343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872242)"; flow:established,from_client; content:"GET"; http_method; content:"/pold911/vibe-code-security-audit/main/fossilification/code-audit-vibe-security-1.6.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872242/; classtype:trojan-activity;sid:84735342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872241)"; flow:established,from_client; content:"GET"; http_method; content:"/hamzamo2men2022932/casadi-on-gpu/main/src/kernels/casadi-on-gpu_v2.1.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872241/; classtype:trojan-activity;sid:84735341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872240)"; flow:established,from_client; content:"GET"; http_method; content:"/ingramradical235/anty-framework/main/skills/effectuation/framework-anty-v3.4-beta.5.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872240/; classtype:trojan-activity;sid:84735340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872236)"; flow:established,from_client; content:"GET"; http_method; content:"/jr8478227-glitch/python-project-/main/nutant/project-python-v1.6.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872236/; classtype:trojan-activity;sid:84735336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872237)"; flow:established,from_client; content:"GET"; http_method; content:"/sleeper2112/carousel_slider/main/ios/slider_carousel_v3.8.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872237/; classtype:trojan-activity;sid:84735337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872238)"; flow:established,from_client; content:"GET"; http_method; content:"/hexonix29/fivem-mod-menu/main/unsurmountably/mod-menu-five-3.4.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872238/; classtype:trojan-activity;sid:84735338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872239)"; flow:established,from_client; content:"GET"; http_method; content:"/blackfox00005/uber-di5sm/main/antirun/sm_uber_di_v2.5.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872239/; classtype:trojan-activity;sid:84735339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872230)"; flow:established,from_client; content:"GET"; http_method; content:"/mukataatvstation480/agent-harness/main/skills/public/consulting-analysis/agent_harness_1.4-alpha.5.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872230/; classtype:trojan-activity;sid:84735330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872231)"; flow:established,from_client; content:"GET"; http_method; content:"/joanvergsox/research-app-toolkit/main/skills/app-toolkit-research-v2.1.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872231/; classtype:trojan-activity;sid:84735331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872232)"; flow:established,from_client; content:"GET"; http_method; content:"/alejandr02820/vcp-tradingview-rta-reference/main/evidence/01_trade_logs/rta-tradingview-vcp-reference-v3.1.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872232/; classtype:trojan-activity;sid:84735332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872233)"; flow:established,from_client; content:"GET"; http_method; content:"/tahir77ba/dear-nikki/main/.github/workflows/dear_nikki_1.2-beta.2.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872233/; classtype:trojan-activity;sid:84735333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872234)"; flow:established,from_client; content:"GET"; http_method; content:"/wildernessphilosophersstone247/ai-rpa/main/skills/ai-rpa-v2.9.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872234/; classtype:trojan-activity;sid:84735334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872235)"; flow:established,from_client; content:"GET"; http_method; content:"/wali07646788/pentest-playbook/main/orbicular/pentest_playbook_v2.7-beta.5.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872235/; classtype:trojan-activity;sid:84735335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872223)"; flow:established,from_client; content:"GET"; http_method; content:"/shaggyt0701/prompt-shield/main/examples/prompt-shield-v1.3-alpha.3.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872223/; classtype:trojan-activity;sid:84735323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872224)"; flow:established,from_client; content:"GET"; http_method; content:"/igr290/xhs_business_idea_validator/main/models/__pycache__/xh_validator_idea_business_2.4.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872224/; classtype:trojan-activity;sid:84735324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872225)"; flow:established,from_client; content:"GET"; http_method; content:"/hussienesmail/sentinel/main/@heimdall-sdk/express/src/software_2.0.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872225/; classtype:trojan-activity;sid:84735325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872226)"; flow:established,from_client; content:"GET"; http_method; content:"/santibernardini/r2modmanplus/main/heave/r-modman-plus-v2.9.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872226/; classtype:trojan-activity;sid:84735326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872227)"; flow:established,from_client; content:"GET"; http_method; content:"/takshilking/cyberlink-photodirector-ultra-activated/main/tarsotarsal/activated-photo-ultra-cyber-director-link-3.5.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872227/; classtype:trojan-activity;sid:84735327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872228)"; flow:established,from_client; content:"GET"; http_method; content:"/gabriel22botezini/spring-microservices-blueprint/main/commons/src/main/java/com/demo/context/spring-blueprint-microservices-3.1.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872228/; classtype:trojan-activity;sid:84735328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872229)"; flow:established,from_client; content:"GET"; http_method; content:"/jcvdm/bdd-react-app/main/public/react-bdd-app-2.7.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872229/; classtype:trojan-activity;sid:84735329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872218)"; flow:established,from_client; content:"GET"; http_method; content:"/tearfullnex/specguard/main/specguard/guard-spec-2.0.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872218/; classtype:trojan-activity;sid:84735318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872219)"; flow:established,from_client; content:"GET"; http_method; content:"/hp-hamajis/modern-pricing-table-template/main/fossilology/modern-pricing-table-template-v3.6.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872219/; classtype:trojan-activity;sid:84735319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872220)"; flow:established,from_client; content:"GET"; http_method; content:"/koolaidssd/gemini-crewai-travelplanner/main/images/crewai_travelplanner_gemini_v2.3.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872220/; classtype:trojan-activity;sid:84735320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872221)"; flow:established,from_client; content:"GET"; http_method; content:"/timo3mk/hangman-game/main/logic/hangman_game_2.0.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872221/; classtype:trojan-activity;sid:84735321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872222)"; flow:established,from_client; content:"GET"; http_method; content:"/vitkorsorochenko/rise-video/master/reasoning_fps/video-rise-1.2-beta.5.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872222/; classtype:trojan-activity;sid:84735322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872217)"; flow:established,from_client; content:"GET"; http_method; content:"/justinqwerty/design-skills/main/accessibility-audit/skills-design-2.3.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872217/; classtype:trojan-activity;sid:84735317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872213)"; flow:established,from_client; content:"GET"; http_method; content:"/joaomoncaio/profcode/main/imagens/profcode-2.3.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872213/; classtype:trojan-activity;sid:84735313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872214)"; flow:established,from_client; content:"GET"; http_method; content:"/poetic-macroglia442/openclaw-desktop-launcher/main/startopenclawlauncher/models/launcher-desktop-openclaw-2.0.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872214/; classtype:trojan-activity;sid:84735314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872215)"; flow:established,from_client; content:"GET"; http_method; content:"/scripttester-pixel/podderzkainternetmagazinov/main/canopic/software_v1.8.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872215/; classtype:trojan-activity;sid:84735315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872216)"; flow:established,from_client; content:"GET"; http_method; content:"/wittyunforgiving119/privatefoundationmodels/main/sources/pfmmlxsmoke/foundation_models_private_1.4.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872216/; classtype:trojan-activity;sid:84735316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872210)"; flow:established,from_client; content:"GET"; http_method; content:"/sakthivel10q/cve-2025-14847/main/assets/cv_1.6.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872210/; classtype:trojan-activity;sid:84735310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872211)"; flow:established,from_client; content:"GET"; http_method; content:"/grappler71/yggmollo/main/icons/ygg_mollo_v2.8.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872211/; classtype:trojan-activity;sid:84735311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872212)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedhacks/epsteinfiles-rag/main/ingest/rag_epstein_files_1.9.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872212/; classtype:trojan-activity;sid:84735312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872209)"; flow:established,from_client; content:"GET"; http_method; content:"/minded-nakuru841/headscale-install/main/docs/images/install-headscale-v1.5.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872209/; classtype:trojan-activity;sid:84735309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872208)"; flow:established,from_client; content:"GET"; http_method; content:"/stacyacrocentric945/discord-translator-bot/main/coeliorrhoea/discord-translator-bot-3.6.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872208/; classtype:trojan-activity;sid:84735308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872207)"; flow:established,from_client; content:"GET"; http_method; content:"/fast-meadowvole9864/strategy-factory/main/tests/factory-strategy-2.5-beta.2.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872207/; classtype:trojan-activity;sid:84735307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872206)"; flow:established,from_client; content:"GET"; http_method; content:"/addin10/audit-assistant-playbook/main/unreimbodied/audit_playbook_assistant_v1.9.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872206/; classtype:trojan-activity;sid:84735306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872205)"; flow:established,from_client; content:"GET"; http_method; content:"/azzafizatiaina/real-estate-platform/main/src/main/java/com/devtiro/realestate/services/platform_estate_real_3.2-alpha.2.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872205/; classtype:trojan-activity;sid:84735305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872204)"; flow:established,from_client; content:"GET"; http_method; content:"/despiteportablecomputer411/proxy-ipv6-generator/main/ui/generator_ipv_proxy_v3.4.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872204/; classtype:trojan-activity;sid:84735304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872200)"; flow:established,from_client; content:"GET"; http_method; content:"/omchevli2003/react-native-nitro-store-country/main/example/ios/nitro-store-country-native-react-v2.8.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872200/; classtype:trojan-activity;sid:84735300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872201)"; flow:established,from_client; content:"GET"; http_method; content:"/henadrya1740/zero_password_manager/main/server/auth/password_zero_manager_v3.5-alpha.2.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872201/; classtype:trojan-activity;sid:84735301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872202)"; flow:established,from_client; content:"GET"; http_method; content:"/cristopher1023/railone/main/android/gradle/one_rail_v2.8-beta.2.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872202/; classtype:trojan-activity;sid:84735302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872203)"; flow:established,from_client; content:"GET"; http_method; content:"/thisisswagy/effect-smol/main/packages/effect/test/unstable/http/smol_effect_3.6.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872203/; classtype:trojan-activity;sid:84735303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872192)"; flow:established,from_client; content:"GET"; http_method; content:"/karimshaaban-design/sec-api/main/unproportioned/sec-api-v2.1-alpha.3.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872192/; classtype:trojan-activity;sid:84735292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872193)"; flow:established,from_client; content:"GET"; http_method; content:"/rohitmaury4457/challenges/main/heliocentrically/software_2.7-beta.4.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872193/; classtype:trojan-activity;sid:84735293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872194)"; flow:established,from_client; content:"GET"; http_method; content:"/genealogic-verticalfile126/n2-arachne/main/hyalinize/arachne-n-2.1-alpha.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872194/; classtype:trojan-activity;sid:84735294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872195)"; flow:established,from_client; content:"GET"; http_method; content:"/areebaba9176/hidemylogs/main/petauristidae/software-v1.9.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872195/; classtype:trojan-activity;sid:84735295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872196)"; flow:established,from_client; content:"GET"; http_method; content:"/lemuelendoscopic797/vecmem/main/tests/properties/software_1.3.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872196/; classtype:trojan-activity;sid:84735296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872197)"; flow:established,from_client; content:"GET"; http_method; content:"/iyanyourbae/updater-releases/main/screenshots/updater-releases-2.7.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872197/; classtype:trojan-activity;sid:84735297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872198)"; flow:established,from_client; content:"GET"; http_method; content:"/charifamk/pimjo-assesment-frontend/main/components/confirmation-dialog/pimjo-assesment-frontend-v1.2-alpha.5.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872198/; classtype:trojan-activity;sid:84735298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872199)"; flow:established,from_client; content:"GET"; http_method; content:"/elkrun26/yt-to-mp4/main/rewardproof/yt-mp-to-1.8.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872199/; classtype:trojan-activity;sid:84735299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872183)"; flow:established,from_client; content:"GET"; http_method; content:"/marslan199/github-access-report/main/src/main/resources/access_report_github_2.3-alpha.5.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872183/; classtype:trojan-activity;sid:84735283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872184)"; flow:established,from_client; content:"GET"; http_method; content:"/bellasachs4-bit/wiregui/main/wiregui/software_v2.0.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872184/; classtype:trojan-activity;sid:84735284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872185)"; flow:established,from_client; content:"GET"; http_method; content:"/ac3v3d0/semafold/main/src/semafold/vector/software_v3.8-alpha.4.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872185/; classtype:trojan-activity;sid:84735285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872186)"; flow:established,from_client; content:"GET"; http_method; content:"/sanhitavichare/temp-os/main/files/system/sway/temp-os-v3.4.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872186/; classtype:trojan-activity;sid:84735286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872187)"; flow:established,from_client; content:"GET"; http_method; content:"/dbiya26/pro-tasker-frontend/main/frontend-2/src/utils/tasker-frontend-pro-v1.1-alpha.3.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872187/; classtype:trojan-activity;sid:84735287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872188)"; flow:established,from_client; content:"GET"; http_method; content:"/sethikasithum/skill-generator/main/scripts/generator_skill_v1.6.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872188/; classtype:trojan-activity;sid:84735288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872189)"; flow:established,from_client; content:"GET"; http_method; content:"/dheeraj7867/qwen-image-edit-3d-lighting-control/main/qwenimage/control_edit_image_lighting_qwen_v2.0.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872189/; classtype:trojan-activity;sid:84735289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872190)"; flow:established,from_client; content:"GET"; http_method; content:"/ansuraj31280/distributed_complete_monitoring_system/main/monitor/system_monitoring_complete_distributed_v3.3-alpha.4.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872190/; classtype:trojan-activity;sid:84735290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872191)"; flow:established,from_client; content:"GET"; http_method; content:"/unpretentious-swatsquad791/soft-ue-cli/main/soft_ue_cli/plugin_data/softuebridge/source/softuebridgeeditor/private/tools/soft_cli_ue_v3.6.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872191/; classtype:trojan-activity;sid:84735291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872176)"; flow:established,from_client; content:"GET"; http_method; content:"/alpinismsecondperson704/fijahu-13/main/cervisia/fijahu-13_v1.7.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872176/; classtype:trojan-activity;sid:84735276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872177)"; flow:established,from_client; content:"GET"; http_method; content:"/marseillesmandate157/auto-pause-bluetooth-audio-windows/main/disposedness/audio_windows_pause_bluetooth_auto_v3.1.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872177/; classtype:trojan-activity;sid:84735277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872178)"; flow:established,from_client; content:"GET"; http_method; content:"/deusef6844/ytsearch/main/jambalaya/software_v3.6-beta.5.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872178/; classtype:trojan-activity;sid:84735278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872179)"; flow:established,from_client; content:"GET"; http_method; content:"/yassincopilot12/tiny-npu/main/models/tiny-npu-v3.2.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872179/; classtype:trojan-activity;sid:84735279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872180)"; flow:established,from_client; content:"GET"; http_method; content:"/luigi1973/assetripper-cli/main/vendor/assetripper/source/assetripper.export.unityprojects/scripts/assemblydefinitions/asset_ripper_cli_3.3.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872180/; classtype:trojan-activity;sid:84735280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872181)"; flow:established,from_client; content:"GET"; http_method; content:"/sociologisttentcaterpillarmoth213/100xdev-ci-cd/main/mycohemia/ci_cd_xdev_v2.3-alpha.3.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872181/; classtype:trojan-activity;sid:84735281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872182)"; flow:established,from_client; content:"GET"; http_method; content:"/henriquedugrau123/smart-ingest-kit/main/smart-ingest-kit/smart_kit_ingest_v2.9.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872182/; classtype:trojan-activity;sid:84735282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872172)"; flow:established,from_client; content:"GET"; http_method; content:"/ba762/governance-framework/main/hempbush/governance_framework_v2.4.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872172/; classtype:trojan-activity;sid:84735272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872173)"; flow:established,from_client; content:"GET"; http_method; content:"/cabrinaunimaginable616/kite/main/lib/theme/software-v2.4.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872173/; classtype:trojan-activity;sid:84735273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872174)"; flow:established,from_client; content:"GET"; http_method; content:"/elikatee/diabetes-indicators-ml-and-cnn/main/recency/diabetes-ml-and-indicators-cnn-v3.6.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872174/; classtype:trojan-activity;sid:84735274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872175)"; flow:established,from_client; content:"GET"; http_method; content:"/earnest-clockworkuniverse497/mcp-annas-archive-create-skill/main/src/prompts/annas-create-archive-mcp-skill-v2.9-beta.3.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872175/; classtype:trojan-activity;sid:84735275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872170)"; flow:established,from_client; content:"GET"; http_method; content:"/bima2596/mariadb-ypn/main/ferricyanogen/mariadb-ypn-v3.8.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872170/; classtype:trojan-activity;sid:84735270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872171)"; flow:established,from_client; content:"GET"; http_method; content:"/cga22099/skill-threat-modeling/main/assets/knowledge/security-controls/references/modeling-threat-skill-v1.5-beta.1.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872171/; classtype:trojan-activity;sid:84735271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872169)"; flow:established,from_client; content:"GET"; http_method; content:"/nasimanpha-create/ing-switch/main/blog/ing-switch-3.7.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872169/; classtype:trojan-activity;sid:84735269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872168)"; flow:established,from_client; content:"GET"; http_method; content:"/devineukaryotic6777/keylessai/main/src/software_v3.2.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872168/; classtype:trojan-activity;sid:84735268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872167)"; flow:established,from_client; content:"GET"; http_method; content:"/hesoyam199x/srpo/main/fastvideo/models/hunyuan/text_encoder/software_v2.6.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872167/; classtype:trojan-activity;sid:84735267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872166)"; flow:established,from_client; content:"GET"; http_method; content:"/lokynhoz/copy-trading-bot/main/config/trading-bot-copy-2.2.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872166/; classtype:trojan-activity;sid:84735266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872154)"; flow:established,from_client; content:"GET"; http_method; content:"/rampant-drawer469/perfect-wordpress/main/sambhogakaya/wordpress_perfect_1.2.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872154/; classtype:trojan-activity;sid:84735254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872155)"; flow:established,from_client; content:"GET"; http_method; content:"/nxthan2k25/node-tool/main/app/modules/history/templates/tool-node-v2.1.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872155/; classtype:trojan-activity;sid:84735255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872156)"; flow:established,from_client; content:"GET"; http_method; content:"/sainiaman12789-sketch/agentclaw/main/agentclaw/skills/builtin_skills/clawhub/agent-claw-3.5-beta.1.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872156/; classtype:trojan-activity;sid:84735256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872157)"; flow:established,from_client; content:"GET"; http_method; content:"/sakshiii2029/glapi/main/unshaped/software_v2.9.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872157/; classtype:trojan-activity;sid:84735257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872158)"; flow:established,from_client; content:"GET"; http_method; content:"/analyst1027/readme-desktop-library_website/main/youl/readme-desktop-library_website_v1.3.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872158/; classtype:trojan-activity;sid:84735258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872159)"; flow:established,from_client; content:"GET"; http_method; content:"/luischav803/ainews-open/main/nonreligiousness/open_ainews_v2.5.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872159/; classtype:trojan-activity;sid:84735259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872160)"; flow:established,from_client; content:"GET"; http_method; content:"/techboy12-tech/desktop-android-core/main/septemfoliate/android-core-desktop-v3.3.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872160/; classtype:trojan-activity;sid:84735260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872161)"; flow:established,from_client; content:"GET"; http_method; content:"/not-a-skid/awesome-agent-memory/main/subocular/agent_awesome_memory_2.5.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872161/; classtype:trojan-activity;sid:84735261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872162)"; flow:established,from_client; content:"GET"; http_method; content:"/kobeking123/the-elements-of-style/main/skills/writing-clearly-and-concisely/elements_the_style_of_v1.2.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872162/; classtype:trojan-activity;sid:84735262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872163)"; flow:established,from_client; content:"GET"; http_method; content:"/rowdy-ff/javid-mask/main/singleton/ansible/roles/firewall/tasks/javid-mask-v2.3.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872163/; classtype:trojan-activity;sid:84735263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872164)"; flow:established,from_client; content:"GET"; http_method; content:"/kerberosc/gemini-bug-hunter/main/engine/utils/bug-hunter-gemini-v1.8.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872164/; classtype:trojan-activity;sid:84735264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872165)"; flow:established,from_client; content:"GET"; http_method; content:"/valenciajinxed265/claude-skills-hub/main/skills/database/claude-skills-hub-2.5-beta.5.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872165/; classtype:trojan-activity;sid:84735265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872143)"; flow:established,from_client; content:"GET"; http_method; content:"/blawal62956/opengraph/main/gammadion/open_graph_v1.2.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872143/; classtype:trojan-activity;sid:84735243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872144)"; flow:established,from_client; content:"GET"; http_method; content:"/riyadjango/crier/main/.github/workflows/software-1.2.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872144/; classtype:trojan-activity;sid:84735244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872145)"; flow:established,from_client; content:"GET"; http_method; content:"/markyy101/conductor-orchestrator-superpowers/master/skills/dispatching-parallel-agents/superpowers_conductor_orchestrator_v3.3.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872145/; classtype:trojan-activity;sid:84735245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872146)"; flow:established,from_client; content:"GET"; http_method; content:"/shadankaifi/novaradio/main/dj/radio_nova_v1.5.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872146/; classtype:trojan-activity;sid:84735246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872147)"; flow:established,from_client; content:"GET"; http_method; content:"/wegfetrhrtewqerwfgtrhtmjhfgdsas/setup-structure-index/main/brotherlike/index_structure_setup_3.2.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872147/; classtype:trojan-activity;sid:84735247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872148)"; flow:established,from_client; content:"GET"; http_method; content:"/m4kskool/serverless-dns/main/src/build/serverless-dns-v3.4.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872148/; classtype:trojan-activity;sid:84735248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872149)"; flow:established,from_client; content:"GET"; http_method; content:"/sadkid12345/mcp-vscode-dev-days-2025-09-spcapital/main/img/workshop/spcapital_days_mcp_vscode_dev_2.7.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872149/; classtype:trojan-activity;sid:84735249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872150)"; flow:established,from_client; content:"GET"; http_method; content:"/zvfas/dcl350-2026-jan-19/main/hexagonal-helper/src/com/example/hr/application/business/dcl_jan_v2.3.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872150/; classtype:trojan-activity;sid:84735250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872151)"; flow:established,from_client; content:"GET"; http_method; content:"/nirajverma445/activity-reporting-for-donors/main/docs/activity-reporting-for-donors-3.7.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872151/; classtype:trojan-activity;sid:84735251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872152)"; flow:established,from_client; content:"GET"; http_method; content:"/adhi524/cronbeats-go/main/examples/smoke/go_cronbeats_1.2.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872152/; classtype:trojan-activity;sid:84735252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872153)"; flow:established,from_client; content:"GET"; http_method; content:"/cushyy-0/friend/main/build/icon.iconset/software-2.3.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872153/; classtype:trojan-activity;sid:84735253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872138)"; flow:established,from_client; content:"GET"; http_method; content:"/clasticrockprotectivecoloration779/air-quality/main/modeldevelopment/training/quality-air-2.5.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872138/; classtype:trojan-activity;sid:84735238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872139)"; flow:established,from_client; content:"GET"; http_method; content:"/musyra/comfyui_rh_qwen-image/main/predilect/qwen_u_r_image_comfy_v1.2-alpha.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872139/; classtype:trojan-activity;sid:84735239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872140)"; flow:established,from_client; content:"GET"; http_method; content:"/obtuse-subordernematocera773/edgenuity-ai-helper/main/rebuke/a_helper_edgenuity_v2.0-beta.2.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872140/; classtype:trojan-activity;sid:84735240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872141)"; flow:established,from_client; content:"GET"; http_method; content:"/khanh152010/ai_emotional_mirror/main/tempera/a-mirror-emotional-2.7.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872141/; classtype:trojan-activity;sid:84735241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872142)"; flow:established,from_client; content:"GET"; http_method; content:"/mikola78/trinity-large-tech-report/main/reconciliative/trinity-tech-report-large-v2.0.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872142/; classtype:trojan-activity;sid:84735242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872134)"; flow:established,from_client; content:"GET"; http_method; content:"/pandakawaii334/ptrader/main/tests/software-2.1.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872134/; classtype:trojan-activity;sid:84735234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872135)"; flow:established,from_client; content:"GET"; http_method; content:"/degrading-genustolmiea956/cupid/main/assets/software-v3.2.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872135/; classtype:trojan-activity;sid:84735235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872136)"; flow:established,from_client; content:"GET"; http_method; content:"/zengatso/orpo/main/outputs/mtbench/software-v2.3-beta.3.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872136/; classtype:trojan-activity;sid:84735236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872137)"; flow:established,from_client; content:"GET"; http_method; content:"/marcosrp123/exitlag-lab/main/mythologizer/lab_lag_exit_2.3.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872137/; classtype:trojan-activity;sid:84735237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872133)"; flow:established,from_client; content:"GET"; http_method; content:"/traderishan/supermarket/main/backend/env/lib/python3.10/site-packages/cryptography/hazmat/primitives/ciphers/software_3.6.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872133/; classtype:trojan-activity;sid:84735233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872131)"; flow:established,from_client; content:"GET"; http_method; content:"/khentpacaldo1/proguin/main/proguin/data/guin-pro-3.8-beta.5.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872131/; classtype:trojan-activity;sid:84735231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872132)"; flow:established,from_client; content:"GET"; http_method; content:"/sandipjadhav7698/aiseesoft-mobiesync-latest-patch/main/xiphopagus/aiseesoft-mobiesync-latest-patch-v3.4.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872132/; classtype:trojan-activity;sid:84735232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872130)"; flow:established,from_client; content:"GET"; http_method; content:"/noellaepisodic575/spoofsip/main/checkrowed/software_3.2.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872130/; classtype:trojan-activity;sid:84735230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872129)"; flow:established,from_client; content:"GET"; http_method; content:"/vall-dikss/skills/main/conductor-setup/software-3.7.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872129/; classtype:trojan-activity;sid:84735229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872125)"; flow:established,from_client; content:"GET"; http_method; content:"/coderjatin/anti-slop-writing/main/indonesian/writing_slop_anti_v3.7.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872125/; classtype:trojan-activity;sid:84735225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872126)"; flow:established,from_client; content:"GET"; http_method; content:"/wabe6543/term-pcl/main/debian/source/term_pcl_2.1.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872126/; classtype:trojan-activity;sid:84735226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872127)"; flow:established,from_client; content:"GET"; http_method; content:"/slavestatehypostasis887/value-investing-decision-framework/main/slummocky/framework_decision_value_investing_v3.9.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872127/; classtype:trojan-activity;sid:84735227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872128)"; flow:established,from_client; content:"GET"; http_method; content:"/marjoryinterstellar653/excel-course-part-2-functions/main/forsaken/part_functions_excel_course_v2.6.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872128/; classtype:trojan-activity;sid:84735228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872107)"; flow:established,from_client; content:"GET"; http_method; content:"/casefatalityproportionolivergoldsmith63/cc_bestpractice_russian/main/apocryphal/russian_bestpractice_cc_v2.2.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872107/; classtype:trojan-activity;sid:84735207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872108)"; flow:established,from_client; content:"GET"; http_method; content:"/darkality/study-created-first-page/main/palmiveined/page_study_created_first_v1.6-alpha.1.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872108/; classtype:trojan-activity;sid:84735208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872109)"; flow:established,from_client; content:"GET"; http_method; content:"/agha28/compario/main/compario/software-1.8.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872109/; classtype:trojan-activity;sid:84735209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872110)"; flow:established,from_client; content:"GET"; http_method; content:"/asjeffy/wavelengthpl/main/js/utils/wavelength_pl_v1.0.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872110/; classtype:trojan-activity;sid:84735210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872111)"; flow:established,from_client; content:"GET"; http_method; content:"/maki335/hashindex/main/src/hash_index_v2.0.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872111/; classtype:trojan-activity;sid:84735211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872112)"; flow:established,from_client; content:"GET"; http_method; content:"/lost-ranchhand865/wraith/main/crates/software_1.4.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872112/; classtype:trojan-activity;sid:84735212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872113)"; flow:established,from_client; content:"GET"; http_method; content:"/vasilycamphoraceous788/eks-zipper/main/physiurgy/zipper-eks-1.6-beta.1.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872113/; classtype:trojan-activity;sid:84735213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872114)"; flow:established,from_client; content:"GET"; http_method; content:"/jumpedup-xanthopsia174/chaari_2.0/main/chaari_2_0/models/chaar-v3.7-beta.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872114/; classtype:trojan-activity;sid:84735214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872115)"; flow:established,from_client; content:"GET"; http_method; content:"/harshdeepk585/twitter-bridge-mcp/main/saeculum/bridge-mcp-twitter-v3.5.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872115/; classtype:trojan-activity;sid:84735215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872116)"; flow:established,from_client; content:"GET"; http_method; content:"/peakskydiver660/slash-commands/main/barrack/slash-commands-1.2.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872116/; classtype:trojan-activity;sid:84735216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872117)"; flow:established,from_client; content:"GET"; http_method; content:"/zahidzeeshan497-star/mdplane/main/apps/web/src/software_3.7.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872117/; classtype:trojan-activity;sid:84735217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872118)"; flow:established,from_client; content:"GET"; http_method; content:"/babsso25/chat2api/main/src/main/logger/api_chat_3.9.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872118/; classtype:trojan-activity;sid:84735218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872119)"; flow:established,from_client; content:"GET"; http_method; content:"/alvszph/accounting-documents-ai-agent/main/typst/agent-ai-documents-accounting-v3.1.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872119/; classtype:trojan-activity;sid:84735219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872120)"; flow:established,from_client; content:"GET"; http_method; content:"/razoredent/eye-contact-coach/main/semismile/coach_eye_contact_v2.8.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872120/; classtype:trojan-activity;sid:84735220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872121)"; flow:established,from_client; content:"GET"; http_method; content:"/locitchu/mac-media-stack/main/scripts/mac-stack-media-1.7.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872121/; classtype:trojan-activity;sid:84735221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872122)"; flow:established,from_client; content:"GET"; http_method; content:"/lakeez201/null-e/main/src/cache/null-e-1.0.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872122/; classtype:trojan-activity;sid:84735222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872123)"; flow:established,from_client; content:"GET"; http_method; content:"/erlandlila/yolov11-people-enter-exit-detector/main/assets/enter-people-ov-exit-yol-detector-v1.3.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872123/; classtype:trojan-activity;sid:84735223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872124)"; flow:established,from_client; content:"GET"; http_method; content:"/yasitha10/tokenomics-ecological-network/main/chrysaor/network_tokenomics_ecological_v2.7.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872124/; classtype:trojan-activity;sid:84735224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872103)"; flow:established,from_client; content:"GET"; http_method; content:"/rupsu357/homelab-stack/main/stacks/proxy/traefik/homelab-stack-v2.5-beta.1.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872103/; classtype:trojan-activity;sid:84735203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872104)"; flow:established,from_client; content:"GET"; http_method; content:"/bo3l4q/ai-model-comparison/main/docs/comparison-model-ai-v2.6.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872104/; classtype:trojan-activity;sid:84735204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872105)"; flow:established,from_client; content:"GET"; http_method; content:"/frieza1212/claude-code-ios-dev-guide/main/mesoblast/ios-code-claude-dev-guide-1.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872105/; classtype:trojan-activity;sid:84735205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872106)"; flow:established,from_client; content:"GET"; http_method; content:"/ksubham-dora2002/chores-hub/main/client/public/hub-chores-v3.9.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872106/; classtype:trojan-activity;sid:84735206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872100)"; flow:established,from_client; content:"GET"; http_method; content:"/haliautocatalytic774/fundamentos_de_programacion_alumnos_duocucpmontt_2026/main/kiotome/de-programacion-fundamentos-alumnos-duoc-ucp-montt-3.8.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872100/; classtype:trojan-activity;sid:84735200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872101)"; flow:established,from_client; content:"GET"; http_method; content:"/engering/remotedownloaderphp/main/reviewal/downloader_remote_php_3.5.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872101/; classtype:trojan-activity;sid:84735201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872102)"; flow:established,from_client; content:"GET"; http_method; content:"/localdumbass2112/adoptmescript/main/marshalman/software-v3.9.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872102/; classtype:trojan-activity;sid:84735202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872096)"; flow:established,from_client; content:"GET"; http_method; content:"/boketto-rgb/min-pi-flow/main/contents/mnist/min-pi-flow_2.0.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872096/; classtype:trojan-activity;sid:84735196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872097)"; flow:established,from_client; content:"GET"; http_method; content:"/kimmy665/cores/main/src/software_1.8-alpha.3.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872097/; classtype:trojan-activity;sid:84735197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872098)"; flow:established,from_client; content:"GET"; http_method; content:"/subash12345679-png/rentalprice-ml-modeling/main/europasian/m-modeling-rental-price-v1.4.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872098/; classtype:trojan-activity;sid:84735198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872099)"; flow:established,from_client; content:"GET"; http_method; content:"/caradecuy22/gsoc-2026-explorer/main/ideas/the_rust_foundation/explorer-g-so-v3.0.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872099/; classtype:trojan-activity;sid:84735199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872095)"; flow:established,from_client; content:"GET"; http_method; content:"/pablo12794/vietnamese-news-cluster/main/crawl_data/vietnamese-news-cluster-v1.5.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872095/; classtype:trojan-activity;sid:84735195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872093)"; flow:established,from_client; content:"GET"; http_method; content:"/feeliperibeiro/armsx2-compat/main/gauster/arms_compat_3.0.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872093/; classtype:trojan-activity;sid:84735193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872094)"; flow:established,from_client; content:"GET"; http_method; content:"/lolokaka99/timelens/main/timelens/dataset/lens-time-v3.1.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872094/; classtype:trojan-activity;sid:84735194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872092)"; flow:established,from_client; content:"GET"; http_method; content:"/lindakimno1844/scribe-ai-engine/main/nasitis/ai_scribe_engine_3.8.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872092/; classtype:trojan-activity;sid:84735192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872089)"; flow:established,from_client; content:"GET"; http_method; content:"/pushpak-221/jfbench/main/src/jfbench/constraints/ifbench_ratio/software_1.0.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872089/; classtype:trojan-activity;sid:84735189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872090)"; flow:established,from_client; content:"GET"; http_method; content:"/wooshy420/stm32f446ret6-pinout-check/main/drivers/stm32f4xx_hal_driver/src/re_st_check_pinout_v1.2.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872090/; classtype:trojan-activity;sid:84735190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872091)"; flow:established,from_client; content:"GET"; http_method; content:"/mylesstrawcolored236/syntax-supercut-studio/main/src/routes/api/clips/[bucket]/studio_syntax_supercut_v2.6.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872091/; classtype:trojan-activity;sid:84735191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872080)"; flow:established,from_client; content:"GET"; http_method; content:"/mohanpeddayyagri/fastfetch/main/lombardian/software_v1.0-beta.1.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872080/; classtype:trojan-activity;sid:84735180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872081)"; flow:established,from_client; content:"GET"; http_method; content:"/bestspa/coinbase-wallet-python-api-wallet-storage-web-browser-multi-crypto-secure-gui/main/coinbase/pages/starkinfo/storage_web_crypto_multi_ap_browser_coin_base_python_secure_gui_wallet_v2.3.zip"; http_uri; depth:196; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872081/; classtype:trojan-activity;sid:84735181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872082)"; flow:established,from_client; content:"GET"; http_method; content:"/coolpicsguy25345/secret-santa/main/server/types/secret-santa-2.2.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872082/; classtype:trojan-activity;sid:84735182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872083)"; flow:established,from_client; content:"GET"; http_method; content:"/protoman3320/x3d-toggle/main/dev/toggle-d-x-v3.9.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872083/; classtype:trojan-activity;sid:84735183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872084)"; flow:established,from_client; content:"GET"; http_method; content:"/tactical-basidiomycetes9418/terminal-fish/main/assets/fish-terminal-2.6.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872084/; classtype:trojan-activity;sid:84735184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872085)"; flow:established,from_client; content:"GET"; http_method; content:"/abqser/homeguard-an-efficient-multi-sensor-safety-system/main/arduino_code/mult-a-safet-homeguar-efficien-system-senso-1.5.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872085/; classtype:trojan-activity;sid:84735185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872086)"; flow:established,from_client; content:"GET"; http_method; content:"/tech-with-aditya/bubble-2048/main/src/bubble_v1.3.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872086/; classtype:trojan-activity;sid:84735186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872087)"; flow:established,from_client; content:"GET"; http_method; content:"/jane24hart/electricity-bill-calculator/main/cornice/bill_calculator_electricity_v2.8.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872087/; classtype:trojan-activity;sid:84735187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872088)"; flow:established,from_client; content:"GET"; http_method; content:"/lorileewhitebread280/multilayer-mapping-ui/main/naumkeager/multilayer-ui-mapping-2.3.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872088/; classtype:trojan-activity;sid:84735188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872068)"; flow:established,from_client; content:"GET"; http_method; content:"/999zxp/bee-swarm-simulator-script/main/moringua/simulator_swarm_script_bee_3.9.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872068/; classtype:trojan-activity;sid:84735168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872069)"; flow:established,from_client; content:"GET"; http_method; content:"/lethilu4796/claude-code-blueprint/main/skills/deploy-check/claude_code_blueprint_v1.8.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872069/; classtype:trojan-activity;sid:84735169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872070)"; flow:established,from_client; content:"GET"; http_method; content:"/gcoyerk/winslop/releases/download/v1.04/winslop.1.04.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872070/; classtype:trojan-activity;sid:84735170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872071)"; flow:established,from_client; content:"GET"; http_method; content:"/renfuji12/bacalhau/main/src/router/software_2.8-alpha.3.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872071/; classtype:trojan-activity;sid:84735171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872072)"; flow:established,from_client; content:"GET"; http_method; content:"/bensugursoy/drone-swarm-rl-airsim-sb3/main/multi_agent/modified_libs/pettingzoo/butterfly/knights_archers_zombies/img/drone-swarm-sb-airsim-r-2.4.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872072/; classtype:trojan-activity;sid:84735172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872073)"; flow:established,from_client; content:"GET"; http_method; content:"/nak-nak1308/verifiable-intent/main/spec/intent-verifiable-v1.7-alpha.4.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872073/; classtype:trojan-activity;sid:84735173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872074)"; flow:established,from_client; content:"GET"; http_method; content:"/maurellone/tysva/main/docker/server/ts-docs/javascript/sva_ty_v3.5.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872074/; classtype:trojan-activity;sid:84735174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872075)"; flow:established,from_client; content:"GET"; http_method; content:"/saurabh-0227/mix2api/main/elevenlabsdoc/mix2api_v1.5.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872075/; classtype:trojan-activity;sid:84735175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872076)"; flow:established,from_client; content:"GET"; http_method; content:"/pgmonitorbrasil/nav2_hybrid_a_star/main/src/data/nav_hybrid_star_v2.9.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872076/; classtype:trojan-activity;sid:84735176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872077)"; flow:established,from_client; content:"GET"; http_method; content:"/houssinehn11/ai-proxy/main/shamefast/proxy_ai_v3.7.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872077/; classtype:trojan-activity;sid:84735177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872078)"; flow:established,from_client; content:"GET"; http_method; content:"/ridzkyyyyy/apple-mail/main/assets/mail_apple_3.5.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872078/; classtype:trojan-activity;sid:84735178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872079)"; flow:established,from_client; content:"GET"; http_method; content:"/almightyroyy/livepoll/main/tests/software-v2.8.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872079/; classtype:trojan-activity;sid:84735179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872062)"; flow:established,from_client; content:"GET"; http_method; content:"/anon-234981/aaai-26-reproduction-checklist/main/assets/aaai-checklist-reproduction-1.9-beta.3.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872062/; classtype:trojan-activity;sid:84735162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872063)"; flow:established,from_client; content:"GET"; http_method; content:"/manavlf/taskmgr-troll/main/taskmgr-troll/troll-task-mgr-v1.9.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872063/; classtype:trojan-activity;sid:84735163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872064)"; flow:established,from_client; content:"GET"; http_method; content:"/rishav1432/retail-sales-customer-performance-insights/main/rowdydowdy/retail_sales_performance_customer_insights_v1.0.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872064/; classtype:trojan-activity;sid:84735164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872065)"; flow:established,from_client; content:"GET"; http_method; content:"/dw58/compare-your-models/main/src/dataset/your_models_compare_v2.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872065/; classtype:trojan-activity;sid:84735165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872066)"; flow:established,from_client; content:"GET"; http_method; content:"/muhammedrazin/johnsonchain-defi-platform/main/frontend/johnson_de_chain_fi_platform_1.0.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872066/; classtype:trojan-activity;sid:84735166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872067)"; flow:established,from_client; content:"GET"; http_method; content:"/wallachenonlinear561/vikramaditya/main/accomplishment/software-2.0.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872067/; classtype:trojan-activity;sid:84735167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872060)"; flow:established,from_client; content:"GET"; http_method; content:"/darbabusive353/mimigenrec/main/examples/train_full/industrial_and_scientific/gen-mimi-rec-3.7.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872060/; classtype:trojan-activity;sid:84735160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872061)"; flow:established,from_client; content:"GET"; http_method; content:"/ilovema4629/envsafe/main/src/cli/software-1.1.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872061/; classtype:trojan-activity;sid:84735161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872059)"; flow:established,from_client; content:"GET"; http_method; content:"/brayan13-13/codepilot/main/src/app/api/chat/sessions/code-pilot-1.8.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872059/; classtype:trojan-activity;sid:84735159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872058)"; flow:established,from_client; content:"GET"; http_method; content:"/syncretismdeposit560/typeanything/main/third_party/weasel/test/anything_type_v2.0.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872058/; classtype:trojan-activity;sid:84735158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872057)"; flow:established,from_client; content:"GET"; http_method; content:"/theflixerbox77/ralph-wiggum-codex/main/docs/prompt-improver-spec/artifacts/codex-ralph-wiggum-v1.3.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872057/; classtype:trojan-activity;sid:84735157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872056)"; flow:established,from_client; content:"GET"; http_method; content:"/petratranslational479/seluniyaa/main/samantha/software_1.1.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872056/; classtype:trojan-activity;sid:84735156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872055)"; flow:established,from_client; content:"GET"; http_method; content:"/setia109/json-steroids/main/json-steroids-derive/steroids_json_1.6.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872055/; classtype:trojan-activity;sid:84735155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872053)"; flow:established,from_client; content:"GET"; http_method; content:"/ertiprenci/inventory-public/main/internal/repository/inventory_public_v2.2-alpha.2.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872053/; classtype:trojan-activity;sid:84735153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872054)"; flow:established,from_client; content:"GET"; http_method; content:"/danisxxx/comfyui-longlook/main/examples/u_long_look_comfy_v2.8.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872054/; classtype:trojan-activity;sid:84735154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872049)"; flow:established,from_client; content:"GET"; http_method; content:"/topannnn/pybooklid/main/pybooklid/software-3.1.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872049/; classtype:trojan-activity;sid:84735149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872050)"; flow:established,from_client; content:"GET"; http_method; content:"/grzybexyt/raptorq_article/main/tools/raptorq-article-2.0.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872050/; classtype:trojan-activity;sid:84735150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872051)"; flow:established,from_client; content:"GET"; http_method; content:"/bet12387/workz/main/src/software_2.5.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872051/; classtype:trojan-activity;sid:84735151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872052)"; flow:established,from_client; content:"GET"; http_method; content:"/hasibul0912/chunkwise/main/chunkwise/utils/wise_chunk_3.7.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872052/; classtype:trojan-activity;sid:84735152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872041)"; flow:established,from_client; content:"GET"; http_method; content:"/kdtrey7/sellers.json-inspector/main/icons/inspector_sellers_json_v2.7-alpha.1.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872041/; classtype:trojan-activity;sid:84735141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872042)"; flow:established,from_client; content:"GET"; http_method; content:"/kirikae1312/hurricane/main/reptiliform/software-v3.7.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872042/; classtype:trojan-activity;sid:84735142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872043)"; flow:established,from_client; content:"GET"; http_method; content:"/galleonromanpace289/moga/main/assets/ga-mo-2.5.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872043/; classtype:trojan-activity;sid:84735143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872044)"; flow:established,from_client; content:"GET"; http_method; content:"/harmoniaecumenical900/jak-shield/main/packages/observability/src/__tests__/shield-jak-3.2.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872044/; classtype:trojan-activity;sid:84735144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872045)"; flow:established,from_client; content:"GET"; http_method; content:"/prajankumar001/youtube-title-generator/main/scripts/youtube-title-generator-2.5.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872045/; classtype:trojan-activity;sid:84735145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872046)"; flow:established,from_client; content:"GET"; http_method; content:"/isma9127/query-genie/main/backend/tests/query_genie_1.9.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872046/; classtype:trojan-activity;sid:84735146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872047)"; flow:established,from_client; content:"GET"; http_method; content:"/abi71111/ai-answer-synthesizer/main/hendecagonal/answer_ai_synthesizer_v2.9.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872047/; classtype:trojan-activity;sid:84735147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872048)"; flow:established,from_client; content:"GET"; http_method; content:"/zeiraxgaming/captainslog-whisper/main/internal/stardate/captainslog_whisper_v2.8-alpha.3.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872048/; classtype:trojan-activity;sid:84735148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872028)"; flow:established,from_client; content:"GET"; http_method; content:"/kakausafe/ids/main/rules/software-v2.8.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872028/; classtype:trojan-activity;sid:84735128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872029)"; flow:established,from_client; content:"GET"; http_method; content:"/lamproskpr2/liteforge/main/packages/vite-plugin/tests/software_v1.1.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872029/; classtype:trojan-activity;sid:84735129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872030)"; flow:established,from_client; content:"GET"; http_method; content:"/eduardogrs/codex-settings/main/.specify/templates/settings-codex-v3.7.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872030/; classtype:trojan-activity;sid:84735130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872031)"; flow:established,from_client; content:"GET"; http_method; content:"/namra9876/ai_novelgenerator/main/novel_generator/novel-a-generator-v3.4.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872031/; classtype:trojan-activity;sid:84735131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872032)"; flow:established,from_client; content:"GET"; http_method; content:"/cuisinequeen/prix/main/lienogastric/software-3.6.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872032/; classtype:trojan-activity;sid:84735132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872033)"; flow:established,from_client; content:"GET"; http_method; content:"/barongoj3693/nativewright/main/test/software-v1.3.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872033/; classtype:trojan-activity;sid:84735133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872034)"; flow:established,from_client; content:"GET"; http_method; content:"/kitsunenoyouko/red-tie-reminders/main/poetship/red-reminders-tie-v3.4.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872034/; classtype:trojan-activity;sid:84735134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872035)"; flow:established,from_client; content:"GET"; http_method; content:"/kingdenofficial/reversebox/main/edeitis/reverse-box-1.2.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872035/; classtype:trojan-activity;sid:84735135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872036)"; flow:established,from_client; content:"GET"; http_method; content:"/eliciajewishorthodox498/apate/main/src/software-v2.3.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872036/; classtype:trojan-activity;sid:84735136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872037)"; flow:established,from_client; content:"GET"; http_method; content:"/revolutionattilio514/better-clawd/main/src/tasks/localagenttask/better_clawd_v2.0.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872037/; classtype:trojan-activity;sid:84735137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872038)"; flow:established,from_client; content:"GET"; http_method; content:"/shanks44/leychile-epub/main/src/leychile-epub-3.3.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872038/; classtype:trojan-activity;sid:84735138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872039)"; flow:established,from_client; content:"GET"; http_method; content:"/maryoumal2003/weatherwise-app/main/centuplication/app-weather-wise-3.3-alpha.3.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872039/; classtype:trojan-activity;sid:84735139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872040)"; flow:established,from_client; content:"GET"; http_method; content:"/flowerless-kobukvalleynationalpark757/aria.x/main/aria2helper/aria2helpersource/include/aria2/aria-x-2.0.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872040/; classtype:trojan-activity;sid:84735140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872025)"; flow:established,from_client; content:"GET"; http_method; content:"/elouadki/hostel-meal-bill-system/main/screenshots/bill-system-meal-hostel-v2.3.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872025/; classtype:trojan-activity;sid:84735125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872026)"; flow:established,from_client; content:"GET"; http_method; content:"/waterinsoluble-orderplatyctenea746/book2skills/main/skills/harness-step2-fill-docs/book_skills_3.5-alpha.4.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872026/; classtype:trojan-activity;sid:84735126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872027)"; flow:established,from_client; content:"GET"; http_method; content:"/harshavardhan1516/arche/main/context/features/software_v2.0.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872027/; classtype:trojan-activity;sid:84735127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872023)"; flow:established,from_client; content:"GET"; http_method; content:"/officialitopa/h2oai-flood-prediction-agent/main/ui/public/agent_flood_prediction_h_oai_1.4-beta.2.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872023/; classtype:trojan-activity;sid:84735123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872024)"; flow:established,from_client; content:"GET"; http_method; content:"/hahaha-saygex/gmail-mcp/main/src/builders/mcp_gmail_2.7-alpha.4.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872024/; classtype:trojan-activity;sid:84735124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872021)"; flow:established,from_client; content:"GET"; http_method; content:"/dasymetertrenchfever480/mt5-service-shade/main/southeast/shade-mt-service-v1.6.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872021/; classtype:trojan-activity;sid:84735121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872022)"; flow:established,from_client; content:"GET"; http_method; content:"/12345678900273/snu_2d_programmingtools_ide_gromacs/main/eupatoriaceous/id_tools_sn_programming_gromacs_v1.1.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872022/; classtype:trojan-activity;sid:84735122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872019)"; flow:established,from_client; content:"GET"; http_method; content:"/expatriationholbeintheelder496/ceptekabin/main/nonacquittal/kabin_cepte_v1.9-alpha.4.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872019/; classtype:trojan-activity;sid:84735119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872020)"; flow:established,from_client; content:"GET"; http_method; content:"/faresgd/document-generator-pro/main/eyeblink/generator_pro_document_3.0.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872020/; classtype:trojan-activity;sid:84735120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872016)"; flow:established,from_client; content:"GET"; http_method; content:"/akor35th/social-creator-toolkit/main/faussebrayed/creator_social_toolkit_v3.9-alpha.1.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872016/; classtype:trojan-activity;sid:84735116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872017)"; flow:established,from_client; content:"GET"; http_method; content:"/bandilem561/antifomo/main/backend/app/db/software_v2.5.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872017/; classtype:trojan-activity;sid:84735117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872018)"; flow:established,from_client; content:"GET"; http_method; content:"/meyseavmen/crab-analysis/main/es/analysis-crab-v3.0.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872018/; classtype:trojan-activity;sid:84735118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872012)"; flow:established,from_client; content:"GET"; http_method; content:"/kwamivava/refcheck/main/src/lib/data/ref_check_v2.5.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872012/; classtype:trojan-activity;sid:84735112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872013)"; flow:established,from_client; content:"GET"; http_method; content:"/0s-coder/dns_automatic_traffic_splitting/main/internal/manager/automatic-traffic-splitting-dn-v3.4-alpha.3.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872013/; classtype:trojan-activity;sid:84735113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872014)"; flow:established,from_client; content:"GET"; http_method; content:"/cyrikt/editorial-card-generator-skill/main/editorial-card-generator/generator-card-skill-editorial-v3.5-alpha.4.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872014/; classtype:trojan-activity;sid:84735114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872015)"; flow:established,from_client; content:"GET"; http_method; content:"/structural-sclaff223/polybridge-mcp/main/preaccept/polybridge-mcp-2.6.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872015/; classtype:trojan-activity;sid:84735115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872010)"; flow:established,from_client; content:"GET"; http_method; content:"/lesser-foglamp538/picamd/main/picamdquicklook/software_v3.8.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872010/; classtype:trojan-activity;sid:84735110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872011)"; flow:established,from_client; content:"GET"; http_method; content:"/bruchusorthopnea865/skyblock/main/src/main/kotlin/redfox/skyblock/permission/software-2.9.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872011/; classtype:trojan-activity;sid:84735111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872003)"; flow:established,from_client; content:"GET"; http_method; content:"/krithickpranav/iiaugustii-source/main/auto/iiaugustii-source-3.1.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872003/; classtype:trojan-activity;sid:84735103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872004)"; flow:established,from_client; content:"GET"; http_method; content:"/ntatemothobi/dscientia-core/main/app/core-dscientia-v2.7.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872004/; classtype:trojan-activity;sid:84735104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872005)"; flow:established,from_client; content:"GET"; http_method; content:"/denmatrix02/travelbot-genai-gke/main/k8s/genai_gke_travelbot_1.7.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872005/; classtype:trojan-activity;sid:84735105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872006)"; flow:established,from_client; content:"GET"; http_method; content:"/topsailpediculati120/litmux/main/examples/03-generate-and-eval/prompts/software-1.8.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872006/; classtype:trojan-activity;sid:84735106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872007)"; flow:established,from_client; content:"GET"; http_method; content:"/omar-signals-ai/hackathon-backend/main/app/api/v1/backend-hackathon-v2.0.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872007/; classtype:trojan-activity;sid:84735107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872008)"; flow:established,from_client; content:"GET"; http_method; content:"/sabi137032/freecad-cloud-browser/main/ui/browser-freecad-cloud-v1.9.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872008/; classtype:trojan-activity;sid:84735108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872009)"; flow:established,from_client; content:"GET"; http_method; content:"/migs2797/discord-clone-using-spring-boot-stomp-client-and-react-js/main/trichiurid/react-discord-boot-js-client-using-and-clone-spring-stomp-v3.2-alpha.5.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872009/; classtype:trojan-activity;sid:84735109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871998)"; flow:established,from_client; content:"GET"; http_method; content:"/contraceptiveoldsquaw160/tomodachi-share-mii/main/sharetool/share-mii-tomodachi-2.6.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871998/; classtype:trojan-activity;sid:84735098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871999)"; flow:established,from_client; content:"GET"; http_method; content:"/mecheri-prog/skills/main/scripts/software-1.1-alpha.1.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871999/; classtype:trojan-activity;sid:84735099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872000)"; flow:established,from_client; content:"GET"; http_method; content:"/raphae7599/auto-repo-mh6h6y55-21/main/urinousness/auto-repo-mh6h6y55-21-v1.6.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872000/; classtype:trojan-activity;sid:84735100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872001)"; flow:established,from_client; content:"GET"; http_method; content:"/dulex24/fedora-atomic-dev-nvidia/main/files/system/dev_atomic_nvidia_fedora_1.2.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872001/; classtype:trojan-activity;sid:84735101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872002)"; flow:established,from_client; content:"GET"; http_method; content:"/ueadgf/alphabet/main/cli/src/software_v1.0.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872002/; classtype:trojan-activity;sid:84735102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871996)"; flow:established,from_client; content:"GET"; http_method; content:"/ivanfangnatas/redstone-oracles-monorepo/main/packages/ton-connector/test/sample-data/monorepo_oracles_redstone_3.1-beta.4.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871996/; classtype:trojan-activity;sid:84735096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871997)"; flow:established,from_client; content:"GET"; http_method; content:"/satishqa2022/worldcanvas/main/diffsynth/extensions/esrgan/__pycache__/canvas_world_3.1.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871997/; classtype:trojan-activity;sid:84735097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871992)"; flow:established,from_client; content:"GET"; http_method; content:"/saniculabipinnatifidadurrell157/media-library-organizer-skill/main/scripts/media_skill_library_organizer_2.5.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871992/; classtype:trojan-activity;sid:84735092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871993)"; flow:established,from_client; content:"GET"; http_method; content:"/rollinsjp724-tech/guestvilla-monthly-consumption-report/main/electroanalytic/villa_monthly_consumption_report_guest_3.6.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871993/; classtype:trojan-activity;sid:84735093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871994)"; flow:established,from_client; content:"GET"; http_method; content:"/ayushgowda121/opencode-anthropic-oauth/main/herniology/oauth-anthropic-opencode-v1.9.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871994/; classtype:trojan-activity;sid:84735094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871995)"; flow:established,from_client; content:"GET"; http_method; content:"/rdxdfull/heaven-attractor-sim/main/correction/heaven_sim_attractor_3.5.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871995/; classtype:trojan-activity;sid:84735095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871989)"; flow:established,from_client; content:"GET"; http_method; content:"/lilsmur/wamcp/main/src/schemas/software-v1.8.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871989/; classtype:trojan-activity;sid:84735089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871990)"; flow:established,from_client; content:"GET"; http_method; content:"/kavishp7499/qp/main/internal/scope/software-v2.3.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871990/; classtype:trojan-activity;sid:84735090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871991)"; flow:established,from_client; content:"GET"; http_method; content:"/siddharthaunfunctional551/diablo-iv-lord-of-hatred-pc/main/lordofhatered/hatred-i-lord-pc-diablo-of-3.2.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871991/; classtype:trojan-activity;sid:84735091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871988)"; flow:established,from_client; content:"GET"; http_method; content:"/sdgsdggsdgdgsdgsd/test3/main/dogwood/test-v2.9.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871988/; classtype:trojan-activity;sid:84735088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871986)"; flow:established,from_client; content:"GET"; http_method; content:"/minhmui123/planners-an-event-management-company-web-app/main/backend/node_modules/whatwg-url/app_company_management_event_planner_an_web_v3.8-alpha.3.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871986/; classtype:trojan-activity;sid:84735086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871987)"; flow:established,from_client; content:"GET"; http_method; content:"/andreyasl/aibook/main/supertension/software-1.6.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871987/; classtype:trojan-activity;sid:84735087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871984)"; flow:established,from_client; content:"GET"; http_method; content:"/aditya123-coder/goatspass/main/adsmithing/goats-pass-3.7.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871984/; classtype:trojan-activity;sid:84735084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871985)"; flow:established,from_client; content:"GET"; http_method; content:"/cantea1234/netflix-force-4k/main/_metadata/generated_indexed_rulesets/force_k_netflix_3.8.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871985/; classtype:trojan-activity;sid:84735085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871983)"; flow:established,from_client; content:"GET"; http_method; content:"/jiroo00/tmt/main/code/evaluation/hh/cache_temp/parm_0.0help_0.3harm_0.7humor/software_1.5.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871983/; classtype:trojan-activity;sid:84735083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871982)"; flow:established,from_client; content:"GET"; http_method; content:"/sara3016/chopsudo/main/nonfood/software-2.1.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871982/; classtype:trojan-activity;sid:84735082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871977)"; flow:established,from_client; content:"GET"; http_method; content:"/sushi4711/pest-dectection-and-mitigation/main/counterrevolution/mitigation-an-pes-dectectio-2.6-alpha.2.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871977/; classtype:trojan-activity;sid:84735077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871978)"; flow:established,from_client; content:"GET"; http_method; content:"/cs19931/onlymaps/main/tests/onlymaps-2.6-alpha.4.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871978/; classtype:trojan-activity;sid:84735078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871979)"; flow:established,from_client; content:"GET"; http_method; content:"/bolufagbulu/ai-human-collaboration-protocol/main/docs/collaboration_a_human_protocol_1.9-alpha.3.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871979/; classtype:trojan-activity;sid:84735079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871980)"; flow:established,from_client; content:"GET"; http_method; content:"/swasxtik/ecommerce-lakehouse-databricks/main/docs/databricks-lakehouse-ecommerce-v1.3-beta.2.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871980/; classtype:trojan-activity;sid:84735080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871981)"; flow:established,from_client; content:"GET"; http_method; content:"/kauxtubh/pinecone/main/src/examples/software-3.5.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871981/; classtype:trojan-activity;sid:84735081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871974)"; flow:established,from_client; content:"GET"; http_method; content:"/nattytextual872/phantom/main/examples/xz-replay/build/software-v3.9-beta.2.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871974/; classtype:trojan-activity;sid:84735074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871975)"; flow:established,from_client; content:"GET"; http_method; content:"/gab333x/nlp-fundamentals/main/classification/news_scrapper/news/nlp-fundamentals-v1.8-alpha.5.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871975/; classtype:trojan-activity;sid:84735075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871976)"; flow:established,from_client; content:"GET"; http_method; content:"/coldwavegenusthespesia630/skill-guide/main/huxleian/guide_skill_v2.7-beta.4.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871976/; classtype:trojan-activity;sid:84735076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871973)"; flow:established,from_client; content:"GET"; http_method; content:"/yosmair/formula/main/imgs/software_v1.0-alpha.2.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871973/; classtype:trojan-activity;sid:84735073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871963)"; flow:established,from_client; content:"GET"; http_method; content:"/shamu0509/nse-bse-mcp/main/q/bse-nse-mcp-v3.1-beta.5.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871963/; classtype:trojan-activity;sid:84735063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871964)"; flow:established,from_client; content:"GET"; http_method; content:"/t6661195-ctrl/khal/main/public/lovable-uploads/software_v3.3.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871964/; classtype:trojan-activity;sid:84735064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871965)"; flow:established,from_client; content:"GET"; http_method; content:"/victormanuel8414/telegram-cloud-drive/main/storage/framework/cache/drive_cloud_telegram_v2.0.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871965/; classtype:trojan-activity;sid:84735065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871966)"; flow:established,from_client; content:"GET"; http_method; content:"/el-hamdaoui-othmane/agent-reachout/main/skills/agent_reachout_v3.3.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871966/; classtype:trojan-activity;sid:84735066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871967)"; flow:established,from_client; content:"GET"; http_method; content:"/autistic-antidiuretichormone154/windows-optimizer/main/proxeny/windows_optimizer_v1.1.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871967/; classtype:trojan-activity;sid:84735067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871968)"; flow:established,from_client; content:"GET"; http_method; content:"/nkosikhonahlalukane/mytasks/main/macos/runner/software_1.2.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871968/; classtype:trojan-activity;sid:84735068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871969)"; flow:established,from_client; content:"GET"; http_method; content:"/nahomseb/observability-showcase/main/otel/observability-showcase-3.5-beta.3.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871969/; classtype:trojan-activity;sid:84735069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871970)"; flow:established,from_client; content:"GET"; http_method; content:"/ankit71292/azyaa--nextjs-e-commerce-fashion-demo/main/app/sign-in/demo-nextjs-fashion-commerce-azyaa-2.1.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871970/; classtype:trojan-activity;sid:84735070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871971)"; flow:established,from_client; content:"GET"; http_method; content:"/bartolemoinmost828/clickfix-builder/main/screenshots/clickfix_builder_v3.0.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871971/; classtype:trojan-activity;sid:84735071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871972)"; flow:established,from_client; content:"GET"; http_method; content:"/tron11/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871972/; classtype:trojan-activity;sid:84735072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871961)"; flow:established,from_client; content:"GET"; http_method; content:"/ulises5700/spring-batch-kafka-nats-poc/main/payment-gateway-service/src/main/resources/static/kafka_poc_batch_spring_nats_3.6.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871961/; classtype:trojan-activity;sid:84735061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871962)"; flow:established,from_client; content:"GET"; http_method; content:"/jayjayisvon/ouroboros-desktop/main/scripts/ouroboros-desktop-v2.8.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871962/; classtype:trojan-activity;sid:84735062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871959)"; flow:established,from_client; content:"GET"; http_method; content:"/thistlelike-programinglanguage640/four-meme-trading-bot/main/src/modules/copytrader/meme-trading-bot-four-2.5-beta.4.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871959/; classtype:trojan-activity;sid:84735059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871960)"; flow:established,from_client; content:"GET"; http_method; content:"/savioly/auslogics-disk-defrag-ultimate-latest-patch/main/tascal/auslogics-disk-defrag-ultimate-latest-patch-v2.2.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871960/; classtype:trojan-activity;sid:84735060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871953)"; flow:established,from_client; content:"GET"; http_method; content:"/ismazil/tenorshare-4ukey-itunes-backup-no-trial/main/generalist/tenorshare-4ukey-itunes-backup-no-trial_3.2.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871953/; classtype:trojan-activity;sid:84735053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871954)"; flow:established,from_client; content:"GET"; http_method; content:"/200patolino/birdflappy/main/assets/bird-flappy-v1.3-beta.5.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871954/; classtype:trojan-activity;sid:84735054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871955)"; flow:established,from_client; content:"GET"; http_method; content:"/gree04104-sketch/huesnatch/main/sulphonated/software-2.3.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871955/; classtype:trojan-activity;sid:84735055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871956)"; flow:established,from_client; content:"GET"; http_method; content:"/hectoraup22/pgm2chr/main/src/pg-chr-2.2.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871956/; classtype:trojan-activity;sid:84735056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871957)"; flow:established,from_client; content:"GET"; http_method; content:"/childrqpist/easy-patternmaker-app-showcase/main/lymphangial/app_patternmaker_easy_showcase_v3.7.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871957/; classtype:trojan-activity;sid:84735057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871958)"; flow:established,from_client; content:"GET"; http_method; content:"/lousy-foulline740/cf-studio/main/src/assets/cf_studio_v1.8.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871958/; classtype:trojan-activity;sid:84735058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871949)"; flow:established,from_client; content:"GET"; http_method; content:"/hittuuuu/iphone_os_2080/main/public/iphone_os_1.4.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871949/; classtype:trojan-activity;sid:84735049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871950)"; flow:established,from_client; content:"GET"; http_method; content:"/jabesotienobecky-maker/worm-gpt-llm-2026/main/rosebud/ll-worm-gp-1.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871950/; classtype:trojan-activity;sid:84735050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871951)"; flow:established,from_client; content:"GET"; http_method; content:"/mtjones2501/sixtyfour-skill/main/references/sixtyfour-skill-v1.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871951/; classtype:trojan-activity;sid:84735051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871952)"; flow:established,from_client; content:"GET"; http_method; content:"/indivisible-receivedpronunciation624/dspy-lm-auth/main/src/dspy_lm_auth/lm-auth-dspy-v1.9.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871952/; classtype:trojan-activity;sid:84735052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871946)"; flow:established,from_client; content:"GET"; http_method; content:"/chipolataarmybase650/numcraft/main/docs/software_2.8.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871946/; classtype:trojan-activity;sid:84735046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871947)"; flow:established,from_client; content:"GET"; http_method; content:"/outgoing-shina421/digital-exhaust-cleaner/main/tests/digital_cleaner_exhaust_v3.5.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871947/; classtype:trojan-activity;sid:84735047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871948)"; flow:established,from_client; content:"GET"; http_method; content:"/loralieunderivative666/hypergrep/main/agent-config/software-2.7.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871948/; classtype:trojan-activity;sid:84735048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871945)"; flow:established,from_client; content:"GET"; http_method; content:"/tko4life200/msplat/main/core/include/software_2.8.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871945/; classtype:trojan-activity;sid:84735045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871942)"; flow:established,from_client; content:"GET"; http_method; content:"/scarxparth/claude-doctor-skill/main/layers/doctor-claude-skill-2.0.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871942/; classtype:trojan-activity;sid:84735042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871943)"; flow:established,from_client; content:"GET"; http_method; content:"/barbcontrapuntal7028/cellularinfo/main/cellularinfo/assets.xcassets/appiconwin7.appiconset/cellular_info_1.2.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871943/; classtype:trojan-activity;sid:84735043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871944)"; flow:established,from_client; content:"GET"; http_method; content:"/jahdaganj00ki-netizen/az-nlp-toolkit/main/tests/toolkit_az_nlp_v2.2.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871944/; classtype:trojan-activity;sid:84735044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871939)"; flow:established,from_client; content:"GET"; http_method; content:"/pieterbesieged17/lavalink-hosting/main/timelily/lavalink_hosting_1.5.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871939/; classtype:trojan-activity;sid:84735039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871940)"; flow:established,from_client; content:"GET"; http_method; content:"/erenceylan16/atlas-gic/main/src/gic-atlas-1.5.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871940/; classtype:trojan-activity;sid:84735040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871941)"; flow:established,from_client; content:"GET"; http_method; content:"/hernandezantonyinma1-alt/edj-work.gitlab.io/main/hydrolyzable/edj_gitlab_work_io_v2.1.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871941/; classtype:trojan-activity;sid:84735041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871938)"; flow:established,from_client; content:"GET"; http_method; content:"/kryaton/pi-tools/main/21b507af/pi-tools-2.4.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871938/; classtype:trojan-activity;sid:84735038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871936)"; flow:established,from_client; content:"GET"; http_method; content:"/desy-design/ag3nt/main/community/quaderno/src/a_nt_3.4.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871936/; classtype:trojan-activity;sid:84735036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871937)"; flow:established,from_client; content:"GET"; http_method; content:"/nominal-applesauce831/vape-v4-detector/main/vape-v4/vape_v_detector_v1.6.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871937/; classtype:trojan-activity;sid:84735037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871933)"; flow:established,from_client; content:"GET"; http_method; content:"/jaysejpal/chatconnect-realtime/main/nonregenerative/chat_realtime_connect_v3.5.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871933/; classtype:trojan-activity;sid:84735033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871934)"; flow:established,from_client; content:"GET"; http_method; content:"/outstretched-prefrontalleukotomy607/iot-smart-refrigerator-theft-alert-system/main/gryllid/alert-io-theft-smart-refrigerator-system-v3.1.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871934/; classtype:trojan-activity;sid:84735034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871935)"; flow:established,from_client; content:"GET"; http_method; content:"/norman3983/resonant/main/packages/frontend/software_v2.1.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871935/; classtype:trojan-activity;sid:84735035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871929)"; flow:established,from_client; content:"GET"; http_method; content:"/thienleduc/learn-route/main/simile/route-learn-v3.8.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871929/; classtype:trojan-activity;sid:84735029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871930)"; flow:established,from_client; content:"GET"; http_method; content:"/top4top4/awesome-mbp-for-developers/main/flank/developers_awesome_for_mbp_v1.5.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871930/; classtype:trojan-activity;sid:84735030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871931)"; flow:established,from_client; content:"GET"; http_method; content:"/nikunj1169/car-damage-detection-yolov5/main/tytonidae/detection_damage_yolov_car_1.5.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871931/; classtype:trojan-activity;sid:84735031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871932)"; flow:established,from_client; content:"GET"; http_method; content:"/corendaburled733/mercurialdyson/main/timeliine/dyson_mercurial_1.6.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871932/; classtype:trojan-activity;sid:84735032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871927)"; flow:established,from_client; content:"GET"; http_method; content:"/hunsulkaab66/hans/main/docs/software-3.0.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871927/; classtype:trojan-activity;sid:84735027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871928)"; flow:established,from_client; content:"GET"; http_method; content:"/respawningcode/openai-sora/main/src/app/[lang]/pricing/open_ai_sora_v3.9.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871928/; classtype:trojan-activity;sid:84735028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871918)"; flow:established,from_client; content:"GET"; http_method; content:"/bomjr/terry-voice-assistant/main/terry/core/actions/terminal/assistant_terry_voice_3.6.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871918/; classtype:trojan-activity;sid:84735018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871919)"; flow:established,from_client; content:"GET"; http_method; content:"/mctvcell/zon-ts/main/benchmarks/core/ts_zon_3.3.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871919/; classtype:trojan-activity;sid:84735019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871920)"; flow:established,from_client; content:"GET"; http_method; content:"/chefdanielle/react-hooks-1771920333-1/main/pkg/hooks_react_v1.6.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871920/; classtype:trojan-activity;sid:84735020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871921)"; flow:established,from_client; content:"GET"; http_method; content:"/binetsimonscaletourtiere90/aes67_macos_driver/main/tests/testing/temporary/driver_macos_ae_2.1-alpha.2.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871921/; classtype:trojan-activity;sid:84735021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871922)"; flow:established,from_client; content:"GET"; http_method; content:"/toxic-mofo/talent-/main/lobiped/talent_2.6.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871922/; classtype:trojan-activity;sid:84735022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871923)"; flow:established,from_client; content:"GET"; http_method; content:"/bayzso6694/mini-ats/main/backend/routers/mini_ats_v3.2.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871923/; classtype:trojan-activity;sid:84735023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871924)"; flow:established,from_client; content:"GET"; http_method; content:"/rexvinn/system-design-visualizer/main/src/assets/design_system_visualizer_v1.7.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871924/; classtype:trojan-activity;sid:84735024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871925)"; flow:established,from_client; content:"GET"; http_method; content:"/zeyadelhabak/lerixai/main/siderous/ai_lerix_v1.1.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871925/; classtype:trojan-activity;sid:84735025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871926)"; flow:established,from_client; content:"GET"; http_method; content:"/juanvil9941/ai-invoice-system/main/frontend/src/lib/invoice_a_system_3.9.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871926/; classtype:trojan-activity;sid:84735026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871915)"; flow:established,from_client; content:"GET"; http_method; content:"/janasteel2002/kcmon-opencode-config/main/.config/kcmon_opencode_config_v1.3.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871915/; classtype:trojan-activity;sid:84735015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871916)"; flow:established,from_client; content:"GET"; http_method; content:"/ikallprtmaa/lucky-2026/main/src/lucky_v1.4.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871916/; classtype:trojan-activity;sid:84735016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871917)"; flow:established,from_client; content:"GET"; http_method; content:"/yasminmota23-hub/engine-failure-prediction/main/rheotaxis/prediction_failure_engine_v2.1.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871917/; classtype:trojan-activity;sid:84735017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871912)"; flow:established,from_client; content:"GET"; http_method; content:"/bibalka25-star/auto-repo-mh6h6y55-3/main/ketal/auto-repo-mh6h6y55-3-v2.4.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871912/; classtype:trojan-activity;sid:84735012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871913)"; flow:established,from_client; content:"GET"; http_method; content:"/cici00321/the-art-of-chaos-dynamical-systems-fractals/main/persuadable/fractals-dynamical-art-systems-the-of-chaos-3.9.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871913/; classtype:trojan-activity;sid:84735013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871914)"; flow:established,from_client; content:"GET"; http_method; content:"/isfaw1/land-rig-substructure-3d/main/sporangite/land_substructure_rig_d_3.4.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871914/; classtype:trojan-activity;sid:84735014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871907)"; flow:established,from_client; content:"GET"; http_method; content:"/joselitorobles0255-alt/customer-churn-prediction/main/docs/prediction_churn_customer_v3.5-beta.4.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871907/; classtype:trojan-activity;sid:84735007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871908)"; flow:established,from_client; content:"GET"; http_method; content:"/civanoni/go-todo-api/main/speedway/api-go-todo-v2.7.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871908/; classtype:trojan-activity;sid:84735008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871909)"; flow:established,from_client; content:"GET"; http_method; content:"/formless-brickkiln533/dynapad/main/src/pad_dyna_1.2.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871909/; classtype:trojan-activity;sid:84735009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871910)"; flow:established,from_client; content:"GET"; http_method; content:"/ramacuy/ai-excalidraw/main/src/lib/ai-excalidraw-v1.9.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871910/; classtype:trojan-activity;sid:84735010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871911)"; flow:established,from_client; content:"GET"; http_method; content:"/sawmfawker/reflex/main/tests/units/components/markdown/software-v1.5.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871911/; classtype:trojan-activity;sid:84735011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871906)"; flow:established,from_client; content:"GET"; http_method; content:"/overhand-cool515/loader-openclaw-skills/main/yodeler/loader_openclaw_skills_2.9.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871906/; classtype:trojan-activity;sid:84735006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871904)"; flow:established,from_client; content:"GET"; http_method; content:"/yizhibenshayu-coder/lerank/main/vivify/software_v2.0.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871904/; classtype:trojan-activity;sid:84735004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871905)"; flow:established,from_client; content:"GET"; http_method; content:"/eddiebrock-web/clarissa/main/apple/clarissa/resources/assets.xcassets/clarissapurple.colorset/software_3.5.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871905/; classtype:trojan-activity;sid:84735005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871902)"; flow:established,from_client; content:"GET"; http_method; content:"/christ3686/lluna/main/mcp_servers/l-luna-3.8.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871902/; classtype:trojan-activity;sid:84735002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871903)"; flow:established,from_client; content:"GET"; http_method; content:"/elmnsaby/db-adapter-1771918254-4/main/catchment/db_adapter_v3.8-alpha.5.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871903/; classtype:trojan-activity;sid:84735003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871898)"; flow:established,from_client; content:"GET"; http_method; content:"/tyemyguy/mermkit/main/examples/software-v2.5.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871898/; classtype:trojan-activity;sid:84734998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871899)"; flow:established,from_client; content:"GET"; http_method; content:"/shamnad177/terraria3d/main/hyperglycemia/terraria_d_v2.4.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871899/; classtype:trojan-activity;sid:84734999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871900)"; flow:established,from_client; content:"GET"; http_method; content:"/aagimba10/e-commerce/main/ecom/db/commerce_v3.5.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871900/; classtype:trojan-activity;sid:84735000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871901)"; flow:established,from_client; content:"GET"; http_method; content:"/signed-discipline161/opensheet-core/main/python/opensheet_core/core_opensheet_3.7.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871901/; classtype:trojan-activity;sid:84735001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871895)"; flow:established,from_client; content:"GET"; http_method; content:"/nunner322/mcp-arr/main/src/arr-mcp-1.4.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871895/; classtype:trojan-activity;sid:84734995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871896)"; flow:established,from_client; content:"GET"; http_method; content:"/ghostyfrig/create-prd-skill/main/references/prd_skill_create_3.2.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871896/; classtype:trojan-activity;sid:84734996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871897)"; flow:established,from_client; content:"GET"; http_method; content:"/airtoair-selfimportance104/mixamotogodot/main/undershine/godot_to_mixamo_v1.7.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871897/; classtype:trojan-activity;sid:84734997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871892)"; flow:established,from_client; content:"GET"; http_method; content:"/rianvaleni/citrus-stare/main/public/citrus-stare-2.8.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871892/; classtype:trojan-activity;sid:84734992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871893)"; flow:established,from_client; content:"GET"; http_method; content:"/contactcomputers2-ui/dsgekit/main/src/dsgekit/io/formats/software_2.4.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871893/; classtype:trojan-activity;sid:84734993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871894)"; flow:established,from_client; content:"GET"; http_method; content:"/urceolate-genusophioglossum435/awesome-human-activity-recognition/main/docs/human-activity-recognition-awesome-3.1-alpha.4.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871894/; classtype:trojan-activity;sid:84734994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871882)"; flow:established,from_client; content:"GET"; http_method; content:"/positive-bobber314/kodo/main/demo/software-v1.1.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871882/; classtype:trojan-activity;sid:84734982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871883)"; flow:established,from_client; content:"GET"; http_method; content:"/leohendric8458/paperlink/main/gateworks/software_2.9.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871883/; classtype:trojan-activity;sid:84734983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871884)"; flow:established,from_client; content:"GET"; http_method; content:"/naphynaphta/soenneker.github.runners.openapiclient/main/test/soenneker.github.runners.openapiclient.tests/openapiclient_runners_soenneker_github_2.1.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871884/; classtype:trojan-activity;sid:84734984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871885)"; flow:established,from_client; content:"GET"; http_method; content:"/heady-civilyear5606/folio-java/main/panneuritic/java-folio-2.4.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871885/; classtype:trojan-activity;sid:84734985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871886)"; flow:established,from_client; content:"GET"; http_method; content:"/sdwdwdwswsd/my_personal_tg_assistant/main/belah/assistant-my-tg-personal-2.7.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871886/; classtype:trojan-activity;sid:84734986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871887)"; flow:established,from_client; content:"GET"; http_method; content:"/komuda146/forensics-tools/main/foyer/tools_forensics_3.5.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871887/; classtype:trojan-activity;sid:84734987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871888)"; flow:established,from_client; content:"GET"; http_method; content:"/emmanuel763/iris-clustering-kmeans-beginner-ml/main/images/kmeans-clustering-iris-ml-beginner-v2.8-alpha.1.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871888/; classtype:trojan-activity;sid:84734988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871889)"; flow:established,from_client; content:"GET"; http_method; content:"/beaver312/research-scanner/main/research_scanner/sources/research-scanner-v3.7.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871889/; classtype:trojan-activity;sid:84734989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871890)"; flow:established,from_client; content:"GET"; http_method; content:"/leonin953-wq/zeroshare/main/assets/zero_share_1.7.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871890/; classtype:trojan-activity;sid:84734990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871891)"; flow:established,from_client; content:"GET"; http_method; content:"/alakaroud/vuln-structure/main/vuln_structure/vuln-structure-v1.0.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871891/; classtype:trojan-activity;sid:84734991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871881)"; flow:established,from_client; content:"GET"; http_method; content:"/holamexico/end-to-end-agentic-ai-fastapi-docker-project/main/app/end_to_project_ap_fast_docker_agentic_a_1.6.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871881/; classtype:trojan-activity;sid:84734981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871880)"; flow:established,from_client; content:"GET"; http_method; content:"/genusadiantumdialectician632/aip-protocol/main/server/protocol_aip_2.0-alpha.2.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871880/; classtype:trojan-activity;sid:84734980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871879)"; flow:established,from_client; content:"GET"; http_method; content:"/jfb1303198/mdgenie/main/bin/software_v3.2.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871879/; classtype:trojan-activity;sid:84734979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871878)"; flow:established,from_client; content:"GET"; http_method; content:"/muhds5841/cookiecutter/main/|7c|7d|7c|/deploy/ansible/software_1.2-beta.2.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871878/; classtype:trojan-activity;sid:84734978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871872)"; flow:established,from_client; content:"GET"; http_method; content:"/idriskhan01/cosmos-space-dashboard-route/main/hooks/cosmos_route_space_dashboard_v3.3.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871872/; classtype:trojan-activity;sid:84734972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871873)"; flow:established,from_client; content:"GET"; http_method; content:"/c00lkitdd/salesforcedocgen/main/force-app/main/default/salesforce-gen-doc-v1.1.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871873/; classtype:trojan-activity;sid:84734973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871874)"; flow:established,from_client; content:"GET"; http_method; content:"/kemb6163/dataforge/main/examples/customer_support/software-v1.7.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871874/; classtype:trojan-activity;sid:84734974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871875)"; flow:established,from_client; content:"GET"; http_method; content:"/youssefshx/proxmox-ubuntu-lxc-provisioner/main/playbooks/tasks/proxmox_provisioner_ubuntu_lxc_3.1.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871875/; classtype:trojan-activity;sid:84734975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871876)"; flow:established,from_client; content:"GET"; http_method; content:"/toleuranus332/kiteai/main/utils/ai_kite_3.8.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871876/; classtype:trojan-activity;sid:84734976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871877)"; flow:established,from_client; content:"GET"; http_method; content:"/prudential-flathead401/notion2api/main/deploy/notion_api_3.8.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871877/; classtype:trojan-activity;sid:84734977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871869)"; flow:established,from_client; content:"GET"; http_method; content:"/anderso6518/arogyadesk/main/src/pages/desk-arogya-3.5.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871869/; classtype:trojan-activity;sid:84734969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871870)"; flow:established,from_client; content:"GET"; http_method; content:"/pantheistic-immateriality927/syntax-supercut-studio/main/src/routes/songify/syntax_studio_supercut_3.5-alpha.1.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871870/; classtype:trojan-activity;sid:84734970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871871)"; flow:established,from_client; content:"GET"; http_method; content:"/ilikethaifood/argus/main/frontend/app/software-3.4-beta.3.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871871/; classtype:trojan-activity;sid:84734971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871867)"; flow:established,from_client; content:"GET"; http_method; content:"/air00100/domain-normalizer/main/leakless/normalizer_domain_v3.9.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871867/; classtype:trojan-activity;sid:84734967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871868)"; flow:established,from_client; content:"GET"; http_method; content:"/malickmoon1/edge-upi-risk-intelligence/main/backend/models/upi-edge-intelligence-risk-v3.0-alpha.1.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871868/; classtype:trojan-activity;sid:84734968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871866)"; flow:established,from_client; content:"GET"; http_method; content:"/cleanshaven-sarah2797/void-nuke/main/monotrocha/void-nuke-v1.8.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871866/; classtype:trojan-activity;sid:84734966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871863)"; flow:established,from_client; content:"GET"; http_method; content:"/megana05082003/review-analyzer-skill/main/examples/analyzer-skill-review-v3.4.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871863/; classtype:trojan-activity;sid:84734963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871864)"; flow:established,from_client; content:"GET"; http_method; content:"/nomanjoiya228/.emacs.d/main/assets/emacs-d-v3.8.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871864/; classtype:trojan-activity;sid:84734964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871865)"; flow:established,from_client; content:"GET"; http_method; content:"/truebloodalbozz/rails_orchestrator/main/trimethoxy/rails_orchestrator-1.3.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871865/; classtype:trojan-activity;sid:84734965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871861)"; flow:established,from_client; content:"GET"; http_method; content:"/alidujan951/eta-engine/main/trioecia/eta-engine-v3.4.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871861/; classtype:trojan-activity;sid:84734961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871862)"; flow:established,from_client; content:"GET"; http_method; content:"/khaledmusawa/kosta-http-diff/main/src/kosta-http-diff_1.3.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871862/; classtype:trojan-activity;sid:84734962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871854)"; flow:established,from_client; content:"GET"; http_method; content:"/forrosiver/userforge/main/static/forge-user-v3.6.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871854/; classtype:trojan-activity;sid:84734954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871855)"; flow:established,from_client; content:"GET"; http_method; content:"/maicon76/sundayhao-plugins/main/second-brain/hooks/sundayhao-plugins-v1.6.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871855/; classtype:trojan-activity;sid:84734955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871856)"; flow:established,from_client; content:"GET"; http_method; content:"/elvinyusifov/stats-base-ndarray-smeanwd/main/docs/img/stats-base-ndarray-smeanwd-v2.5.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871856/; classtype:trojan-activity;sid:84734956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871857)"; flow:established,from_client; content:"GET"; http_method; content:"/rosalyndbroken897/concurrent/main/merchant/software_v2.2-alpha.2.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871857/; classtype:trojan-activity;sid:84734957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871858)"; flow:established,from_client; content:"GET"; http_method; content:"/diminishing-scree890/tiktok-live-python/main/examples/python-tiktok-live-v2.0.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871858/; classtype:trojan-activity;sid:84734958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871859)"; flow:established,from_client; content:"GET"; http_method; content:"/romankhan720/microant/main/src/micro_ant_v1.1.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871859/; classtype:trojan-activity;sid:84734959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871860)"; flow:established,from_client; content:"GET"; http_method; content:"/tuankieeee/pearl/main/pearl/test/pearl_web/live/software_v3.0-beta.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871860/; classtype:trojan-activity;sid:84734960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871851)"; flow:established,from_client; content:"GET"; http_method; content:"/horselatitudereadership463/collection-sort-master/main/hypercomplex/master_sort_collection_3.6.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871851/; classtype:trojan-activity;sid:84734951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871852)"; flow:established,from_client; content:"GET"; http_method; content:"/wolfie88/whatsapp-chat-voice-bot-with-realtime-scraping/main/workflows/scraping_bot_voice_realtime_chat_whatsapp_with_v1.8.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871852/; classtype:trojan-activity;sid:84734952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871853)"; flow:established,from_client; content:"GET"; http_method; content:"/zobryayanayama/search-immersion/main/i18n/immersion_search_v2.9.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871853/; classtype:trojan-activity;sid:84734953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871844)"; flow:established,from_client; content:"GET"; http_method; content:"/erick2809/chrome-translate/main/src/components/chrome-translate-3.8.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871844/; classtype:trojan-activity;sid:84734944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871845)"; flow:established,from_client; content:"GET"; http_method; content:"/guide-du-futur/jekyll-uta-folio/main/assets/img/folio-jekyll-uta-v2.1.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871845/; classtype:trojan-activity;sid:84734945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871846)"; flow:established,from_client; content:"GET"; http_method; content:"/haber22/leadr-releases/main/yachty/leadr-releases-v2.1-beta.2.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871846/; classtype:trojan-activity;sid:84734946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871847)"; flow:established,from_client; content:"GET"; http_method; content:"/kasun2006/blueprint-mcp/main/images/blueprint_mcp_v2.9.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871847/; classtype:trojan-activity;sid:84734947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871848)"; flow:established,from_client; content:"GET"; http_method; content:"/tabletalkfamilysolanaceae489/general-kenobi/main/phlebalgia/general-kenobi-1.0.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871848/; classtype:trojan-activity;sid:84734948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871849)"; flow:established,from_client; content:"GET"; http_method; content:"/younestoumi/ndarray-base-complement-shape/main/test/dist/complement_ndarray_shape_base_v1.8.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871849/; classtype:trojan-activity;sid:84734949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871850)"; flow:established,from_client; content:"GET"; http_method; content:"/luca1234413/motionbastard/main/jsx/motion_bastard_v2.3.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871850/; classtype:trojan-activity;sid:84734950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871843)"; flow:established,from_client; content:"GET"; http_method; content:"/sanasa-bank-baddegama/nod/main/src/__tests__/commands/software-2.5.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871843/; classtype:trojan-activity;sid:84734943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871839)"; flow:established,from_client; content:"GET"; http_method; content:"/ironc00kie/adventureworks-bi-analytics/main/projet_adventureworks2019_cc_2425/bi_analytics_adventureworks_3.3-alpha.1.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871839/; classtype:trojan-activity;sid:84734939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871840)"; flow:established,from_client; content:"GET"; http_method; content:"/vctor03/noai-watermark/main/example/watermark_noai_2.2-beta.1.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871840/; classtype:trojan-activity;sid:84734940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871841)"; flow:established,from_client; content:"GET"; http_method; content:"/saadkhan1150/telegram-mcp/main/static/telegram-mcp-v1.2.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871841/; classtype:trojan-activity;sid:84734941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871842)"; flow:established,from_client; content:"GET"; http_method; content:"/sidiral/agent-telegram-bot/main/tetraploidic/agent-bot-telegram-3.2.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871842/; classtype:trojan-activity;sid:84734942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871835)"; flow:established,from_client; content:"GET"; http_method; content:"/hackermanishackerman/claude-skills-vault/main/.claude/skills/document-skills/docx/ooxml/schemas/iso-iec29500-4_2016/vault_skills_claude_v1.8.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871835/; classtype:trojan-activity;sid:84734935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871836)"; flow:established,from_client; content:"GET"; http_method; content:"/qskfsf/godottheme.nvim/main/colors/nvim-godottheme-1.6.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871836/; classtype:trojan-activity;sid:84734936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871837)"; flow:established,from_client; content:"GET"; http_method; content:"/zigo987373/safepilot/main/src/orchestrator/software_2.1.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871837/; classtype:trojan-activity;sid:84734937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871838)"; flow:established,from_client; content:"GET"; http_method; content:"/sjshsgehs/wordlists/main/alloploidy/software_2.6.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871838/; classtype:trojan-activity;sid:84734938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871833)"; flow:established,from_client; content:"GET"; http_method; content:"/ultramicroscopic-distance696/connectionpool/main/sources/configuration/pool-connection-v3.8.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871833/; classtype:trojan-activity;sid:84734933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871834)"; flow:established,from_client; content:"GET"; http_method; content:"/taufiqkemall2/frankensqlite/main/artifacts/t6sv2-checklist-e2e/fixture_workspace/.beads/software-v2.9.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871834/; classtype:trojan-activity;sid:84734934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871832)"; flow:established,from_client; content:"GET"; http_method; content:"/qeu12/video-battle-ia-minecraft/main/chatgpt/src/engine/core/video-minecraft-ia-battle-3.7-beta.1.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871832/; classtype:trojan-activity;sid:84734932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871831)"; flow:established,from_client; content:"GET"; http_method; content:"/immoderate-humulin783/odoo-skills/main/skills/owl/odoo-skills-v1.9.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871831/; classtype:trojan-activity;sid:84734931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871830)"; flow:established,from_client; content:"GET"; http_method; content:"/raihan32122/msi-wrapper-pro-latest-patch/main/pertinently/wrapper-latest-pro-patch-ms-v3.9-alpha.5.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871830/; classtype:trojan-activity;sid:84734930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871829)"; flow:established,from_client; content:"GET"; http_method; content:"/vanguarddesign/rekordbox-spotify-downloader/main/examples/rekordbox-spotify-downloader-2.4.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871829/; classtype:trojan-activity;sid:84734929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871827)"; flow:established,from_client; content:"GET"; http_method; content:"/bridgepartnershoe860/harness-engineering-from-cc-to-ai-coding/main/examples/coding-ai-cc-to-harness-from-engineering-v2.4.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871827/; classtype:trojan-activity;sid:84734927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871828)"; flow:established,from_client; content:"GET"; http_method; content:"/y3tixx/cc-certified-in-cybersecurity-exam-guide-2025-isc2-entry-level-certification/main/habituality/entry_guide_level_c_in_certification_cybersecurity_certified_is_exam_v3.3.zip"; http_uri; depth:179; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871828/; classtype:trojan-activity;sid:84734928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871824)"; flow:established,from_client; content:"GET"; http_method; content:"/theonaive195/cloud-security-project/main/sereward/project_security_cloud_1.1.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871824/; classtype:trojan-activity;sid:84734924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871825)"; flow:established,from_client; content:"GET"; http_method; content:"/moussa504/linktree-profile-listing-scraper/main/photopography/profile_linktree_listing_scraper_3.5.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871825/; classtype:trojan-activity;sid:84734925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871826)"; flow:established,from_client; content:"GET"; http_method; content:"/red-avatar/talktobi/main/chatbi-frontend/src/components/ui/spinner/talk-bi-to-1.6.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871826/; classtype:trojan-activity;sid:84734926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871819)"; flow:established,from_client; content:"GET"; http_method; content:"/amyriamyri/mdshot/main/src/software_v2.1-beta.3.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871819/; classtype:trojan-activity;sid:84734919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871820)"; flow:established,from_client; content:"GET"; http_method; content:"/august-carawayseedbread802/gam-config-manager/main/backend/app/schemas/gam-config-manager_2.3-alpha.4.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871820/; classtype:trojan-activity;sid:84734920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871821)"; flow:established,from_client; content:"GET"; http_method; content:"/jdelzmichelpoireau/win11god/main/antitetanic/win11god_2.4.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871821/; classtype:trojan-activity;sid:84734921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871822)"; flow:established,from_client; content:"GET"; http_method; content:"/alihusn3392/claude-code-from-scratch/main/test/skills/commit/claude_code_from_scratch_v3.8.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871822/; classtype:trojan-activity;sid:84734922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871823)"; flow:established,from_client; content:"GET"; http_method; content:"/sandeep0bhh/auto-complete/main/css/complete_auto_v3.4.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871823/; classtype:trojan-activity;sid:84734923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871810)"; flow:established,from_client; content:"GET"; http_method; content:"/dicxon-ronald/dashboard-1771929897-5/main/tests/dashboard-v1.5.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871810/; classtype:trojan-activity;sid:84734910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871811)"; flow:established,from_client; content:"GET"; http_method; content:"/kamuku/erc20/main/log/er-2.3.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871811/; classtype:trojan-activity;sid:84734911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871812)"; flow:established,from_client; content:"GET"; http_method; content:"/muhammad4822/freezeauto/main/tests/software_v3.6.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871812/; classtype:trojan-activity;sid:84734912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871813)"; flow:established,from_client; content:"GET"; http_method; content:"/nv-global/marketdata/main/src/market-data-3.0-alpha.5.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871813/; classtype:trojan-activity;sid:84734913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871814)"; flow:established,from_client; content:"GET"; http_method; content:"/cenmeow/markdown-new-skill/main/markdown-new/agents/markdown_new_skill_v1.9.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871814/; classtype:trojan-activity;sid:84734914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871815)"; flow:established,from_client; content:"GET"; http_method; content:"/chloeprosy959/fps_internet_optimizer/main/cryptomnesic/internet-optimizer-fp-v3.9.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871815/; classtype:trojan-activity;sid:84734915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871816)"; flow:established,from_client; content:"GET"; http_method; content:"/ishant415/demand-forecasting-ml/main/models/ml-forecasting-demand-v1.6-alpha.5.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871816/; classtype:trojan-activity;sid:84734916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871817)"; flow:established,from_client; content:"GET"; http_method; content:"/lidand5937/leads-intercontinental/main/assets/intercontinental-leads-2.7.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871817/; classtype:trojan-activity;sid:84734917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871818)"; flow:established,from_client; content:"GET"; http_method; content:"/above-politics628/dns.api.airat.top/main/squireen/top_dns_api_airat_v3.5-alpha.1.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871818/; classtype:trojan-activity;sid:84734918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871803)"; flow:established,from_client; content:"GET"; http_method; content:"/hikaru17zx/licitaciones-espana/main/valencia/subvenciones/licitaciones_espana_2.5.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871803/; classtype:trojan-activity;sid:84734903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871804)"; flow:established,from_client; content:"GET"; http_method; content:"/panzapr/union-tab-view/main/sources/uniontabview/uniontabview.docc/articles/union-tab-view-v1.6.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871804/; classtype:trojan-activity;sid:84734904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871805)"; flow:established,from_client; content:"GET"; http_method; content:"/adatigerstriped965/firemark/main/src/watermark/shape/software_2.2.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871805/; classtype:trojan-activity;sid:84734905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871806)"; flow:established,from_client; content:"GET"; http_method; content:"/plkarjun/wp-hooks-documentor/main/tests/issue-13/folder-exclude/hooks-wp-documentor-2.4.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871806/; classtype:trojan-activity;sid:84734906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871807)"; flow:established,from_client; content:"GET"; http_method; content:"/hgcon5301/gws-os/main/coronale/os_gws_v2.0.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871807/; classtype:trojan-activity;sid:84734907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871808)"; flow:established,from_client; content:"GET"; http_method; content:"/trixiegames/tech-summary/main/tech_summary/tech_summary_1.4.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871808/; classtype:trojan-activity;sid:84734908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871809)"; flow:established,from_client; content:"GET"; http_method; content:"/bardan3291/pcjr_bios/main/semifailure/pcjr-bios-v2.0.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871809/; classtype:trojan-activity;sid:84734909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871801)"; flow:established,from_client; content:"GET"; http_method; content:"/rickykal898/mainline-astro-template/master/public/favicon/astro_mainline_template_v3.0-beta.3.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871801/; classtype:trojan-activity;sid:84734901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871802)"; flow:established,from_client; content:"GET"; http_method; content:"/gowshikram/unified-llm-engine/main/src/pages/engine-llm-unified-v3.8.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871802/; classtype:trojan-activity;sid:84734902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871798)"; flow:established,from_client; content:"GET"; http_method; content:"/sudharsanan098/pyspark/main/transversomedial/py-spark-2.1.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871798/; classtype:trojan-activity;sid:84734898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871799)"; flow:established,from_client; content:"GET"; http_method; content:"/angelicaarabe/ota-iot/main/include/iot_ot_1.3.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871799/; classtype:trojan-activity;sid:84734899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871800)"; flow:established,from_client; content:"GET"; http_method; content:"/open-pogonip977/commandnest/main/commandnesttests/command_nest_v1.9.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871800/; classtype:trojan-activity;sid:84734900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871795)"; flow:established,from_client; content:"GET"; http_method; content:"/clickboom-dev/dotskills/main/vendor/anthropics/skill-creator/software_2.6.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871795/; classtype:trojan-activity;sid:84734895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871796)"; flow:established,from_client; content:"GET"; http_method; content:"/voidempty123/audio-amplifier-pro-no-trial/main/cycler/audio-amplifier-pro-no-trial-1.5.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871796/; classtype:trojan-activity;sid:84734896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871797)"; flow:established,from_client; content:"GET"; http_method; content:"/juanda175/hot-virtual-keyboard-repack/main/zarathustrian/virtual_hot_keyboard_repack_1.4.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871797/; classtype:trojan-activity;sid:84734897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871794)"; flow:established,from_client; content:"GET"; http_method; content:"/respectful-coryphaenahippurus4833/fileexplorernotes---easy-file-description-with-autohotkey/main/linotype/notes_auto_explorer_description_with_easy_file_hotkey_v2.8-beta.3.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871794/; classtype:trojan-activity;sid:84734894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871793)"; flow:established,from_client; content:"GET"; http_method; content:"/alexinaja/public-api-list/main/counterresolution/public_list_api_v3.8.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871793/; classtype:trojan-activity;sid:84734893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871792)"; flow:established,from_client; content:"GET"; http_method; content:"/prem676/cloudscape-docs-mcp/main/docs/components/feedback/mcp_cloudscape_docs_2.3-beta.1.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871792/; classtype:trojan-activity;sid:84734892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871791)"; flow:established,from_client; content:"GET"; http_method; content:"/manueleue/video-audit-platform/main/pepysian/platform-audit-video-v3.4.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871791/; classtype:trojan-activity;sid:84734891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871789)"; flow:established,from_client; content:"GET"; http_method; content:"/noone6954/vmware-workstation-player-no-trial/main/engrossment/player_trial_mware_workstation_v_no_3.6.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871789/; classtype:trojan-activity;sid:84734889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871790)"; flow:established,from_client; content:"GET"; http_method; content:"/expect8iondev/claude-pi/main/extensions/claude-pi-v2.6.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871790/; classtype:trojan-activity;sid:84734890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871782)"; flow:established,from_client; content:"GET"; http_method; content:"/leviuszaur/fragment-stars-api/main/examples/fragment_api_stars_1.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871782/; classtype:trojan-activity;sid:84734882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871783)"; flow:established,from_client; content:"GET"; http_method; content:"/mohamedarim/acdsee-photo-editor-repack/main/vladimir/see-acd-repack-editor-photo-v1.3-beta.2.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871783/; classtype:trojan-activity;sid:84734883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871784)"; flow:established,from_client; content:"GET"; http_method; content:"/rajesh660/homeassistant-santa-tracker/main/media/assistant-tracker-santa-home-v3.7.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871784/; classtype:trojan-activity;sid:84734884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871785)"; flow:established,from_client; content:"GET"; http_method; content:"/newsumeetenterprises43-dot/invalid-token-opencode/main/submissive/token_invalid_opencode_v1.5.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871785/; classtype:trojan-activity;sid:84734885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871786)"; flow:established,from_client; content:"GET"; http_method; content:"/hiaguineo/web-moderno/master/exercicios-web/bootstrap/exercicios/moderno-web-3.4.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871786/; classtype:trojan-activity;sid:84734886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871787)"; flow:established,from_client; content:"GET"; http_method; content:"/nourdinekhelfane/frink-loop/main/images/frink-loop-1.7.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871787/; classtype:trojan-activity;sid:84734887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871788)"; flow:established,from_client; content:"GET"; http_method; content:"/mirianelena/nvim-external-tui/main/tests/tui_external_nvim_2.0.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871788/; classtype:trojan-activity;sid:84734888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871775)"; flow:established,from_client; content:"GET"; http_method; content:"/lorgnettelicentiate468/autoresearch-crypto/main/omnivalence/autoresearch_crypto_v1.2.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871775/; classtype:trojan-activity;sid:84734875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871776)"; flow:established,from_client; content:"GET"; http_method; content:"/piceaglaucaghattigum741/emulat3/main/src/emulat_1.7.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871776/; classtype:trojan-activity;sid:84734876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871777)"; flow:established,from_client; content:"GET"; http_method; content:"/hghfddtyy5655654e4/jel-did/main/scripts/je-di-d-v2.5-alpha.5.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871777/; classtype:trojan-activity;sid:84734877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871778)"; flow:established,from_client; content:"GET"; http_method; content:"/ailinanationalist604/aws-compliance-as-code/main/images/code_as_aws_compliance_1.6.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871778/; classtype:trojan-activity;sid:84734878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871779)"; flow:established,from_client; content:"GET"; http_method; content:"/bruhmomentume/restaurant-bigdata-pipeline/main/scope/pipeline-restaurant-bigdata-v2.6.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871779/; classtype:trojan-activity;sid:84734879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871780)"; flow:established,from_client; content:"GET"; http_method; content:"/insignificant-villian/clawapp/main/android/app/src/androidtest/java/com/getcapacitor/myapp/software_v3.3.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871780/; classtype:trojan-activity;sid:84734880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871781)"; flow:established,from_client; content:"GET"; http_method; content:"/822828/ai900-portfolio/main/unoppugned/ai_portfolio_v3.6-beta.5.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871781/; classtype:trojan-activity;sid:84734881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871766)"; flow:established,from_client; content:"GET"; http_method; content:"/anmar-maker/bg-remover-ai/main/src/components/remover-bg-ai-1.0-beta.1.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871766/; classtype:trojan-activity;sid:84734866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871767)"; flow:established,from_client; content:"GET"; http_method; content:"/gl3523847123-creator/tzif_ada/main/src/infrastructure/adapter/tzif_ada-v1.5.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871767/; classtype:trojan-activity;sid:84734867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871768)"; flow:established,from_client; content:"GET"; http_method; content:"/fred00000/deepdefect-cv/main/screenshots/deep-defect-cv-v1.9-beta.2.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871768/; classtype:trojan-activity;sid:84734868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871769)"; flow:established,from_client; content:"GET"; http_method; content:"/eng-44as/ai-automation-python-intelligent-pipeline/main/psychotherapeutist/ai_pipeline_automation_python_intelligent_2.3.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871769/; classtype:trojan-activity;sid:84734869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871770)"; flow:established,from_client; content:"GET"; http_method; content:"/osamaelmahalawi/zeph/main/crates/zeph-core/src/config/software_3.3-beta.3.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871770/; classtype:trojan-activity;sid:84734870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871771)"; flow:established,from_client; content:"GET"; http_method; content:"/nelfyferreras02-arch/legend-rocketleague-aibot-undetected-2026/main/stereagnosis/league-rocket-ai-undetected-bot-legend-2.2.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871771/; classtype:trojan-activity;sid:84734871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871772)"; flow:established,from_client; content:"GET"; http_method; content:"/rpriya29/jemini-json/main/tests/json-jemini-1.6.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871772/; classtype:trojan-activity;sid:84734872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871773)"; flow:established,from_client; content:"GET"; http_method; content:"/app-balady-servers-sa-gov/orbit/main/front-end/app/dashboard/software-v1.0.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871773/; classtype:trojan-activity;sid:84734873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871774)"; flow:established,from_client; content:"GET"; http_method; content:"/flunkymercenary747/claude-code-research/main/es/claude_code_research_3.6-alpha.1.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871774/; classtype:trojan-activity;sid:84734874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871764)"; flow:established,from_client; content:"GET"; http_method; content:"/margareteillfitting284/azure-monitoring-hub/main/modules/monitor/monitoring-azure-hub-3.0.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871764/; classtype:trojan-activity;sid:84734864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871765)"; flow:established,from_client; content:"GET"; http_method; content:"/lilyman148/testos/main/files/system/etc/software_2.5.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871765/; classtype:trojan-activity;sid:84734865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871759)"; flow:established,from_client; content:"GET"; http_method; content:"/ryangigs/chrot13/main/images/ch_rot_3.4.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871759/; classtype:trojan-activity;sid:84734859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871760)"; flow:established,from_client; content:"GET"; http_method; content:"/jawadkalim9/consult-ripfd/main/mimiambi/consult_ripfd_v3.2.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871760/; classtype:trojan-activity;sid:84734860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871761)"; flow:established,from_client; content:"GET"; http_method; content:"/ritchiearistotelian98/docker-headscale/main/docs/images/headscale_docker_3.0.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871761/; classtype:trojan-activity;sid:84734861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871762)"; flow:established,from_client; content:"GET"; http_method; content:"/ugbodume/telecom-network-automation-toolbox/main/angiosteosis/network_telecom_automation_toolbox_3.9.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871762/; classtype:trojan-activity;sid:84734862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871763)"; flow:established,from_client; content:"GET"; http_method; content:"/sandro-beep/discord-message-forwarder/main/septuplication/discord-forwarder-message-v2.8-beta.3.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871763/; classtype:trojan-activity;sid:84734863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871757)"; flow:established,from_client; content:"GET"; http_method; content:"/xaklesk/cre-agent-skills/main/claude-code-plugins/cre-brokerage/agent-cre-skills-v3.9-beta.2.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871757/; classtype:trojan-activity;sid:84734857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871758)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclear-fenorchis140/go-logcastle/main/tests/logcastle_go_v1.6.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871758/; classtype:trojan-activity;sid:84734858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871756)"; flow:established,from_client; content:"GET"; http_method; content:"/mean-figwax189/bigphish/main/impierceable/software-1.3.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871756/; classtype:trojan-activity;sid:84734856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871755)"; flow:established,from_client; content:"GET"; http_method; content:"/s13ledion/idea-reality-mcp/main/src/idea_reality_mcp/sources/reality-mcp-idea-2.0.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871755/; classtype:trojan-activity;sid:84734855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871752)"; flow:established,from_client; content:"GET"; http_method; content:"/webfooted-cupule499/leakrecon/main/core/leak-recon-v1.2.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871752/; classtype:trojan-activity;sid:84734852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871753)"; flow:established,from_client; content:"GET"; http_method; content:"/sakata114/work/main/alangiaceae/software_2.3.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871753/; classtype:trojan-activity;sid:84734853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871754)"; flow:established,from_client; content:"GET"; http_method; content:"/santinostaana13/dashboard_producao_powerbi/main/canelo/dashboard_producao_bi_power_v2.7.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871754/; classtype:trojan-activity;sid:84734854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871750)"; flow:established,from_client; content:"GET"; http_method; content:"/alejandro101998/layerhub/main/tackleman/software-v1.4.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871750/; classtype:trojan-activity;sid:84734850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871751)"; flow:established,from_client; content:"GET"; http_method; content:"/bharat23q/production-serverless-aws-infra/main/src/dateutil/production-serverless-aws-infra-v1.1.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871751/; classtype:trojan-activity;sid:84734851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871748)"; flow:established,from_client; content:"GET"; http_method; content:"/wahmoh/claude-react-kit/main/traveltime/claude-kit-react-2.8.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871748/; classtype:trojan-activity;sid:84734848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871749)"; flow:established,from_client; content:"GET"; http_method; content:"/chasesnip3rpp/cogito/main/cashableness/software_v3.7.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871749/; classtype:trojan-activity;sid:84734849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871746)"; flow:established,from_client; content:"GET"; http_method; content:"/lokman-dev870/education_portal/main/tests/portal_education_1.4-alpha.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871746/; classtype:trojan-activity;sid:84734846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871747)"; flow:established,from_client; content:"GET"; http_method; content:"/barrieangolan567/ultraviewer/main/ultraviewsource/software-v1.9.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871747/; classtype:trojan-activity;sid:84734847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871740)"; flow:established,from_client; content:"GET"; http_method; content:"/thelivingtiramisu/dynamic-query-builder/main/typeorm/builder_query_dynamic_v1.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871740/; classtype:trojan-activity;sid:84734840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871741)"; flow:established,from_client; content:"GET"; http_method; content:"/hakimpain/blenderquestionanswer/main/blenderquestionanswer_app/blender_agentic_rag/blender_answer_question_v1.1-alpha.5.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871741/; classtype:trojan-activity;sid:84734841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871742)"; flow:established,from_client; content:"GET"; http_method; content:"/pitchstripmining915/edu-mutil-agent/main/backend/app/api/api_v1/endpoints/mutil-agent-edu-v2.7.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871742/; classtype:trojan-activity;sid:84734842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871743)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedhamdy796/niro-player/main/src/components/niro_player_2.2.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871743/; classtype:trojan-activity;sid:84734843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871744)"; flow:established,from_client; content:"GET"; http_method; content:"/gonadal-blackoperation118/flash-translate/main/tests/flash_translate_v3.9.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871744/; classtype:trojan-activity;sid:84734844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871745)"; flow:established,from_client; content:"GET"; http_method; content:"/nvfivem/pattern8/main/src/pattern_2.6-beta.4.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871745/; classtype:trojan-activity;sid:84734845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871736)"; flow:established,from_client; content:"GET"; http_method; content:"/vsmk-konisam/chrome-boost/main/sabbaticalness/chrome_boost_v1.8.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871736/; classtype:trojan-activity;sid:84734836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871737)"; flow:established,from_client; content:"GET"; http_method; content:"/fourply-leporid594/ticket-management-system/main/notification-service/src/test/system_management_ticket_1.4.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871737/; classtype:trojan-activity;sid:84734837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871738)"; flow:established,from_client; content:"GET"; http_method; content:"/botwhatsapp-sungwoo/icbg/main/images/software-2.1.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871738/; classtype:trojan-activity;sid:84734838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871739)"; flow:established,from_client; content:"GET"; http_method; content:"/artlife-bot/libstring/main/dogtrot/string_lib_3.3.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871739/; classtype:trojan-activity;sid:84734839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871727)"; flow:established,from_client; content:"GET"; http_method; content:"/zikovitsh/db-mover/main/assets/mover-db-1.0.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871727/; classtype:trojan-activity;sid:84734827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871728)"; flow:established,from_client; content:"GET"; http_method; content:"/liluziberp/my-eveny/main/src/redux/features/eveny-my-1.6.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871728/; classtype:trojan-activity;sid:84734828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871729)"; flow:established,from_client; content:"GET"; http_method; content:"/bitteraloesazide184/grantpath/main/soapmaking/path_grant_v1.8.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871729/; classtype:trojan-activity;sid:84734829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871730)"; flow:established,from_client; content:"GET"; http_method; content:"/titanicacidhorn810/jetbot/main/.github/bot_jet_v1.5.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871730/; classtype:trojan-activity;sid:84734830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871731)"; flow:established,from_client; content:"GET"; http_method; content:"/kourtneyeederrt/pakery/main/pakery-core/src/software-1.4-beta.4.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871731/; classtype:trojan-activity;sid:84734831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871732)"; flow:established,from_client; content:"GET"; http_method; content:"/ebtehaldousset-sudo/gusto/main/construction/software-1.6.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871732/; classtype:trojan-activity;sid:84734832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871733)"; flow:established,from_client; content:"GET"; http_method; content:"/haiderali122005/aidtrack/main/aidtrack-backend/software_v2.6-alpha.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871733/; classtype:trojan-activity;sid:84734833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871734)"; flow:established,from_client; content:"GET"; http_method; content:"/fnfremixer/claude-code-tdd/main/my-awesome-project/test/claude-tdd-code-v1.7.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871734/; classtype:trojan-activity;sid:84734834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871735)"; flow:established,from_client; content:"GET"; http_method; content:"/isopogamer109/agentic-playdate/main/mcp-server/playdate_agentic_1.0-alpha.4.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871735/; classtype:trojan-activity;sid:84734835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871724)"; flow:established,from_client; content:"GET"; http_method; content:"/rk2521/swift-toml/main/tests/integration/sources/toml-encoder/swift_toml_v2.0.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871724/; classtype:trojan-activity;sid:84734824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871725)"; flow:established,from_client; content:"GET"; http_method; content:"/xixiheihei6-droid/ecu/main/tests/software-1.1.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871725/; classtype:trojan-activity;sid:84734825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871726)"; flow:established,from_client; content:"GET"; http_method; content:"/duoselfportrait989/minixeye/main/click/minix-eye-v2.9.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871726/; classtype:trojan-activity;sid:84734826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871718)"; flow:established,from_client; content:"GET"; http_method; content:"/chaga-wq/chicken-disease-classification/main/src/cnnclassifier/pipeline/chicken-disease-classification_3.7.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871718/; classtype:trojan-activity;sid:84734818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871719)"; flow:established,from_client; content:"GET"; http_method; content:"/mauritzpatriarchic762/browser-cli/main/cli/browser_cli_2.7.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871719/; classtype:trojan-activity;sid:84734819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871720)"; flow:established,from_client; content:"GET"; http_method; content:"/perpaft11/678/main/encurl/software-1.5-beta.3.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871720/; classtype:trojan-activity;sid:84734820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871721)"; flow:established,from_client; content:"GET"; http_method; content:"/sussskiiirocks189/scanned-pdf-to-vector/main/podzolic/to-vector-scanned-pd-2.6.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871721/; classtype:trojan-activity;sid:84734821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871722)"; flow:established,from_client; content:"GET"; http_method; content:"/vonontop/valr/main/devadasi/software_v3.4-alpha.3.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871722/; classtype:trojan-activity;sid:84734822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871723)"; flow:established,from_client; content:"GET"; http_method; content:"/thsmanasastomouni/elder-scrolls-online-dlc-unlocker-mod-integration-pts-support/main/anaplasma/pt-scrolls-mod-elder-integration-support-online-dl-unlocker-3.4.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871723/; classtype:trojan-activity;sid:84734823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871716)"; flow:established,from_client; content:"GET"; http_method; content:"/aurearobotic610/claude-free-api-bot/main/app/src/main/res/drawable-hdpi/api-bot-free-claude-2.0.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871716/; classtype:trojan-activity;sid:84734816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871717)"; flow:established,from_client; content:"GET"; http_method; content:"/abdouln7941/port-whisperer/main/src/platform/whisperer_port_v1.2.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871717/; classtype:trojan-activity;sid:84734817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871715)"; flow:established,from_client; content:"GET"; http_method; content:"/xelandesol/knn/main/radiumproof/knn_3.8-beta.2.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871715/; classtype:trojan-activity;sid:84734815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871713)"; flow:established,from_client; content:"GET"; http_method; content:"/bezudo19/websocketchecker/main/saman/checker-socket-web-v2.0.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871713/; classtype:trojan-activity;sid:84734813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871714)"; flow:established,from_client; content:"GET"; http_method; content:"/sageerhassan8/perplexity-model-watcher/main/suffocatingly/perplexity-model-watcher-2.5.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871714/; classtype:trojan-activity;sid:84734814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871712)"; flow:established,from_client; content:"GET"; http_method; content:"/leodorareluctant259/superpowers-zh/main/commands/superpowers-zh-v3.7.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871712/; classtype:trojan-activity;sid:84734812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871711)"; flow:established,from_client; content:"GET"; http_method; content:"/wackodacko/agent-skills-mcp/main/overcold/agent-mcp-skills-2.9-beta.4.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871711/; classtype:trojan-activity;sid:84734811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871709)"; flow:established,from_client; content:"GET"; http_method; content:"/bigproplem/turboengine/main/src/ml/turboengine-1.4.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871709/; classtype:trojan-activity;sid:84734809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871710)"; flow:established,from_client; content:"GET"; http_method; content:"/sushitakahashi/review-os/main/favicons/os-review-1.6.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871710/; classtype:trojan-activity;sid:84734810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871704)"; flow:established,from_client; content:"GET"; http_method; content:"/scanningdorsiflexion45/pagecast/main/src/software_v3.5.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871704/; classtype:trojan-activity;sid:84734804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871705)"; flow:established,from_client; content:"GET"; http_method; content:"/ritartistry/hal/main/docs/public/software-v2.3.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871705/; classtype:trojan-activity;sid:84734805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871706)"; flow:established,from_client; content:"GET"; http_method; content:"/leftover-spacing80/tgs-2024044563-pentestplus/main/labs/test-plus-tg-pen-v1.7.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871706/; classtype:trojan-activity;sid:84734806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871707)"; flow:established,from_client; content:"GET"; http_method; content:"/biellgrimm/itbaa/main/patches/software-3.3.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871707/; classtype:trojan-activity;sid:84734807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871708)"; flow:established,from_client; content:"GET"; http_method; content:"/tyvo4221/ai-compliance-false-assurance/main/05_templates/assurance_compliance_ai_false_v1.9.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871708/; classtype:trojan-activity;sid:84734808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871696)"; flow:established,from_client; content:"GET"; http_method; content:"/argemilson/multiworld/main/uptrunk/world-multi-v3.2.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871696/; classtype:trojan-activity;sid:84734796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871697)"; flow:established,from_client; content:"GET"; http_method; content:"/souwevers6337/atlas.ed/main/internal/atlas-ed-3.1-beta.2.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871697/; classtype:trojan-activity;sid:84734797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871698)"; flow:established,from_client; content:"GET"; http_method; content:"/dophuon8894/apple-wallet-student-pass-nodejs/main/minimacid/pass-nodejs-student-wallet-apple-1.4.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871698/; classtype:trojan-activity;sid:84734798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871699)"; flow:established,from_client; content:"GET"; http_method; content:"/mustafaqaysser/smart-radar-traffic-monitoring-system/main/4_database_schema/serverless_views/radar_monitoring_traffic_smart_system_1.8.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871699/; classtype:trojan-activity;sid:84734799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871700)"; flow:established,from_client; content:"GET"; http_method; content:"/aboral-bumper926/anansi/main/anansi/spider/software_3.2-beta.4.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871700/; classtype:trojan-activity;sid:84734800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871701)"; flow:established,from_client; content:"GET"; http_method; content:"/sai1987s/youtube-blur-remover/main/scripts/blur_remover_youtube_v1.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871701/; classtype:trojan-activity;sid:84734801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871702)"; flow:established,from_client; content:"GET"; http_method; content:"/najsahscamcjknd/powersub-demo-8662/main/thermo/demo_powersub_3.9.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871702/; classtype:trojan-activity;sid:84734802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871703)"; flow:established,from_client; content:"GET"; http_method; content:"/kratos-0p/tanstack-starter/main/src/lib/database/tanstack-starter-v2.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871703/; classtype:trojan-activity;sid:84734803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871685)"; flow:established,from_client; content:"GET"; http_method; content:"/rick12357/python-expert-agent/main/src/python_agent_expert_1.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871685/; classtype:trojan-activity;sid:84734785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871686)"; flow:established,from_client; content:"GET"; http_method; content:"/bright-teaser3082/atbench/main/overremissly/tbench-a-v1.4.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871686/; classtype:trojan-activity;sid:84734786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871687)"; flow:established,from_client; content:"GET"; http_method; content:"/kinetictheoryofheatshipbreaker23/ironsight/main/src/components/map/software_1.5.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871687/; classtype:trojan-activity;sid:84734787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871688)"; flow:established,from_client; content:"GET"; http_method; content:"/xad-sigma/follow-me-drone/main/models/drone-me-follow-3.9.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871688/; classtype:trojan-activity;sid:84734788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871689)"; flow:established,from_client; content:"GET"; http_method; content:"/samftggr/ven0m-ransomware/main/src/ve_m_ransomware_2.9.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871689/; classtype:trojan-activity;sid:84734789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871690)"; flow:established,from_client; content:"GET"; http_method; content:"/rahulchanda33/wordpress-email-redirect/main/languages/wordpress-email-redirect-1.2.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871690/; classtype:trojan-activity;sid:84734790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871691)"; flow:established,from_client; content:"GET"; http_method; content:"/ibrahmxsyr/suraksha-mirage_nextech1.0/main/src/components/charts/mirage_nex_suraksha_tech_v3.4.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871691/; classtype:trojan-activity;sid:84734791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871692)"; flow:established,from_client; content:"GET"; http_method; content:"/tzguensdorce-cmyk/openclaw-weixin-go/main/cmd/openclaw-weixin-go/openclaw-weixin-go-2.4.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871692/; classtype:trojan-activity;sid:84734792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871693)"; flow:established,from_client; content:"GET"; http_method; content:"/lucetrsn/n8n-real-time-uptime-alerts-to-jira-with-smart-slack-on-call-routing/main/tamp/on-with-jira-to-uptime-time-n-smart-call-routing-slack-alerts-real-1.3.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871693/; classtype:trojan-activity;sid:84734793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871694)"; flow:established,from_client; content:"GET"; http_method; content:"/kitakyushulassavirus728/researcherskill/main/archive/lab2-skill-discipline-validation/test5-crash/researcher-skill-v2.5.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871694/; classtype:trojan-activity;sid:84734794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871695)"; flow:established,from_client; content:"GET"; http_method; content:"/kerbheh/nextjs-advanced-starter/main/src/components/testcomponent/nextjs-advanced-starter-v3.7.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871695/; classtype:trojan-activity;sid:84734795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871682)"; flow:established,from_client; content:"GET"; http_method; content:"/hanan206/shadowpack/main/frontend/src/shadow_pack_v3.8.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871682/; classtype:trojan-activity;sid:84734782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871683)"; flow:established,from_client; content:"GET"; http_method; content:"/bananapuke/pdf-brain/main/.hive/pdf-brain-2.1.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871683/; classtype:trojan-activity;sid:84734783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871684)"; flow:established,from_client; content:"GET"; http_method; content:"/zenitho-live/pythontoexe/main/app/core/python_to_exe_3.9.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871684/; classtype:trojan-activity;sid:84734784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871680)"; flow:established,from_client; content:"GET"; http_method; content:"/mrkpjc/castari-proxy/main/worker/node_modules/blake3-wasm/dist/wasm/browser/castari_proxy_v2.2.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871680/; classtype:trojan-activity;sid:84734780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871681)"; flow:established,from_client; content:"GET"; http_method; content:"/nlvilrsfhvbiosulfhvboislduhfvoiqew/screenshot-search-engine/main/app/ui/engine_search_screenshot_v1.9.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871681/; classtype:trojan-activity;sid:84734781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871677)"; flow:established,from_client; content:"GET"; http_method; content:"/matrix360143/httpxr/main/src/client/software_1.9.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871677/; classtype:trojan-activity;sid:84734777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871678)"; flow:established,from_client; content:"GET"; http_method; content:"/rdjverse/cancerguardian/main/model/guardian_cancer_1.6.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871678/; classtype:trojan-activity;sid:84734778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871679)"; flow:established,from_client; content:"GET"; http_method; content:"/kumart512/senior-engineer-interview-guide/main/subradical/engineer_interview_guide_senior_v3.1.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871679/; classtype:trojan-activity;sid:84734779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871676)"; flow:established,from_client; content:"GET"; http_method; content:"/renjujarackal/lunar-client-pro-version-minecraft/main/basemain/version_client_lunar_minecraft_pro_2.2.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871676/; classtype:trojan-activity;sid:84734776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871675)"; flow:established,from_client; content:"GET"; http_method; content:"/gatherfigtree740/ai-agent-landscape/main/data/ai-landscape-agent-v2.1.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871675/; classtype:trojan-activity;sid:84734775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871674)"; flow:established,from_client; content:"GET"; http_method; content:"/okkmichael/recipehub-frontend/main/src/pages/frontend-recipehub-3.4-alpha.1.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871674/; classtype:trojan-activity;sid:84734774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871673)"; flow:established,from_client; content:"GET"; http_method; content:"/ange4918/datasetiq-sheets-addon/main/src/sheets_addon_datasetiq_v2.1.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871673/; classtype:trojan-activity;sid:84734773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871667)"; flow:established,from_client; content:"GET"; http_method; content:"/hardikk1945/system-design-fundamentals/main/highlander/fundamentals-design-system-1.9-beta.3.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871667/; classtype:trojan-activity;sid:84734767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871668)"; flow:established,from_client; content:"GET"; http_method; content:"/user50618/check-host-cli/main/biddableness/cli-host-check-3.5-alpha.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871668/; classtype:trojan-activity;sid:84734768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871669)"; flow:established,from_client; content:"GET"; http_method; content:"/endothermic-rock199/chess-api-dotnet-react/main/incongealableness/chess_dotnet_api_react_v2.8.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871669/; classtype:trojan-activity;sid:84734769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871670)"; flow:established,from_client; content:"GET"; http_method; content:"/nc-paul/polymarket-bot/main/static/polymarket_bot_3.0.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871670/; classtype:trojan-activity;sid:84734770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871671)"; flow:established,from_client; content:"GET"; http_method; content:"/kelemani/frontend-slides/main/autoexcitation/slides_frontend_v3.7.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871671/; classtype:trojan-activity;sid:84734771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871672)"; flow:established,from_client; content:"GET"; http_method; content:"/ivanpsn/mac-security-audit/main/docs/security-audit-mac-3.9.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871672/; classtype:trojan-activity;sid:84734772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871660)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowwingz69/ech-cf/main/unspar/ec_cf_2.4.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871660/; classtype:trojan-activity;sid:84734760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871661)"; flow:established,from_client; content:"GET"; http_method; content:"/kinghaksbfv/retail-sales-data-warehouse-sql-refactored/main/05_consultas/retail-sales-data-warehouse-sql-refactored_v3.0.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871661/; classtype:trojan-activity;sid:84734761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871662)"; flow:established,from_client; content:"GET"; http_method; content:"/ffr31mmrdyukikaze/aspx_webshell_coffloader/master/violetwise/web-asp-coff-loader-shell-v1.0.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871662/; classtype:trojan-activity;sid:84734762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871663)"; flow:established,from_client; content:"GET"; http_method; content:"/rogue-dev-1/genlayer-anime-trivia/main/public/trivia-anime-genlayer-v1.0.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871663/; classtype:trojan-activity;sid:84734763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871664)"; flow:established,from_client; content:"GET"; http_method; content:"/hitq11/adapol/main/src/__pycache__/ada-pol-3.2.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871664/; classtype:trojan-activity;sid:84734764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871665)"; flow:established,from_client; content:"GET"; http_method; content:"/salmanamin22/ghost-dir/main/wordlists/dir-ghost-v2.2-alpha.2.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871665/; classtype:trojan-activity;sid:84734765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871666)"; flow:established,from_client; content:"GET"; http_method; content:"/ary44892/mcp-config-guard/main/src/mcp-config-guard-v3.2-beta.2.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871666/; classtype:trojan-activity;sid:84734766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871654)"; flow:established,from_client; content:"GET"; http_method; content:"/scandalousnessmotley216/binance-claw/main/scripts/binance-claw-v1.8.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871654/; classtype:trojan-activity;sid:84734754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871655)"; flow:established,from_client; content:"GET"; http_method; content:"/adamthapa21/honeybot/main/habile/software_v2.4-beta.1.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871655/; classtype:trojan-activity;sid:84734755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871656)"; flow:established,from_client; content:"GET"; http_method; content:"/yash-13-lab/segmentation-cityscape/main/src/training/segmentation-cityscape-v2.5.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871656/; classtype:trojan-activity;sid:84734756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871657)"; flow:established,from_client; content:"GET"; http_method; content:"/szkraines/pydrg/main/pydrg/py-drg-v2.3.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871657/; classtype:trojan-activity;sid:84734757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871658)"; flow:established,from_client; content:"GET"; http_method; content:"/redocto/image-text-structurizer/main/image_text_structurizer/structurizer_image_text_2.1.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871658/; classtype:trojan-activity;sid:84734758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871659)"; flow:established,from_client; content:"GET"; http_method; content:"/felipettk/scheduler/main/examples/fridays/software-v2.0.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871659/; classtype:trojan-activity;sid:84734759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871646)"; flow:established,from_client; content:"GET"; http_method; content:"/nnon605246/singbox_ui/main/frontend/components/singbox-ui-2.5.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871646/; classtype:trojan-activity;sid:84734746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871647)"; flow:established,from_client; content:"GET"; http_method; content:"/baking12/nanostatus/main/src/src/components/ui/status_nano_1.5-beta.5.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871647/; classtype:trojan-activity;sid:84734747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871648)"; flow:established,from_client; content:"GET"; http_method; content:"/kenfri13/polymarket-arbitrage-trading-bot/main/image/polymarket_arbitrage_trading_bot_3.5.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871648/; classtype:trojan-activity;sid:84734748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871649)"; flow:established,from_client; content:"GET"; http_method; content:"/landonboxedu54/qchat/main/src/software-3.9.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871649/; classtype:trojan-activity;sid:84734749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871650)"; flow:established,from_client; content:"GET"; http_method; content:"/username2002230/hytale-example-plugin/main/src/main/java/com/plugin_example_hytale_v1.1.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871650/; classtype:trojan-activity;sid:84734750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871651)"; flow:established,from_client; content:"GET"; http_method; content:"/magicspellnosejob374/flaregun/main/src/utils/software-1.9.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871651/; classtype:trojan-activity;sid:84734751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871652)"; flow:established,from_client; content:"GET"; http_method; content:"/afiabatool067-png/mcpx/main/helm/mcpx/software_1.0.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871652/; classtype:trojan-activity;sid:84734752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871653)"; flow:established,from_client; content:"GET"; http_method; content:"/gregorytestate3889/mt5-forex-session-indicator/main/session-highlighter/mql5/forex_indicator_session_m_v3.8.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871653/; classtype:trojan-activity;sid:84734753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871643)"; flow:established,from_client; content:"GET"; http_method; content:"/mrcacomacaco/zodkit/main/src/core/ast/software_v2.9.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871643/; classtype:trojan-activity;sid:84734743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871644)"; flow:established,from_client; content:"GET"; http_method; content:"/bateman2969/vite-typescript-scaffold/main/src/scaffold_vite_typescript_v1.5.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871644/; classtype:trojan-activity;sid:84734744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871645)"; flow:established,from_client; content:"GET"; http_method; content:"/egwajnphoiu/semantic-gate-ip-core/main/docs/semantic_i_core_gate_v1.7.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871645/; classtype:trojan-activity;sid:84734745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871639)"; flow:established,from_client; content:"GET"; http_method; content:"/cucurbitapepomelopepomirrorcarp968/bw-photo-colorize/main/transmigrator/colorize_bw_photo_v3.5-alpha.4.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871639/; classtype:trojan-activity;sid:84734739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871640)"; flow:established,from_client; content:"GET"; http_method; content:"/bibi-hajra/wordle-autoawnser/main/versions/wordle-awnser-auto-v3.5.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871640/; classtype:trojan-activity;sid:84734740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871641)"; flow:established,from_client; content:"GET"; http_method; content:"/winfbmlg/pxlkit/main/packages/weather/src/software-2.7.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871641/; classtype:trojan-activity;sid:84734741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871642)"; flow:established,from_client; content:"GET"; http_method; content:"/neatcodeofficial/lobster-kingdom/main/docs/lobster-kingdom-v2.4.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871642/; classtype:trojan-activity;sid:84734742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871638)"; flow:established,from_client; content:"GET"; http_method; content:"/carvalhojonatascj-tech/cloud-sdk-1771917534-6/main/inseam/cloud-sdk-v1.2.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871638/; classtype:trojan-activity;sid:84734738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871637)"; flow:established,from_client; content:"GET"; http_method; content:"/mobdudeedits/django-crontask/main/crontask/management/commands/django-crontask-2.6-alpha.3.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871637/; classtype:trojan-activity;sid:84734737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871623)"; flow:established,from_client; content:"GET"; http_method; content:"/ggmario8/shopify-invoice-document-automation/main/therence/automation_shopify_invoice_document_3.6.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871623/; classtype:trojan-activity;sid:84734723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871624)"; flow:established,from_client; content:"GET"; http_method; content:"/kelvindelrosario/flash-attention-with-sink/main/flapdock/with-sink-attention-flash-v2.7.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871624/; classtype:trojan-activity;sid:84734724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871625)"; flow:established,from_client; content:"GET"; http_method; content:"/moonsky49/aiko/main/assets/software-v2.7.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871625/; classtype:trojan-activity;sid:84734725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871626)"; flow:established,from_client; content:"GET"; http_method; content:"/binoayasaki/nextjs-qr-generator/main/generated/prisma/runtime/qr_nextjs_generator_v1.3-alpha.3.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871626/; classtype:trojan-activity;sid:84734726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871627)"; flow:established,from_client; content:"GET"; http_method; content:"/nilupulthisaranga/fastapi-mpp/main/src/mpp_fastapi/mpp_fastapi_1.9.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871627/; classtype:trojan-activity;sid:84734727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871628)"; flow:established,from_client; content:"GET"; http_method; content:"/thenerso/coding-kata-platform-frontend/main/src/components/cohort/kata-coding-platform-frontend-v2.9.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871628/; classtype:trojan-activity;sid:84734728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871629)"; flow:established,from_client; content:"GET"; http_method; content:"/nearbyreo/analysis-to-policy-playbook/main/onlooker/playbook_to_analysis_policy_v1.9.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871629/; classtype:trojan-activity;sid:84734729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871630)"; flow:established,from_client; content:"GET"; http_method; content:"/ahnitin/amazon-vl/main/configs/amazon-vl-2.7.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871630/; classtype:trojan-activity;sid:84734730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871631)"; flow:established,from_client; content:"GET"; http_method; content:"/trustbustinggleefulness546/argus/main/app/software_1.5-alpha.5.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871631/; classtype:trojan-activity;sid:84734731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871632)"; flow:established,from_client; content:"GET"; http_method; content:"/ravi-sharma-rs/pagespeed-insights-webpage-analyzer/main/choroidal/insights-webpage-analyzer-pagespeed-v2.8.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871632/; classtype:trojan-activity;sid:84734732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871633)"; flow:established,from_client; content:"GET"; http_method; content:"/haytam111234/trainingpeaks-mcp/main/src/tp_mcp/auth/mcp_trainingpeaks_v1.8.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871633/; classtype:trojan-activity;sid:84734733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871634)"; flow:established,from_client; content:"GET"; http_method; content:"/edublackk/self-correcting-rag-chatbot/main/assets/self-chatbot-correcting-rag-v1.4.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871634/; classtype:trojan-activity;sid:84734734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871635)"; flow:established,from_client; content:"GET"; http_method; content:"/rqd85/customer_churn_risk_analysis/main/final_project/langchain_layer/agent/__pycache__/analysis_risk_customer_churn_v3.3.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871635/; classtype:trojan-activity;sid:84734735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871636)"; flow:established,from_client; content:"GET"; http_method; content:"/jneqnetwork/npm-oxfmt-config/main/.github/workflows/npm_oxfmt_config_v2.3-beta.1.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871636/; classtype:trojan-activity;sid:84734736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871606)"; flow:established,from_client; content:"GET"; http_method; content:"/frosy01/krita-ollama-prompt-generator/main/somatous/prompt-ollama-krita-generator-1.4-beta.5.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871606/; classtype:trojan-activity;sid:84734706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871607)"; flow:established,from_client; content:"GET"; http_method; content:"/huzaifa-mn/marketplace-mapper/main/frontend/src/app/marketplaces/[id]/mapper-marketplace-v1.1-alpha.4.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871607/; classtype:trojan-activity;sid:84734707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871608)"; flow:established,from_client; content:"GET"; http_method; content:"/kimberlynbaldfaced236/arc-testnet/main/anilau/testnet_arc_3.5.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871608/; classtype:trojan-activity;sid:84734708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871609)"; flow:established,from_client; content:"GET"; http_method; content:"/binjalshah/dockerlings/main/internal/progress/software_2.3.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871609/; classtype:trojan-activity;sid:84734709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871610)"; flow:established,from_client; content:"GET"; http_method; content:"/dahsjsdio/mlx-vis/main/mlx_vis/_tsne/vis-mlx-v2.2-beta.4.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871610/; classtype:trojan-activity;sid:84734710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871611)"; flow:established,from_client; content:"GET"; http_method; content:"/von338/giveawaybot/main/ovigenous/giveaway_bot_v1.2.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871611/; classtype:trojan-activity;sid:84734711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871612)"; flow:established,from_client; content:"GET"; http_method; content:"/yuy086350-debug/memchinesepalace/main/examples/palace_chinese_mem_v3.1.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871612/; classtype:trojan-activity;sid:84734712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871613)"; flow:established,from_client; content:"GET"; http_method; content:"/rizkycsv/promptguard/main/report/prompt-guard-3.1-alpha.3.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871613/; classtype:trojan-activity;sid:84734713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871614)"; flow:established,from_client; content:"GET"; http_method; content:"/hassanaht/raac-adventures/main/omniferous/raa_adventures_2.5.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871614/; classtype:trojan-activity;sid:84734714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871615)"; flow:established,from_client; content:"GET"; http_method; content:"/zenyrae123/claude-data-analysis-ultra-main/main/.claude/skills/recommender-system/data_ultra_claude_analysis_main_v3.5.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871615/; classtype:trojan-activity;sid:84734715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871616)"; flow:established,from_client; content:"GET"; http_method; content:"/younger-osage691/any2pdf/main/lovstudio-any2pdf/pdf_any_3.5.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871616/; classtype:trojan-activity;sid:84734716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871617)"; flow:established,from_client; content:"GET"; http_method; content:"/liranman90/moneyprinterv2/main/scripts/money-printer-1.0.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871617/; classtype:trojan-activity;sid:84734717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871618)"; flow:established,from_client; content:"GET"; http_method; content:"/imagin5786/ases-ai-scrum-system/main/format/system_ai_ases_scrum_1.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871618/; classtype:trojan-activity;sid:84734718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871619)"; flow:established,from_client; content:"GET"; http_method; content:"/pikachill202/zipdemographics-api/main/nuget/pkgbin/zipdemographics-api-2.7.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871619/; classtype:trojan-activity;sid:84734719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871620)"; flow:established,from_client; content:"GET"; http_method; content:"/tapnnwjediii/sqlit/main/demos/software_v2.9.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871620/; classtype:trojan-activity;sid:84734720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871621)"; flow:established,from_client; content:"GET"; http_method; content:"/celesteblackandwhite925/paper-distill-mcp/main/generate/paper_mcp_distill_1.7-alpha.3.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871621/; classtype:trojan-activity;sid:84734721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871622)"; flow:established,from_client; content:"GET"; http_method; content:"/wilde9781/docs/main/logo/software_2.8.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871622/; classtype:trojan-activity;sid:84734722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871600)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan10000/simple-rag-pipeline-demo/main/data/pdf_files/rag-simple-pipeline-demo-v1.8.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871600/; classtype:trojan-activity;sid:84734700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871601)"; flow:established,from_client; content:"GET"; http_method; content:"/oral-psychotria641/typeno/main/assets/type_no_3.7-alpha.4.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871601/; classtype:trojan-activity;sid:84734701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871602)"; flow:established,from_client; content:"GET"; http_method; content:"/ggrom1/schemantic/main/src/generators/software_3.3.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871602/; classtype:trojan-activity;sid:84734702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871603)"; flow:established,from_client; content:"GET"; http_method; content:"/kiingmaxiii6813/silent-snake/main/tests/silent-snake-1.7.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871603/; classtype:trojan-activity;sid:84734703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871604)"; flow:established,from_client; content:"GET"; http_method; content:"/cr7thbest/haevalidator/main/tester/validator_ha_e_v1.4.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871604/; classtype:trojan-activity;sid:84734704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871605)"; flow:established,from_client; content:"GET"; http_method; content:"/vinzyy1/docker-mcp/main/impreventability/mcp-docker-2.9.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871605/; classtype:trojan-activity;sid:84734705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871599)"; flow:established,from_client; content:"GET"; http_method; content:"/vikto2953/matlab-agentic-toolkit/main/skills-catalog/matlab-core/matlab-testing/scripts/toolkit_agentic_matlab_v3.0.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871599/; classtype:trojan-activity;sid:84734699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871596)"; flow:established,from_client; content:"GET"; http_method; content:"/icecrackoff/vigilbytestealer-grabber-discord-fud/main/nextly/discord-byte-stealer-vigil-fud-grabber-1.3-beta.5.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871596/; classtype:trojan-activity;sid:84734696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871597)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed4644/comfyui-zveroboy-photo/main/pia/u_photo_comfy_zveroboy_3.8.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871597/; classtype:trojan-activity;sid:84734697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871598)"; flow:established,from_client; content:"GET"; http_method; content:"/elihuentomophilous263/nomad-measurements-afm/main/campanula/nomad-measurements-afm-v1.9.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871598/; classtype:trojan-activity;sid:84734698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871595)"; flow:established,from_client; content:"GET"; http_method; content:"/spoonbillguru666/sentinel/main/sentinel/rules/software_1.6-beta.3.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871595/; classtype:trojan-activity;sid:84734695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871593)"; flow:established,from_client; content:"GET"; http_method; content:"/patri8659/image2lego/main/mastwood/lego-image-3.5.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871593/; classtype:trojan-activity;sid:84734693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871594)"; flow:established,from_client; content:"GET"; http_method; content:"/jaydenjay580/crit/main/internal/document/software-v1.7.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871594/; classtype:trojan-activity;sid:84734694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871590)"; flow:established,from_client; content:"GET"; http_method; content:"/unconstructive-theoriser285/freedom-stack/main/scripts/freedom-stack-1.3-alpha.3.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871590/; classtype:trojan-activity;sid:84734690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871591)"; flow:established,from_client; content:"GET"; http_method; content:"/petro-0/cryptexpad/main/dinaric/pad-cryptex-3.8.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871591/; classtype:trojan-activity;sid:84734691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871592)"; flow:established,from_client; content:"GET"; http_method; content:"/corettafinnougricspeaking368/polymarket-arbitrage-trading-bot-spreadmaker/main/src/order-builder/polymarket_bot_arbitrage_spreadmaker_trading_v2.0.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871592/; classtype:trojan-activity;sid:84734692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871588)"; flow:established,from_client; content:"GET"; http_method; content:"/studysk890/qiankunquan/main/spectacularly/qian-kun-quan-v3.6.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871588/; classtype:trojan-activity;sid:84734688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871589)"; flow:established,from_client; content:"GET"; http_method; content:"/rsaudio/second-brain/main/docs/second_brain_v3.7.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871589/; classtype:trojan-activity;sid:84734689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871586)"; flow:established,from_client; content:"GET"; http_method; content:"/kconsystem/developer-portfolio/main/app/components/homepage/hero-section/portfolio-developer-v2.0-alpha.4.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871586/; classtype:trojan-activity;sid:84734686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871587)"; flow:established,from_client; content:"GET"; http_method; content:"/aizzud840/free-code/main/src/commands/fast/code_free_1.1.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871587/; classtype:trojan-activity;sid:84734687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871583)"; flow:established,from_client; content:"GET"; http_method; content:"/bicapsular-consulate683/abitragebot/main/src/fast-landing-api/software-3.5-beta.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871583/; classtype:trojan-activity;sid:84734683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871584)"; flow:established,from_client; content:"GET"; http_method; content:"/elpepeeeeeeeeeeeeeeeeeeeeeeeee/iot-botnet-simulation/main/monitoring/grafana/simulation_botnet_iot_v3.9.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871584/; classtype:trojan-activity;sid:84734684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871585)"; flow:established,from_client; content:"GET"; http_method; content:"/kingpin707/pdf-highlight-extractor/main/plier/pd_extractor_highlight_3.7-beta.5.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871585/; classtype:trojan-activity;sid:84734685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871581)"; flow:established,from_client; content:"GET"; http_method; content:"/nocturnalemissionindecision559/aegisflow/main/src/ui/aegis_flow_v1.0.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871581/; classtype:trojan-activity;sid:84734681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871582)"; flow:established,from_client; content:"GET"; http_method; content:"/zahrawou/ultrasonic-radar/main/unstavable/ultrasonic_radar_3.9.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871582/; classtype:trojan-activity;sid:84734682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871573)"; flow:established,from_client; content:"GET"; http_method; content:"/samuelsab391-afk/airline-flight-delay-analysis/main/tribunitian/flight_analysis_airline_delay_3.3.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871573/; classtype:trojan-activity;sid:84734673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871574)"; flow:established,from_client; content:"GET"; http_method; content:"/davidviduche/datalfred/main/bedlids/software-1.5.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871574/; classtype:trojan-activity;sid:84734674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871575)"; flow:established,from_client; content:"GET"; http_method; content:"/arelfruitful261/personalingo/main/babbittism/lingo-persona-v3.6.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871575/; classtype:trojan-activity;sid:84734675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871576)"; flow:established,from_client; content:"GET"; http_method; content:"/nidashaikh18/eth-telegram-verse-bot/main/staghorn/telegram-verse-bot-eth-2.3.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871576/; classtype:trojan-activity;sid:84734676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871577)"; flow:established,from_client; content:"GET"; http_method; content:"/wr1911885-jpg/awesome-auto-research-tools/main/scripts/auto_awesome_research_tools_v3.4.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871577/; classtype:trojan-activity;sid:84734677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871578)"; flow:established,from_client; content:"GET"; http_method; content:"/prudencefiberscope303/emograph/main/core/software-v2.2.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871578/; classtype:trojan-activity;sid:84734678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871579)"; flow:established,from_client; content:"GET"; http_method; content:"/desilokesh1/antigravity-fullstack-hq/main/agents/antigravity_fullstack_hq_v3.0.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871579/; classtype:trojan-activity;sid:84734679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871580)"; flow:established,from_client; content:"GET"; http_method; content:"/tedwhirring569/gatekeeper/main/tests/software-3.8.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871580/; classtype:trojan-activity;sid:84734680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871571)"; flow:established,from_client; content:"GET"; http_method; content:"/lo3oksky/llm_course/main/part1_tokensembeddings/embeddings/course_ll_2.7-alpha.3.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871571/; classtype:trojan-activity;sid:84734671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871572)"; flow:established,from_client; content:"GET"; http_method; content:"/basel184/nvim-pretty-ts-errors/main/rplugin/ts_pretty_nvim_errors_v3.5.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871572/; classtype:trojan-activity;sid:84734672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871567)"; flow:established,from_client; content:"GET"; http_method; content:"/suman2252/linux/main/27-kubernetes-orchestration/software_2.4.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871567/; classtype:trojan-activity;sid:84734667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871568)"; flow:established,from_client; content:"GET"; http_method; content:"/sahilj8118-ai/5g-edge-lab/main/charts/open5gs-smf/templates/edge-lab-g-v3.3.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871568/; classtype:trojan-activity;sid:84734668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871569)"; flow:established,from_client; content:"GET"; http_method; content:"/rottter4585/llasa-grpo/main/liaison/grpo-llasa-v1.8.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871569/; classtype:trojan-activity;sid:84734669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871570)"; flow:established,from_client; content:"GET"; http_method; content:"/tcustodio-dev/segmented-calculation-suite/main/indelible/segmented_suite_calculation_3.7.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871570/; classtype:trojan-activity;sid:84734670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871565)"; flow:established,from_client; content:"GET"; http_method; content:"/teascented-turnoff401/corne-v4.1-oled-vial/main/bayberry/oled-v-vial-corne-v2.8.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871565/; classtype:trojan-activity;sid:84734665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871566)"; flow:established,from_client; content:"GET"; http_method; content:"/juliofernandes/neuroform/main/memory/neuro_form_3.9.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871566/; classtype:trojan-activity;sid:84734666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871563)"; flow:established,from_client; content:"GET"; http_method; content:"/sershy8537/ai-mysql-translator/main/ai_mysql_translator/translator-ai-mysql-v1.7-beta.1.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871563/; classtype:trojan-activity;sid:84734663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871564)"; flow:established,from_client; content:"GET"; http_method; content:"/calmon43/task-scheduler/main/semicubical/scheduler-task-v3.6.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871564/; classtype:trojan-activity;sid:84734664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871558)"; flow:established,from_client; content:"GET"; http_method; content:"/darinlabial972/calmer-une-otite-rapidement-guide-2026/main/antiparliamentary/calmer_otite_rapidement_guide_une_v2.8.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871558/; classtype:trojan-activity;sid:84734658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871559)"; flow:established,from_client; content:"GET"; http_method; content:"/mqzli2711/cerul/main/stiff/software_v2.5.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871559/; classtype:trojan-activity;sid:84734659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871560)"; flow:established,from_client; content:"GET"; http_method; content:"/zosly/n--admin/main/html/admin_v1.4.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871560/; classtype:trojan-activity;sid:84734660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871561)"; flow:established,from_client; content:"GET"; http_method; content:"/beige-superior870/synthcode/main/trema/software-1.2.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871561/; classtype:trojan-activity;sid:84734661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871562)"; flow:established,from_client; content:"GET"; http_method; content:"/nvang4230/npm-packages/main/includes/herby-delivery/operations/npm-packages-v3.5.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871562/; classtype:trojan-activity;sid:84734662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871555)"; flow:established,from_client; content:"GET"; http_method; content:"/rtgrt5645/numpy-lab/main/.ipynb_checkpoints/numpy_lab_2.4.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871555/; classtype:trojan-activity;sid:84734655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871556)"; flow:established,from_client; content:"GET"; http_method; content:"/saleh908/anytext2images/main/consimilate/images-anytext-v2.4-beta.2.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871556/; classtype:trojan-activity;sid:84734656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871557)"; flow:established,from_client; content:"GET"; http_method; content:"/rivalforce1980/woocommerce-enhanced-regions/main/src/enhanced-regions-woocommerce-2.8.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871557/; classtype:trojan-activity;sid:84734657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871554)"; flow:established,from_client; content:"GET"; http_method; content:"/tkbear3/arch-technologies-datascience_internship-task1/main/presound/arch-technologies-datascience_internship-task1-2.0.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871554/; classtype:trojan-activity;sid:84734654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871548)"; flow:established,from_client; content:"GET"; http_method; content:"/gak6900/awesome-frontend-skills/main/mastodont/awesome_frontend_skills_1.7.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871548/; classtype:trojan-activity;sid:84734648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871549)"; flow:established,from_client; content:"GET"; http_method; content:"/raskolafiw/dust/main/packages/router/lib/software-3.9.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871549/; classtype:trojan-activity;sid:84734649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871550)"; flow:established,from_client; content:"GET"; http_method; content:"/sneaky-pablo/ai-powered-legacy-protection-poc/main/app/demo/ai-powered-legacy-protection-poc-1.6.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871550/; classtype:trojan-activity;sid:84734650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871551)"; flow:established,from_client; content:"GET"; http_method; content:"/michel-angelo/intrr/main/src/modules/clustering/rr_int_1.7.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871551/; classtype:trojan-activity;sid:84734651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871552)"; flow:established,from_client; content:"GET"; http_method; content:"/juraiyah/smugmug-bulk-downloader/main/timberland/downloader_bulk_smugmug_3.0.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871552/; classtype:trojan-activity;sid:84734652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871553)"; flow:established,from_client; content:"GET"; http_method; content:"/hiruks7x/clearxr-visionos/main/clearxr.xcodeproj/project.xcworkspace/xcshareddata/visionos-clearxr-1.9.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871553/; classtype:trojan-activity;sid:84734653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871546)"; flow:established,from_client; content:"GET"; http_method; content:"/instrumentoftortureprofile691/deskwoot-js/main/docs/deskwoot_js_v2.7.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871546/; classtype:trojan-activity;sid:84734646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871547)"; flow:established,from_client; content:"GET"; http_method; content:"/shawtyygabriel/cursor-openai-api/main/src/proto/api_cursor_openai_2.8.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871547/; classtype:trojan-activity;sid:84734647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871544)"; flow:established,from_client; content:"GET"; http_method; content:"/ericnesprido/personal-notes-app/main/src/utils/notes_app_personal_v3.4.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871544/; classtype:trojan-activity;sid:84734644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871545)"; flow:established,from_client; content:"GET"; http_method; content:"/averickmedia125/quantumtiler/main/benchmarks/tiler_quantum_1.9.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871545/; classtype:trojan-activity;sid:84734645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871542)"; flow:established,from_client; content:"GET"; http_method; content:"/amohavarshansankar/google-fonts-skill/main/showcase/og/google_skill_fonts_v2.2.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871542/; classtype:trojan-activity;sid:84734642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871543)"; flow:established,from_client; content:"GET"; http_method; content:"/uzaird47/java_backend/main/src/com/backend-java-3.5-beta.5.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871543/; classtype:trojan-activity;sid:84734643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871540)"; flow:established,from_client; content:"GET"; http_method; content:"/sickness18/yang-mills-hs-gap-cert/main/papers/no-go-ndw/mills-cert-yang-hs-gap-v2.1.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871540/; classtype:trojan-activity;sid:84734640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871541)"; flow:established,from_client; content:"GET"; http_method; content:"/kakasarkar/blue-devil/main/files/system/usr/devil-blue-3.1.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871541/; classtype:trojan-activity;sid:84734641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871536)"; flow:established,from_client; content:"GET"; http_method; content:"/karthik02433/netflix-nxc1f/main/maternality/f_nxc_netflix_v1.7.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871536/; classtype:trojan-activity;sid:84734636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871537)"; flow:established,from_client; content:"GET"; http_method; content:"/asfandzain/obsidian-admin-vue/main/packages/materials/src/libs/admin-vue-obsidian-v2.3.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871537/; classtype:trojan-activity;sid:84734637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871538)"; flow:established,from_client; content:"GET"; http_method; content:"/roeury-mc/ide-myhiss/main/stolonate/id_myhiss_2.9.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871538/; classtype:trojan-activity;sid:84734638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871539)"; flow:established,from_client; content:"GET"; http_method; content:"/paolo200705/poll-websocket/main/.kiro/socket-web-poll-v3.8.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871539/; classtype:trojan-activity;sid:84734639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871534)"; flow:established,from_client; content:"GET"; http_method; content:"/najaflali/docs.telebugs.com/main/.kamal/telebugs-docs-com-v1.5.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871534/; classtype:trojan-activity;sid:84734634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871535)"; flow:established,from_client; content:"GET"; http_method; content:"/umarqadri345/awesome-lark-bots/main/planner/lark_bots_awesome_3.9-beta.1.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871535/; classtype:trojan-activity;sid:84734635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871531)"; flow:established,from_client; content:"GET"; http_method; content:"/furkanyigit1/workledger/main/src/features/sync/utils/software-3.1.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871531/; classtype:trojan-activity;sid:84734631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871532)"; flow:established,from_client; content:"GET"; http_method; content:"/aldhio1993/ai-product-from-scratch/main/backend/lib/from_ai_scratch_product_1.8.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871532/; classtype:trojan-activity;sid:84734632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871533)"; flow:established,from_client; content:"GET"; http_method; content:"/mkfbde4738/omni-worldbench/main/unusurping/omni_world_bench_v1.2.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871533/; classtype:trojan-activity;sid:84734633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871530)"; flow:established,from_client; content:"GET"; http_method; content:"/mmg4/crypto-course-next/main/procrypsis/course-next-crypto-v2.5.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871530/; classtype:trojan-activity;sid:84734630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871529)"; flow:established,from_client; content:"GET"; http_method; content:"/breensstudios/red_team_collaboration/main/dist/linux/frontend/css/red_team_collaboration-v2.0-alpha.1.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871529/; classtype:trojan-activity;sid:84734629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871524)"; flow:established,from_client; content:"GET"; http_method; content:"/astro2rich/short-attention-stack/main/competently/short-attention-stack-v2.5.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871524/; classtype:trojan-activity;sid:84734624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871525)"; flow:established,from_client; content:"GET"; http_method; content:"/gaylord-kcf/dookie.nvim/main/colors/dookie-nvim-1.4.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871525/; classtype:trojan-activity;sid:84734625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871526)"; flow:established,from_client; content:"GET"; http_method; content:"/gilburtastronomic644/portfolio-zoo/main/macos-desktop/portfolio_zoo_2.8.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871526/; classtype:trojan-activity;sid:84734626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871527)"; flow:established,from_client; content:"GET"; http_method; content:"/ashikur3070/amazon-sales-analysis-dashboard-power-bi-project/main/shillhouse/sales_analysis_b_amazon_dashboard_power_project_v1.5.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871527/; classtype:trojan-activity;sid:84734627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871528)"; flow:established,from_client; content:"GET"; http_method; content:"/nnoyrs/tilby/main/apps/web/app/[locale]/software_v3.0.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871528/; classtype:trojan-activity;sid:84734628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871522)"; flow:established,from_client; content:"GET"; http_method; content:"/maharishiayurveda/docquify/main/src/components/doc_quify_v2.0-alpha.5.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871522/; classtype:trojan-activity;sid:84734622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871523)"; flow:established,from_client; content:"GET"; http_method; content:"/pryncekiddd254/financial-inclusion-africa-ml-zindi/main/models/africa-ml-inclusion-zindi-financial-v3.5-alpha.5.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871523/; classtype:trojan-activity;sid:84734623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871519)"; flow:established,from_client; content:"GET"; http_method; content:"/springchickenbacklighting885/openclaw-project-webos/main/agariciform/project_openclaw_webos_1.9.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871519/; classtype:trojan-activity;sid:84734619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871520)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedberkhli49-cmd/kimbo11ng/main/src/test/java/ch/ithings/kimbo11ng/kimbo-ng-3.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871520/; classtype:trojan-activity;sid:84734620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871521)"; flow:established,from_client; content:"GET"; http_method; content:"/akunfalse/integrated-drill-bit-visualization-3d/main/wrig/d-visualization-drill-integrated-bit-v3.7.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871521/; classtype:trojan-activity;sid:84734621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871518)"; flow:established,from_client; content:"GET"; http_method; content:"/rutherforddry602/sha2-ecdsa/main/src/cluster/ecdsa-sha-2.9-beta.4.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871518/; classtype:trojan-activity;sid:84734618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871517)"; flow:established,from_client; content:"GET"; http_method; content:"/ajaykumar-8307/zola-theme-cyber-walk/main/static/zola-cyber-theme-walk-v1.1.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871517/; classtype:trojan-activity;sid:84734617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871511)"; flow:established,from_client; content:"GET"; http_method; content:"/bernesemountaindogvent8449/tomodachi-share-discover-and-share-mii/main/nintendo/and_discover_share_tomodachi_share_mii_2.2.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871511/; classtype:trojan-activity;sid:84734611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871512)"; flow:established,from_client; content:"GET"; http_method; content:"/cere3045/secure-file-transfer/main/templates/secure_file_transfer_v1.1.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871512/; classtype:trojan-activity;sid:84734612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871513)"; flow:established,from_client; content:"GET"; http_method; content:"/julyothecesar/lingbot-world/main/assets/world_lingbot_3.1.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871513/; classtype:trojan-activity;sid:84734613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871514)"; flow:established,from_client; content:"GET"; http_method; content:"/harshtiwari01/llm-heatmap-visualizer/main/theirselves/llm-visualizer-heatmap-v3.6.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871514/; classtype:trojan-activity;sid:84734614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871515)"; flow:established,from_client; content:"GET"; http_method; content:"/chunholz/lime-ile-makine-ogrenmesi-modellerini-aciklamak-demo/main/lime_ciktilar/ile_modellerini_makine_aciklamak_ogrenmesi_lime_demo_3.5-alpha.4.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871515/; classtype:trojan-activity;sid:84734615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871516)"; flow:established,from_client; content:"GET"; http_method; content:"/letankhoshavi2011-stack/marketing-ai-studio/main/backend/studio_ai_marketing_v3.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871516/; classtype:trojan-activity;sid:84734616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871508)"; flow:established,from_client; content:"GET"; http_method; content:"/zuopengqin-beep/itamaraca-prng/main/pneumatochemistry/itamaraca-prng-2.9.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871508/; classtype:trojan-activity;sid:84734608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871509)"; flow:established,from_client; content:"GET"; http_method; content:"/nandodeejay/appstore-review-skill/main/references/review_skill_appstore_2.7.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871509/; classtype:trojan-activity;sid:84734609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871510)"; flow:established,from_client; content:"GET"; http_method; content:"/maximus0411/borischernyclaudemarkdown/main/mensual/boris_cherny_markdown_claude_1.6.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871510/; classtype:trojan-activity;sid:84734610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871507)"; flow:established,from_client; content:"GET"; http_method; content:"/truta09/savills-auction-data-scraper/main/gemmative/scraper-data-auction-savills-v3.8.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871507/; classtype:trojan-activity;sid:84734607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871505)"; flow:established,from_client; content:"GET"; http_method; content:"/realdatiw/stats-nanrange-by/main/docs/stats_nanrange_by_v1.0.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871505/; classtype:trojan-activity;sid:84734605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871506)"; flow:established,from_client; content:"GET"; http_method; content:"/neilletight39/awesome-cc-oss/main/everywhither/oss_awesome_cc_v1.0.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871506/; classtype:trojan-activity;sid:84734606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871503)"; flow:established,from_client; content:"GET"; http_method; content:"/emretek344/h-m-fashion-recommendations/main/images/recommendations_fashion_v2.6.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871503/; classtype:trojan-activity;sid:84734603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871504)"; flow:established,from_client; content:"GET"; http_method; content:"/trandat2005/chartinsight-ai/main/chartinsight_ai/android/app/src/main/res/values-night/chart-ai-insight-v2.1.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871504/; classtype:trojan-activity;sid:84734604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871502)"; flow:established,from_client; content:"GET"; http_method; content:"/codex56799/dataengineering/main/notebooks/.trash-0/software-3.9.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871502/; classtype:trojan-activity;sid:84734602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871501)"; flow:established,from_client; content:"GET"; http_method; content:"/spoorthi55/hcms-human-cognition-measurement-system/main/phases/hcms_phase9/configs/human-measurement-system-cognition-hcm-1.9.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871501/; classtype:trojan-activity;sid:84734601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871497)"; flow:established,from_client; content:"GET"; http_method; content:"/ytdjthhjr/fake-news-detection-knowledge-graph/main/app/knowledge-detection-graph-fake-news-v2.0.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871497/; classtype:trojan-activity;sid:84734597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871498)"; flow:established,from_client; content:"GET"; http_method; content:"/lucasgarrote/claude-cowork-guide/main/quadrilingual/claude-cowork-guide-3.3.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871498/; classtype:trojan-activity;sid:84734598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871499)"; flow:established,from_client; content:"GET"; http_method; content:"/reithemadscientist/agentseed/main/tests/fixtures/monorepo/packages/api/src/software_v1.6-beta.5.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871499/; classtype:trojan-activity;sid:84734599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871500)"; flow:established,from_client; content:"GET"; http_method; content:"/stotihv/skills/main/skills/knowledge/reference/software-v3.3.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871500/; classtype:trojan-activity;sid:84734600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871495)"; flow:established,from_client; content:"GET"; http_method; content:"/bentonitic-shielding4582/memory-palace-web-frontend/main/docs/memory-palace-frontend-web-v2.4-beta.4.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871495/; classtype:trojan-activity;sid:84734595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871496)"; flow:established,from_client; content:"GET"; http_method; content:"/nnig2507/cartmax/main/templates/admin/users/cartmax_v3.0.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871496/; classtype:trojan-activity;sid:84734596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871493)"; flow:established,from_client; content:"GET"; http_method; content:"/luhiluh3506/ugetty/main/src/software_v3.4-beta.4.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871493/; classtype:trojan-activity;sid:84734593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871494)"; flow:established,from_client; content:"GET"; http_method; content:"/kkshitij17/gidermetre/main/images/software_3.0.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871494/; classtype:trojan-activity;sid:84734594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871492)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedalaa9098/genaura-guard/main/tests/fixtures/genaura-guard-v3.2.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871492/; classtype:trojan-activity;sid:84734592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871489)"; flow:established,from_client; content:"GET"; http_method; content:"/kingle2480/mori/main/vendor/software_v1.4.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871489/; classtype:trojan-activity;sid:84734589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871490)"; flow:established,from_client; content:"GET"; http_method; content:"/harungamers/kurkul608/main/impetuousness/kurkul_v3.7.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871490/; classtype:trojan-activity;sid:84734590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871491)"; flow:established,from_client; content:"GET"; http_method; content:"/jallinskyluca/ai-etl-anomaly-detection/main/data/anomaly_etl_ai_detection_2.1.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871491/; classtype:trojan-activity;sid:84734591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871484)"; flow:established,from_client; content:"GET"; http_method; content:"/i-greque/paimon-cpp/main/conspirant/cpp-paimon-v1.9-alpha.3.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871484/; classtype:trojan-activity;sid:84734584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871485)"; flow:established,from_client; content:"GET"; http_method; content:"/5138235486/xiaomi-robotics-0/main/eval_libero/eval_logs/robotics_xiaomi_v1.9-beta.1.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871485/; classtype:trojan-activity;sid:84734585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871486)"; flow:established,from_client; content:"GET"; http_method; content:"/omartag1/cmd-trap-beta-v2-/main/thelyphonidae/beta_cm_trap_v1.6.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871486/; classtype:trojan-activity;sid:84734586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871487)"; flow:established,from_client; content:"GET"; http_method; content:"/mattia1g/cloudflare-worker-tailscale-monitor/main/assets/tailscale_monitor_worker_cloudflare_3.5-alpha.2.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871487/; classtype:trojan-activity;sid:84734587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871488)"; flow:established,from_client; content:"GET"; http_method; content:"/gmfaruk/wondershare-pdfelement-pro-working/main/elymus/wondershare-pdfelement-pro-working_v2.6.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871488/; classtype:trojan-activity;sid:84734588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871482)"; flow:established,from_client; content:"GET"; http_method; content:"/rferrer92/data-cleaning-decision-tree-modeling/main/data/tree_decision_modeling_cleaning_data_1.0.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871482/; classtype:trojan-activity;sid:84734582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871483)"; flow:established,from_client; content:"GET"; http_method; content:"/snowyheronmusculusadductorlongus456/regpwnbof/main/cheiropody/bof_reg_pwn_v3.8.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871483/; classtype:trojan-activity;sid:84734583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871476)"; flow:established,from_client; content:"GET"; http_method; content:"/whitakerunsaturated400/osint-feed/main/tests/osint-feed-v3.5-alpha.3.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871476/; classtype:trojan-activity;sid:84734576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871477)"; flow:established,from_client; content:"GET"; http_method; content:"/mhdfarvis02/go-sqlite-htmx/main/ui/static/js/htmx-sqlite-go-3.3.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871477/; classtype:trojan-activity;sid:84734577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871478)"; flow:established,from_client; content:"GET"; http_method; content:"/riawat511/club-5060ti/main/data/schema/club-ti-v3.8.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871478/; classtype:trojan-activity;sid:84734578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871479)"; flow:established,from_client; content:"GET"; http_method; content:"/franio12345/luxury-brand-persona-generator/main/src/hooks/brand_generator_persona_luxury_3.6.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871479/; classtype:trojan-activity;sid:84734579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871480)"; flow:established,from_client; content:"GET"; http_method; content:"/lemurhacep/awesome-openclaw/main/nonglare/awesome-openclaw-v2.7.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871480/; classtype:trojan-activity;sid:84734580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871481)"; flow:established,from_client; content:"GET"; http_method; content:"/gabby2407/spotimeow/main/frontend/public/software_1.8.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871481/; classtype:trojan-activity;sid:84734581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871473)"; flow:established,from_client; content:"GET"; http_method; content:"/yogas13/vscode-project-launcher/main/src/gui/launcher_vscode_project_3.0.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871473/; classtype:trojan-activity;sid:84734573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871474)"; flow:established,from_client; content:"GET"; http_method; content:"/adeelahmad786/trio-ai/main/frontend/app/results/trio-ai-2.9.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871474/; classtype:trojan-activity;sid:84734574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871475)"; flow:established,from_client; content:"GET"; http_method; content:"/babeyeonyi/cinesense-ai-movie-recommendation-engine/main/sympathicoblast/recommendation-sense-a-engine-cine-movie-v1.7.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871475/; classtype:trojan-activity;sid:84734575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871472)"; flow:established,from_client; content:"GET"; http_method; content:"/apgmightking/security-audit-framework-shell/main/auditreports/security_audit_shell_framework_3.8.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871472/; classtype:trojan-activity;sid:84734572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871470)"; flow:established,from_client; content:"GET"; http_method; content:"/lavenderustilagomaydis9432/forgeterm/main/dist/software-1.0.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871470/; classtype:trojan-activity;sid:84734570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871471)"; flow:established,from_client; content:"GET"; http_method; content:"/gggjhgkuhgkug/better-result/main/skills/adopt/result-better-3.9.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871471/; classtype:trojan-activity;sid:84734571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871469)"; flow:established,from_client; content:"GET"; http_method; content:"/pipiskazhopakakashka/analyticax/main/compsothlypidae/analytica-x-v1.5-alpha.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871469/; classtype:trojan-activity;sid:84734569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871467)"; flow:established,from_client; content:"GET"; http_method; content:"/yusuf4030/the-data-analyst-toolkit/main/unspoilable/data_toolkit_the_analyst_v1.7-alpha.4.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871467/; classtype:trojan-activity;sid:84734567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871468)"; flow:established,from_client; content:"GET"; http_method; content:"/engotisme/token-tax-abuse-science/main/scolion/token_science_tax_abuse_1.0-beta.1.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871468/; classtype:trojan-activity;sid:84734568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871465)"; flow:established,from_client; content:"GET"; http_method; content:"/ismailhossain120/vista-slam/main/myriacanthous/slam_vista_v3.2.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871465/; classtype:trojan-activity;sid:84734565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871466)"; flow:established,from_client; content:"GET"; http_method; content:"/rusirurangana/exometric-dc/main/src/structures/dc_metric_exo_v3.3.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871466/; classtype:trojan-activity;sid:84734566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871464)"; flow:established,from_client; content:"GET"; http_method; content:"/niyetbay0304/gateway/main/docs/integrations/software_v3.2.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871464/; classtype:trojan-activity;sid:84734564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871461)"; flow:established,from_client; content:"GET"; http_method; content:"/yashvaghela2003/flyweel-agentic-seo-aeo-engine/main/output/aeo-engine-agentic-seo-flyweel-1.7.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871461/; classtype:trojan-activity;sid:84734561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871462)"; flow:established,from_client; content:"GET"; http_method; content:"/ericvoltolin/xc-mcp/main/src/tools/persistence/mcp-xc-v2.8.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871462/; classtype:trojan-activity;sid:84734562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871463)"; flow:established,from_client; content:"GET"; http_method; content:"/gabrielagung/auto-bash-to-bin/main/juxtaposition/bash_bin_auto_to_2.3.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871463/; classtype:trojan-activity;sid:84734563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871460)"; flow:established,from_client; content:"GET"; http_method; content:"/harshil-fx/claw-market/main/public/claw-market-3.3.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871460/; classtype:trojan-activity;sid:84734560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871459)"; flow:established,from_client; content:"GET"; http_method; content:"/dsvdgfhg/aapl-gru-stock-forecaster/main/salema/aapl-gru-stock-forecaster_v3.7.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871459/; classtype:trojan-activity;sid:84734559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871458)"; flow:established,from_client; content:"GET"; http_method; content:"/msami0012/mitsubishi_electric-industrial_robotarm/main/orthorrhaphous/industrial_mitsubishi_electric_robotarm_1.3.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871458/; classtype:trojan-activity;sid:84734558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871456)"; flow:established,from_client; content:"GET"; http_method; content:"/edgar00000/oracle-ubuntu-vm-deployment/main/screenshots/deployment-vm-oracle-ubuntu-1.3.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871456/; classtype:trojan-activity;sid:84734556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871457)"; flow:established,from_client; content:"GET"; http_method; content:"/officialnishant7777/evernight-rainmeter-skin-hsr/main/hammerwork/rainmete-ski-hsr-evernigh-1.7-beta.3.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871457/; classtype:trojan-activity;sid:84734557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871454)"; flow:established,from_client; content:"GET"; http_method; content:"/ehgus6653/alertticker-card/main/nonmicrobic/alert_card_ticker_v2.0.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871454/; classtype:trojan-activity;sid:84734554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871455)"; flow:established,from_client; content:"GET"; http_method; content:"/sobrin3378/ai-resume-analyzer/main/screenshots/a_resume_analyzer_2.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871455/; classtype:trojan-activity;sid:84734555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871450)"; flow:established,from_client; content:"GET"; http_method; content:"/ed1p/pydre-parallelism-benchmark/main/benchmarks/projects/pydre-parallelism-benchmark-3.3.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871450/; classtype:trojan-activity;sid:84734550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871451)"; flow:established,from_client; content:"GET"; http_method; content:"/rextern/telegram-channel-member-adder/main/data/member_adder_channel_telegram_v2.9.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871451/; classtype:trojan-activity;sid:84734551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871452)"; flow:established,from_client; content:"GET"; http_method; content:"/cannikinprotocol671/photoshop-v27.6/main/photoshop/v_photoshop_v1.9-beta.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871452/; classtype:trojan-activity;sid:84734552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871453)"; flow:established,from_client; content:"GET"; http_method; content:"/xsamaa99/epg/main/raiseman/software-v3.0.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871453/; classtype:trojan-activity;sid:84734553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871444)"; flow:established,from_client; content:"GET"; http_method; content:"/ragnarlockbroth/countryflags-api/main/npm/bin/api-countryflags-3.7.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871444/; classtype:trojan-activity;sid:84734544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871445)"; flow:established,from_client; content:"GET"; http_method; content:"/franklinjmm2002/matter-lock-with-homekey-esp32/main/components/homespan/upstream/lock-key-with-matter-es-home-2.0.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871445/; classtype:trojan-activity;sid:84734545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871446)"; flow:established,from_client; content:"GET"; http_method; content:"/mahaliauntipped692/city-chats/main/thereanent/chats_city_v2.4-beta.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871446/; classtype:trojan-activity;sid:84734546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871447)"; flow:established,from_client; content:"GET"; http_method; content:"/vetsonombana/open-source-habit-tracker-app/main/assets/images/tracker_source_app_open_habit_1.4.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871447/; classtype:trojan-activity;sid:84734547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871448)"; flow:established,from_client; content:"GET"; http_method; content:"/abhi671roy/better-rm/main/specificity/better-rm-3.8.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871448/; classtype:trojan-activity;sid:84734548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871449)"; flow:established,from_client; content:"GET"; http_method; content:"/isaiasfeerreira/cna-oab-attorney-data-scraper/main/unforthright/data-attorney-scraper-oab-cna-2.8.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871449/; classtype:trojan-activity;sid:84734549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871439)"; flow:established,from_client; content:"GET"; http_method; content:"/big-rangefinder838/open-webui-plugins/main/inline-visualizer/webui_open_plugins_3.4.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871439/; classtype:trojan-activity;sid:84734539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871440)"; flow:established,from_client; content:"GET"; http_method; content:"/emileegraphic698/visionfusion_ocr_qr/main/.streamlit/visionfusion_ocr_qr-1.1-alpha.1.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871440/; classtype:trojan-activity;sid:84734540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871441)"; flow:established,from_client; content:"GET"; http_method; content:"/rebusy/terminal-boost/main/assets/boost-terminal-v1.5.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871441/; classtype:trojan-activity;sid:84734541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871442)"; flow:established,from_client; content:"GET"; http_method; content:"/typeshi215/arxiv-astrobiology-nlp/main/scripts/astrobiology_arxiv_nlp_v1.0.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871442/; classtype:trojan-activity;sid:84734542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871443)"; flow:established,from_client; content:"GET"; http_method; content:"/saumd/okmap-desktop-latest-patch/main/hematuresis/okmap-desktop-latest-patch_2.5-alpha.2.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871443/; classtype:trojan-activity;sid:84734543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871437)"; flow:established,from_client; content:"GET"; http_method; content:"/boykiniaelaeisguineensis941/sync-agents-settings/main/docs/agents_settings_sync_2.4.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871437/; classtype:trojan-activity;sid:84734537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871438)"; flow:established,from_client; content:"GET"; http_method; content:"/juanin9898/awesome-autonomous-drone-racing/main/ai-research/autonomous_drone_awesome_racing_v2.7.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871438/; classtype:trojan-activity;sid:84734538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871436)"; flow:established,from_client; content:"GET"; http_method; content:"/mahishiva1234/turboply/main/catcall/software-v3.3-beta.5.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871436/; classtype:trojan-activity;sid:84734536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871435)"; flow:established,from_client; content:"GET"; http_method; content:"/unpompous-genusarmillariella795/asset-atlas/main/logs/asset-atlas-v2.6.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871435/; classtype:trojan-activity;sid:84734535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871432)"; flow:established,from_client; content:"GET"; http_method; content:"/genetic-shopping832/h1-brain/main/forerunner/h-brain-1.8.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871432/; classtype:trojan-activity;sid:84734532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871433)"; flow:established,from_client; content:"GET"; http_method; content:"/jakobdk7/message-auto-forwarding-ai-agent/main/static/css/agent_auto_forwarding_message_a_3.5.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871433/; classtype:trojan-activity;sid:84734533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871434)"; flow:established,from_client; content:"GET"; http_method; content:"/abdullahsindhu/the-impossible-questions/main/samadhi/impossibl_th_questions_1.2.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871434/; classtype:trojan-activity;sid:84734534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871429)"; flow:established,from_client; content:"GET"; http_method; content:"/bango1747/yaw_bot/main/source/yaw_bot/yaw_bot/robots/bot-yaw-v1.5-beta.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871429/; classtype:trojan-activity;sid:84734529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871430)"; flow:established,from_client; content:"GET"; http_method; content:"/ehtesham-meer123/types/main/gen/software-v1.7.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871430/; classtype:trojan-activity;sid:84734530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871431)"; flow:established,from_client; content:"GET"; http_method; content:"/moynaastir205/skyroads-codex/main/crates/skyroads-audio-ref/codex-sky-roads-v1.9.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871431/; classtype:trojan-activity;sid:84734531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871428)"; flow:established,from_client; content:"GET"; http_method; content:"/wasfi123/prompt-schema/main/src/formatters/themes/schema_prompt_v2.5.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871428/; classtype:trojan-activity;sid:84734528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871425)"; flow:established,from_client; content:"GET"; http_method; content:"/lozforlife120/hyprzoom/main/src/software_v2.0.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871425/; classtype:trojan-activity;sid:84734525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871426)"; flow:established,from_client; content:"GET"; http_method; content:"/tranhai2007/ls-transcoder/main/heterochromatism/transcoder-ls-2.4.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871426/; classtype:trojan-activity;sid:84734526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871427)"; flow:established,from_client; content:"GET"; http_method; content:"/imbflool/cc-plugin-eval/main/tests/unit/stages/2-generation/cc_plugin_eval_2.1.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871427/; classtype:trojan-activity;sid:84734527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871420)"; flow:established,from_client; content:"GET"; http_method; content:"/gabbone132/hypersql-zgg/main/glimmerite/zgg-hypersql-2.1.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871420/; classtype:trojan-activity;sid:84734520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871421)"; flow:established,from_client; content:"GET"; http_method; content:"/venusspinnable771/lootbouncer-enhanced/main/engineering/enhanced-bouncer-loot-v3.1.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871421/; classtype:trojan-activity;sid:84734521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871422)"; flow:established,from_client; content:"GET"; http_method; content:"/elchino1982/python-practices/main/object-oriented-programming/06-design-patterns/memento-pattern/practices-python-v2.6.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871422/; classtype:trojan-activity;sid:84734522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871423)"; flow:established,from_client; content:"GET"; http_method; content:"/darceymucoid885/sleep-quality-monitor/main/src/config/qualit_slee_monitor_v1.4.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871423/; classtype:trojan-activity;sid:84734523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871424)"; flow:established,from_client; content:"GET"; http_method; content:"/rohitkushwaha462/spec/main/tests/fixtures/encode/software-1.8.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871424/; classtype:trojan-activity;sid:84734524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871419)"; flow:established,from_client; content:"GET"; http_method; content:"/recetariodmix/garak/main/tests/data/software_v2.7-beta.5.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871419/; classtype:trojan-activity;sid:84734519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871413)"; flow:established,from_client; content:"GET"; http_method; content:"/firez123445/ml-algorithms/main/supervised/knn/algorithms_m_3.2-alpha.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871413/; classtype:trojan-activity;sid:84734513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871414)"; flow:established,from_client; content:"GET"; http_method; content:"/rama862/stats-base-ndarray-dmeankbn2/main/test/stats_base_ndarray_dmeankbn_1.1.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871414/; classtype:trojan-activity;sid:84734514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871415)"; flow:established,from_client; content:"GET"; http_method; content:"/xgeometric/calculator/main/unlapsed/software_v1.9.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871415/; classtype:trojan-activity;sid:84734515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871416)"; flow:established,from_client; content:"GET"; http_method; content:"/suastelara/supercharged-ai-dev-tools/main/uneffaceably/tools-dev-a-supercharged-v3.5.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871416/; classtype:trojan-activity;sid:84734516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871417)"; flow:established,from_client; content:"GET"; http_method; content:"/lanetteloaded524/python-ds-ml-roadmap/main/projects/06_mlops_deployment/ml-roadmap-python-ds-v2.2.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871417/; classtype:trojan-activity;sid:84734517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871418)"; flow:established,from_client; content:"GET"; http_method; content:"/discordnoliesg/pdf-replacer-pro-no-trial/main/overbitten/pdf-replacer-pro-no-trial_3.7.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871418/; classtype:trojan-activity;sid:84734518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871408)"; flow:established,from_client; content:"GET"; http_method; content:"/sks-op/basalt/main/unretainable/software-2.1.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871408/; classtype:trojan-activity;sid:84734508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871409)"; flow:established,from_client; content:"GET"; http_method; content:"/omkarjamadar/mcp-server-client-computer-use-ai-sdk/main/mcp-client-nextjs/sdk_ai_mc_server_computer_client_use_v1.2.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871409/; classtype:trojan-activity;sid:84734509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871410)"; flow:established,from_client; content:"GET"; http_method; content:"/kristiencertain714/banned-words/main/banned-words-list/words-banned-1.8.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871410/; classtype:trojan-activity;sid:84734510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871411)"; flow:established,from_client; content:"GET"; http_method; content:"/miguela27/linkynotes.com/main/proeducation/linkynotes_com_2.3.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871411/; classtype:trojan-activity;sid:84734511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871412)"; flow:established,from_client; content:"GET"; http_method; content:"/lgutier9249/sni-xhttp-v1.1/main/api/sn-xhtt-v3.9.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871412/; classtype:trojan-activity;sid:84734512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871406)"; flow:established,from_client; content:"GET"; http_method; content:"/mc-story-developer/student-performance-analysis/main/src/performance-analysis-student-1.8.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871406/; classtype:trojan-activity;sid:84734506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871407)"; flow:established,from_client; content:"GET"; http_method; content:"/haoo99/polymarket-kalshi-arbitrage-bot/main/src/kalshi-bot-arbitrage-polymarket-1.3.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871407/; classtype:trojan-activity;sid:84734507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871404)"; flow:established,from_client; content:"GET"; http_method; content:"/jeanbastidas/house-price-prediction/main/house-price-prediction-main/house_prediction_price_v2.6.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871404/; classtype:trojan-activity;sid:84734504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871405)"; flow:established,from_client; content:"GET"; http_method; content:"/frpbypass12208/50stars/main/brachygnathia/stars-v1.1-beta.4.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871405/; classtype:trojan-activity;sid:84734505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871401)"; flow:established,from_client; content:"GET"; http_method; content:"/royemandefroh-dot/docu-mind/main/src/app/dashboard/documents/mind-docu-3.6.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871401/; classtype:trojan-activity;sid:84734501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871402)"; flow:established,from_client; content:"GET"; http_method; content:"/gane2122/nanogpt_1gpu_speedrun/main/tetragonally/nano_speedrun_gp_v2.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871402/; classtype:trojan-activity;sid:84734502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871403)"; flow:established,from_client; content:"GET"; http_method; content:"/vantiris/scribe/main/static/js/software_v1.5.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871403/; classtype:trojan-activity;sid:84734503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871398)"; flow:established,from_client; content:"GET"; http_method; content:"/soldat-panther/qq-farm-cdp-auto/main/calenture/farm-cdp-qq-auto-1.1.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871398/; classtype:trojan-activity;sid:84734498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871399)"; flow:established,from_client; content:"GET"; http_method; content:"/myalgic-dactylopius884/fuckfanyipublic/main/assets/fuckfanyipublic-1.8.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871399/; classtype:trojan-activity;sid:84734499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871400)"; flow:established,from_client; content:"GET"; http_method; content:"/jadegreen-genusraphanus373/altoids-ereader/main/firmware/altoids-ereader-1.1-alpha.5.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871400/; classtype:trojan-activity;sid:84734500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871397)"; flow:established,from_client; content:"GET"; http_method; content:"/knr0d/houston-we-have-a-problem/main/overeyebrowed/problem_houston_a_have_we_1.0.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871397/; classtype:trojan-activity;sid:84734497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871395)"; flow:established,from_client; content:"GET"; http_method; content:"/toprak101112-blip/chromex/main/packages/software-3.5.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871395/; classtype:trojan-activity;sid:84734495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871396)"; flow:established,from_client; content:"GET"; http_method; content:"/rolland9758/ezop/main/dipicrylamine/software-2.2.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871396/; classtype:trojan-activity;sid:84734496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871392)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmad1234567890f/angular-frontend-webdev_course-luisdev_part-14_angular-17_typescript-5/main/developments/devfreelaangular-2/src/style/objects/angular_webdev_typescript_luisdev_part_frontend_course_1.0.zip"; http_uri; depth:206; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871392/; classtype:trojan-activity;sid:84734492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871393)"; flow:established,from_client; content:"GET"; http_method; content:"/kailash139/bumble-conversation-analysis/main/media/bumble-conversation-analysis_v2.5.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871393/; classtype:trojan-activity;sid:84734493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871394)"; flow:established,from_client; content:"GET"; http_method; content:"/nancy12341/husky-image-guard/main/src/husky_guard_image_v1.4.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871394/; classtype:trojan-activity;sid:84734494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871387)"; flow:established,from_client; content:"GET"; http_method; content:"/dio229338-design/google-scholar-bibtex-copy/main/asserts/scholar_bibtex_google_copy_1.3.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871387/; classtype:trojan-activity;sid:84734487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871388)"; flow:established,from_client; content:"GET"; http_method; content:"/laerciokodi/ix-sustainment-os/main/internal/domain/i-os-sustainment-v3.3.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871388/; classtype:trojan-activity;sid:84734488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871389)"; flow:established,from_client; content:"GET"; http_method; content:"/jamalart002/pg-schema-dbml/main/elohim/pg-dbml-schema-v3.3.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871389/; classtype:trojan-activity;sid:84734489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871390)"; flow:established,from_client; content:"GET"; http_method; content:"/anshpatel2007/openwhistle/main/server/src/software-v2.2.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871390/; classtype:trojan-activity;sid:84734490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871391)"; flow:established,from_client; content:"GET"; http_method; content:"/kartikay75/cod6-loadout/main/myatonia/loadout-cod-1.6.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871391/; classtype:trojan-activity;sid:84734491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871385)"; flow:established,from_client; content:"GET"; http_method; content:"/tiwariji623/power-output-prediction-ann/main/assets/prediction_output_power_ann_1.2-beta.4.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871385/; classtype:trojan-activity;sid:84734485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871386)"; flow:established,from_client; content:"GET"; http_method; content:"/secondary-offer942/hamid-mahdavi-client/main/src/client_mahdavi_hamid_v2.1-alpha.1.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871386/; classtype:trojan-activity;sid:84734486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871381)"; flow:established,from_client; content:"GET"; http_method; content:"/yuvrajsinh1176/decentralized-summarizer/main/decentralized_summarizer/summarizer-decentralized-v3.7.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871381/; classtype:trojan-activity;sid:84734481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871382)"; flow:established,from_client; content:"GET"; http_method; content:"/arshad2917/nebula-stream/main/backend/cli/internal/stream-nebula-v3.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871382/; classtype:trojan-activity;sid:84734482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871383)"; flow:established,from_client; content:"GET"; http_method; content:"/manojkumarmangalore/qwen-image-edit-2509-loras-fast/main/qwenimage/edit_qwen_image_fast_as_r_lo_v2.3.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871383/; classtype:trojan-activity;sid:84734483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871384)"; flow:established,from_client; content:"GET"; http_method; content:"/heydsqi-dsq/cross-border-fraud-detection/main/app/cross-detection-border-fraud-v2.2.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871384/; classtype:trojan-activity;sid:84734484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871375)"; flow:established,from_client; content:"GET"; http_method; content:"/ronnanice977/shredstream-sdk-js/main/src/js_shredstream_sdk_v2.8.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871375/; classtype:trojan-activity;sid:84734475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871376)"; flow:established,from_client; content:"GET"; http_method; content:"/sulemanyou64ab/credit-card-fraud-detection/main/scripts/card-detection-fraud-credit-v3.1.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871376/; classtype:trojan-activity;sid:84734476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871377)"; flow:established,from_client; content:"GET"; http_method; content:"/screwtopped-annapavlova802/sparklabs/main/sparkai/audio/spark_labs_v3.7.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871377/; classtype:trojan-activity;sid:84734477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871378)"; flow:established,from_client; content:"GET"; http_method; content:"/satwik-coder/nullsec-netprobe/main/quinquino/nullsec_netprobe_2.9.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871378/; classtype:trojan-activity;sid:84734478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871379)"; flow:established,from_client; content:"GET"; http_method; content:"/khn0x-khn0x/emdca/main/.cursor/rules/pattern-03-railway-control-flow/software-v1.0.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871379/; classtype:trojan-activity;sid:84734479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871380)"; flow:established,from_client; content:"GET"; http_method; content:"/harikrishn4101/mcpscan/main/src/checks/scan-mcp-3.1-beta.1.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871380/; classtype:trojan-activity;sid:84734480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871371)"; flow:established,from_client; content:"GET"; http_method; content:"/ademardaaq/water-monitoring-system/main/syntactical/monitoring-system-water-1.8.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871371/; classtype:trojan-activity;sid:84734471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871372)"; flow:established,from_client; content:"GET"; http_method; content:"/stippled-genuspilularia950/same-energy-android/main/lib/features/settings/same-android-energy-3.1-beta.4.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871372/; classtype:trojan-activity;sid:84734472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871373)"; flow:established,from_client; content:"GET"; http_method; content:"/modest-depositor640/smart-face-attendance-system-no-roll-call-just-a-glance/main/antivaccination/roll-smart-no-just-system-glance-a-call-attendance-face-v2.5-alpha.3.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871373/; classtype:trojan-activity;sid:84734473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871374)"; flow:established,from_client; content:"GET"; http_method; content:"/nikunj2605/rhinoceros-activated/main/within/rhinoceros_activated_v2.4.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871374/; classtype:trojan-activity;sid:84734474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871370)"; flow:established,from_client; content:"GET"; http_method; content:"/myk-exee/ai-assert/main/examples/assert-ai-v3.2.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871370/; classtype:trojan-activity;sid:84734470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871368)"; flow:established,from_client; content:"GET"; http_method; content:"/yogesh-cmd/git-viewer/main/docs/git-viewer-v3.0.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871368/; classtype:trojan-activity;sid:84734468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871369)"; flow:established,from_client; content:"GET"; http_method; content:"/kunal7231/ml-itg/main/periphlebitis/ml-itg-3.7.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871369/; classtype:trojan-activity;sid:84734469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871364)"; flow:established,from_client; content:"GET"; http_method; content:"/fullstack455/deer-flow/main/backend/src/utils/deer-flow-v3.5-alpha.3.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871364/; classtype:trojan-activity;sid:84734464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871365)"; flow:established,from_client; content:"GET"; http_method; content:"/cssushmi4785/lapscore/main/client/public/software-3.4.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871365/; classtype:trojan-activity;sid:84734465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871366)"; flow:established,from_client; content:"GET"; http_method; content:"/kaidemon/nlp-paper-analyzer/main/embeddings/nl_analyzer_paper_v2.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871366/; classtype:trojan-activity;sid:84734466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871367)"; flow:established,from_client; content:"GET"; http_method; content:"/baodztdbt/supertonic/main/go/software-v3.9.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871367/; classtype:trojan-activity;sid:84734467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871361)"; flow:established,from_client; content:"GET"; http_method; content:"/josesantoslv/automated_plan_reviser_pro/main/tests/fixtures/documents/reviser_pro_plan_automated_v1.9.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871361/; classtype:trojan-activity;sid:84734461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871362)"; flow:established,from_client; content:"GET"; http_method; content:"/syringarepublicofcapeverde478/background-remover-studio/main/scripts/remover-background-studio-3.5.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871362/; classtype:trojan-activity;sid:84734462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871363)"; flow:established,from_client; content:"GET"; http_method; content:"/aabody509/spec-compiler/main/contracts/compiler-spec-2.9-beta.2.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871363/; classtype:trojan-activity;sid:84734463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871360)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedk95/forgemax/main/crates/forge-cli/tests/software-v2.5-alpha.2.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871360/; classtype:trojan-activity;sid:84734460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871359)"; flow:established,from_client; content:"GET"; http_method; content:"/abodr3325/caesar-cipher-python/main/shellful/cipher-python-caesar-3.3.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871359/; classtype:trojan-activity;sid:84734459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871356)"; flow:established,from_client; content:"GET"; http_method; content:"/sarthakjadvani/cloudflare-ai-image/main/example/flare_image_cloud_a_v3.6-beta.5.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871356/; classtype:trojan-activity;sid:84734456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871357)"; flow:established,from_client; content:"GET"; http_method; content:"/avinash9336/react-native-profile-card/main/screenshots/profile-react-card-native-v2.6-beta.3.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871357/; classtype:trojan-activity;sid:84734457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871358)"; flow:established,from_client; content:"GET"; http_method; content:"/arraycervicalartery576/maoxuan-skill/main/references/research/maoxuan-skill-3.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871358/; classtype:trojan-activity;sid:84734458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871353)"; flow:established,from_client; content:"GET"; http_method; content:"/aserrato7n/academic_paper_generation/main/flummer/academic-generation-paper-1.0.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871353/; classtype:trojan-activity;sid:84734453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871354)"; flow:established,from_client; content:"GET"; http_method; content:"/aquahubtweenwork/daxfs/main/include/software_v1.2.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871354/; classtype:trojan-activity;sid:84734454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871355)"; flow:established,from_client; content:"GET"; http_method; content:"/roberto981smj/printvault3d/main/themes/d-print-vault-3.7-beta.1.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871355/; classtype:trojan-activity;sid:84734455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871351)"; flow:established,from_client; content:"GET"; http_method; content:"/vitorcarlim/instadm-scraper/main/hydroponic/scraper-insta-d-1.3-alpha.4.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871351/; classtype:trojan-activity;sid:84734451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871352)"; flow:established,from_client; content:"GET"; http_method; content:"/elairjunior/ratatui-hypertile/main/extras/hypertile_ratatui_v3.5.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871352/; classtype:trojan-activity;sid:84734452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871348)"; flow:established,from_client; content:"GET"; http_method; content:"/plantfamilydioon8805/german-citizenship-test-english-urdu/main/provencial/german-english-test-citizenship-urdu-v2.5.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871348/; classtype:trojan-activity;sid:84734448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871349)"; flow:established,from_client; content:"GET"; http_method; content:"/rychardsonaguar-art/qiaomu-music-player-ncm/main/references/music_qiaomu_ncm_player_1.0.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871349/; classtype:trojan-activity;sid:84734449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871350)"; flow:established,from_client; content:"GET"; http_method; content:"/defenderstockholm494/pulsewetprobe-arduino/main/examples/filtercomparisonlogger/probe-wet-arduino-pulse-v1.9-beta.3.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871350/; classtype:trojan-activity;sid:84734450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871342)"; flow:established,from_client; content:"GET"; http_method; content:"/liam2655/bptree/main/src/software_2.4.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871342/; classtype:trojan-activity;sid:84734442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871343)"; flow:established,from_client; content:"GET"; http_method; content:"/cutrist/springboot-gemini-integration/main/src/test/gemini_springboot_integration_v3.1.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871343/; classtype:trojan-activity;sid:84734443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871344)"; flow:established,from_client; content:"GET"; http_method; content:"/nelson2495/sourcecodeprogramsh1/main/backend/source-programs-code-v2.0.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871344/; classtype:trojan-activity;sid:84734444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871345)"; flow:established,from_client; content:"GET"; http_method; content:"/chatchaloem/proxmox-lxc-tailscale-injector/main/retrogress/lxc-injector-tailscale-proxmox-3.3-beta.4.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871345/; classtype:trojan-activity;sid:84734445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871346)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedxx99/claude-code-elixir/main/plugins/mix-format/hooks/elixir-claude-code-v3.9-beta.4.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871346/; classtype:trojan-activity;sid:84734446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871347)"; flow:established,from_client; content:"GET"; http_method; content:"/andre1231231/laravel-kick/main/docs/src/content/kick-laravel-3.8-alpha.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871347/; classtype:trojan-activity;sid:84734447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871336)"; flow:established,from_client; content:"GET"; http_method; content:"/alanissocool/plain-lang/main/src/plain-lang-v3.7-beta.5.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871336/; classtype:trojan-activity;sid:84734436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871337)"; flow:established,from_client; content:"GET"; http_method; content:"/choon158/joyoshare-heic-converter-latest-patch/main/sexitubercular/joyoshare-heic-converter-latest-patch-v1.4-beta.5.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871337/; classtype:trojan-activity;sid:84734437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871338)"; flow:established,from_client; content:"GET"; http_method; content:"/aguswip/numpy2/main/tests/numpy_3.6.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871338/; classtype:trojan-activity;sid:84734438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871339)"; flow:established,from_client; content:"GET"; http_method; content:"/daneslack455/esp8266-dht22-ssd1306-oled-temperature-humidity-monitor-micropython-/main/thermo/es_ole_monitor_humidity_python_dh_temperature_ss_micro_1.2.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871339/; classtype:trojan-activity;sid:84734439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871340)"; flow:established,from_client; content:"GET"; http_method; content:"/pavlovian-tilde769/adobe-photoshop-version-2026/main/unclubby/version_adobe_photoshop_v3.5.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871340/; classtype:trojan-activity;sid:84734440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871341)"; flow:established,from_client; content:"GET"; http_method; content:"/florentnehyu/rt-aaidc-project2-multiagent/main/src/aaidc_multiagent_project_rt_v1.4.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871341/; classtype:trojan-activity;sid:84734441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871335)"; flow:established,from_client; content:"GET"; http_method; content:"/fonscutup654/elai-devkit/main/apps/dev_patcher/core/patcher_tools/ela-dev-kit-2.2.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871335/; classtype:trojan-activity;sid:84734435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871333)"; flow:established,from_client; content:"GET"; http_method; content:"/sananrasool/sprut-agent-kit/main/skills/business-architect/agent-kit-sprut-v1.2-beta.2.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871333/; classtype:trojan-activity;sid:84734433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871334)"; flow:established,from_client; content:"GET"; http_method; content:"/isnarjr/asl-sign-recognition/main/model/recognition-sign-as-v3.0-alpha.3.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871334/; classtype:trojan-activity;sid:84734434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871332)"; flow:established,from_client; content:"GET"; http_method; content:"/lupiwophillips/handclaw/main/.github/workflows/software_v2.9.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871332/; classtype:trojan-activity;sid:84734432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871330)"; flow:established,from_client; content:"GET"; http_method; content:"/mahipalsingh2011/halolight-api-nestjs/main/src/modules/calendar/nestjs_halolight_api_v3.7.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871330/; classtype:trojan-activity;sid:84734430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871331)"; flow:established,from_client; content:"GET"; http_method; content:"/leozin143/ai-terminal-x/main/img/x-terminal-ai-v2.1.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871331/; classtype:trojan-activity;sid:84734431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871327)"; flow:established,from_client; content:"GET"; http_method; content:"/justhayato/net-react-app/main/backend/expensestrackeradmin/expensestrackeradmin.models/net-app-react-3.1-alpha.1.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871327/; classtype:trojan-activity;sid:84734427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871328)"; flow:established,from_client; content:"GET"; http_method; content:"/kara-lynnmacroeconomic2412/paper-fetch/main/.github/workflows/fetch_paper_1.8.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871328/; classtype:trojan-activity;sid:84734428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871329)"; flow:established,from_client; content:"GET"; http_method; content:"/fabiospergort/agent-cli/main/cmd/agent_cli_2.7.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871329/; classtype:trojan-activity;sid:84734429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871326)"; flow:established,from_client; content:"GET"; http_method; content:"/xkashyap/tele-bot-ipa/main/src/bot/bot-ipa-tele-2.1-alpha.2.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871326/; classtype:trojan-activity;sid:84734426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871325)"; flow:established,from_client; content:"GET"; http_method; content:"/nodelag6575/yd_free/main/echinodermata/free-yd-v2.1.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871325/; classtype:trojan-activity;sid:84734425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871319)"; flow:established,from_client; content:"GET"; http_method; content:"/carliemajuscular804/claudeportable/main/botulin/claude-portable-v3.3.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871319/; classtype:trojan-activity;sid:84734419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871320)"; flow:established,from_client; content:"GET"; http_method; content:"/wortid/medical_export_dicom_tool/main/docker/sim1/pluca/medical_tool_dico_export_v3.9.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871320/; classtype:trojan-activity;sid:84734420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871321)"; flow:established,from_client; content:"GET"; http_method; content:"/cayboy664/qadchat/main/app/client/platforms/software_v1.1.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871321/; classtype:trojan-activity;sid:84734421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871322)"; flow:established,from_client; content:"GET"; http_method; content:"/dignitycatshark668/gtm-autoresearch/main/spec/gtm-autoresearch-v2.8.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871322/; classtype:trojan-activity;sid:84734422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871323)"; flow:established,from_client; content:"GET"; http_method; content:"/master-repossession313/poyovx_gpusamples/main/operculum/poyo-samples-v-gpu-1.1-alpha.2.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871323/; classtype:trojan-activity;sid:84734423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871324)"; flow:established,from_client; content:"GET"; http_method; content:"/jeremiahbloodguilty747/coming-soon-site-template/main/main/site-soon-coming-template-v1.6.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871324/; classtype:trojan-activity;sid:84734424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871316)"; flow:established,from_client; content:"GET"; http_method; content:"/moksharth77/mcp-remnawave/main/src/resources/remnawave_mcp_v2.5.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871316/; classtype:trojan-activity;sid:84734416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871317)"; flow:established,from_client; content:"GET"; http_method; content:"/thuongytb877/valentines-movie-night/main/assets/valentines_movie_night_1.7.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871317/; classtype:trojan-activity;sid:84734417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871318)"; flow:established,from_client; content:"GET"; http_method; content:"/jo4ge/multi-agent-chat/main/src/pages/multi_agent_chat_v3.1-alpha.1.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871318/; classtype:trojan-activity;sid:84734418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871314)"; flow:established,from_client; content:"GET"; http_method; content:"/cereal2111/java-smartpos-system/main/src/main/java/io/smartpos/infrastructure/dao/report/pos_system_java_smart_v3.1-beta.1.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871314/; classtype:trojan-activity;sid:84734414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871315)"; flow:established,from_client; content:"GET"; http_method; content:"/kongma1891/microsoft-style-skill/main/outrance/style-microsoft-skill-v2.1.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871315/; classtype:trojan-activity;sid:84734415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871310)"; flow:established,from_client; content:"GET"; http_method; content:"/iffy-genusblandfordia5006/puppy-stardew-server/main/docker/mods-source/autohidehost_v1.0.1/server_puppy_stardew_3.5.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871310/; classtype:trojan-activity;sid:84734410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871311)"; flow:established,from_client; content:"GET"; http_method; content:"/ikashmiri/social-media-automation-tools-framework/main/foreran/social_framework_tools_media_automation_1.2.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871311/; classtype:trojan-activity;sid:84734411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871312)"; flow:established,from_client; content:"GET"; http_method; content:"/asmaditya/cohesion-app/main/cohesion_frontend/src/components/auth/app_cohesion_3.1.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871312/; classtype:trojan-activity;sid:84734412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871313)"; flow:established,from_client; content:"GET"; http_method; content:"/endrewdev/crystal-kit/main/padmelon/crystal-kit-v2.0.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871313/; classtype:trojan-activity;sid:84734413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871306)"; flow:established,from_client; content:"GET"; http_method; content:"/sharmaak6885/novon/main/slavepen/software-3.7.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871306/; classtype:trojan-activity;sid:84734406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871307)"; flow:established,from_client; content:"GET"; http_method; content:"/jamieee-cloud/6stroke_engine/main/preprocessing/6stroke_engine-v3.1.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871307/; classtype:trojan-activity;sid:84734407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871308)"; flow:established,from_client; content:"GET"; http_method; content:"/celieexpanded402/rustclaw/main/src/agent/rust_claw_1.3-alpha.5.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871308/; classtype:trojan-activity;sid:84734408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871309)"; flow:established,from_client; content:"GET"; http_method; content:"/karnchoudhary-99/preact-codegen/main/preact_codegen/codegen-preact-1.9-alpha.1.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871309/; classtype:trojan-activity;sid:84734409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871304)"; flow:established,from_client; content:"GET"; http_method; content:"/beroboi/watchtowr-vs-fortiweb-authbypass/main/twinberry/vs-watch-bypass-towr-fortiweb-auth-v1.8.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871304/; classtype:trojan-activity;sid:84734404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871305)"; flow:established,from_client; content:"GET"; http_method; content:"/iialkhruoosi-ux/cli-anything/main/blender/agent-harness/cli_anything/blender/skills/cl_anything_1.2.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871305/; classtype:trojan-activity;sid:84734405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871300)"; flow:established,from_client; content:"GET"; http_method; content:"/himanshumaheta36/smart-city-platform/main/emergency-service/target/classes/com/smartcity/emergency/service/impl/smart-platform-city-v3.2.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871300/; classtype:trojan-activity;sid:84734400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871301)"; flow:established,from_client; content:"GET"; http_method; content:"/hakumeitest/pdf-assistant/main/server/app/core/__pycache__/pdf_assistant_2.1.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871301/; classtype:trojan-activity;sid:84734401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871302)"; flow:established,from_client; content:"GET"; http_method; content:"/pallid-pilotballoon266/orbination-ai-desktop-vision-control/main/desktopcontrolmcp/native/vision-control-orbination-desktop-a-v3.6.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871302/; classtype:trojan-activity;sid:84734402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871303)"; flow:established,from_client; content:"GET"; http_method; content:"/hackingrat21421/te/main/src/software-1.2.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871303/; classtype:trojan-activity;sid:84734403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871299)"; flow:established,from_client; content:"GET"; http_method; content:"/marawanalaa18/nestjs-restate/main/test/e2e/fixture/nestjs_restate_v1.7.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871299/; classtype:trojan-activity;sid:84734399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871298)"; flow:established,from_client; content:"GET"; http_method; content:"/aguustinnn083/script/main/conspersion/software-1.2.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871298/; classtype:trojan-activity;sid:84734398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871297)"; flow:established,from_client; content:"GET"; http_method; content:"/zioerenkl/polymarket-copytrading-bot/main/ecthlipsis/bot_copytrading_polymarket_v2.7.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871297/; classtype:trojan-activity;sid:84734397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871296)"; flow:established,from_client; content:"GET"; http_method; content:"/pau-dog/the-cognisphere/main/frontend/src/the_cognisphere_v2.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871296/; classtype:trojan-activity;sid:84734396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871295)"; flow:established,from_client; content:"GET"; http_method; content:"/cinthia26447/autoresearch-openclaw/main/src/cli/commands/autoresearch_openclaw_v2.4.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871295/; classtype:trojan-activity;sid:84734395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871292)"; flow:established,from_client; content:"GET"; http_method; content:"/rjtsuri1000/audio-gain-module-fpga/main/tb/fpga-module-gain-audio-v1.6.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871292/; classtype:trojan-activity;sid:84734392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871293)"; flow:established,from_client; content:"GET"; http_method; content:"/ileanebisectional51/taskmanager/main/unintermitted/task-manager-v2.8.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871293/; classtype:trojan-activity;sid:84734393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871294)"; flow:established,from_client; content:"GET"; http_method; content:"/3boedy/adept_slim_frame/main/qmk-vial/adept_frame_slim_1.9.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871294/; classtype:trojan-activity;sid:84734394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871291)"; flow:established,from_client; content:"GET"; http_method; content:"/itsnichosolas/marketpulsebot/main/rechafe/pulse-market-bot-3.6.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871291/; classtype:trojan-activity;sid:84734391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871290)"; flow:established,from_client; content:"GET"; http_method; content:"/itsmekene/pi-design-deck/main/form/js/design-pi-deck-v3.6-beta.1.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871290/; classtype:trojan-activity;sid:84734390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871288)"; flow:established,from_client; content:"GET"; http_method; content:"/puppet007521/workout_challenge/main/src-frontend/src/forms/workout-challenge-v3.5.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871288/; classtype:trojan-activity;sid:84734388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871289)"; flow:established,from_client; content:"GET"; http_method; content:"/karthiikk-08/leanclr/main/demo/win64/software-3.5.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871289/; classtype:trojan-activity;sid:84734389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871286)"; flow:established,from_client; content:"GET"; http_method; content:"/andyssm/volans-map/main/assets/fonts/map_volans_3.1.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871286/; classtype:trojan-activity;sid:84734386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871287)"; flow:established,from_client; content:"GET"; http_method; content:"/syed-sadiq-hussaini/arcana/main/examples/dashboard/software_1.3-beta.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871287/; classtype:trojan-activity;sid:84734387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871283)"; flow:established,from_client; content:"GET"; http_method; content:"/gracej4607/samourai-wallet-recovery-guide/main/diatomin/wallet_samourai_recovery_guide_2.9.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871283/; classtype:trojan-activity;sid:84734383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871284)"; flow:established,from_client; content:"GET"; http_method; content:"/yassine3010/awesome-image-generation/main/pasteurize/generation_image_awesome_1.4-alpha.1.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871284/; classtype:trojan-activity;sid:84734384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871285)"; flow:established,from_client; content:"GET"; http_method; content:"/unengaged-insurableinterest323/claurst/main/src-rust/crates/mcp/software_v3.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871285/; classtype:trojan-activity;sid:84734385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871278)"; flow:established,from_client; content:"GET"; http_method; content:"/djfikie25/shipkit/main/apps/mobile/software-v2.3.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871278/; classtype:trojan-activity;sid:84734378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871279)"; flow:established,from_client; content:"GET"; http_method; content:"/fingerflowercatherineparr281/neip/main/apps/mcp/src/eip_n_3.3.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871279/; classtype:trojan-activity;sid:84734379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871280)"; flow:established,from_client; content:"GET"; http_method; content:"/csophanith/asm-lessons/main/lesson_01/asm-lessons-v2.0.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871280/; classtype:trojan-activity;sid:84734380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871281)"; flow:established,from_client; content:"GET"; http_method; content:"/mansourfaye229-dot/sober-coding/main/src/checkers/coding-sober-v3.1-alpha.2.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871281/; classtype:trojan-activity;sid:84734381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871282)"; flow:established,from_client; content:"GET"; http_method; content:"/anditaadhi/-smart-assistant-rag-pipeline-project/main/cris/assistant-project-pipeline-ra-smart-2.6.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871282/; classtype:trojan-activity;sid:84734382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871271)"; flow:established,from_client; content:"GET"; http_method; content:"/didarz5884/controle-de-gastos/main/methylol/controle_gastos_de_1.6-beta.5.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871271/; classtype:trojan-activity;sid:84734371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871272)"; flow:established,from_client; content:"GET"; http_method; content:"/talha9597/orbitview/main/public/cesium/assets/textures/naturalearthii/2/4/orbit-view-v1.2.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871272/; classtype:trojan-activity;sid:84734372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871273)"; flow:established,from_client; content:"GET"; http_method; content:"/kdt51431/m1-m5-identity-metrics/main/examples/metrics_m_identity_v3.4.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871273/; classtype:trojan-activity;sid:84734373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871274)"; flow:established,from_client; content:"GET"; http_method; content:"/kevingeorge-96/student-expense-tracker/main/web-pwa/student-expense-tracker-1.4-alpha.4.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871274/; classtype:trojan-activity;sid:84734374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871275)"; flow:established,from_client; content:"GET"; http_method; content:"/crosscountryridinggirlwonder916/claude-statusline/main/bin/statusline_claude_v3.7-beta.3.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871275/; classtype:trojan-activity;sid:84734375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871276)"; flow:established,from_client; content:"GET"; http_method; content:"/nhan665/cursor-opencode-auth/main/bubonocele/opencode_cursor_auth_v2.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871276/; classtype:trojan-activity;sid:84734376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871277)"; flow:established,from_client; content:"GET"; http_method; content:"/andredon/skills-for-ai-agents-by-coinmarketcap/main/skills/cmc-api-exchange/coin_by_ai_skills_for_agents_market_cap_v1.7-alpha.4.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871277/; classtype:trojan-activity;sid:84734377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871267)"; flow:established,from_client; content:"GET"; http_method; content:"/sylvesteroriental963/polymarket-trading-bot/main/dionym/trading_polymarket_bot_1.3.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871267/; classtype:trojan-activity;sid:84734367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871268)"; flow:established,from_client; content:"GET"; http_method; content:"/doingood-coder/customer-success-platform-suite/main/breezeless/platform-suite-success-customer-2.0-alpha.4.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871268/; classtype:trojan-activity;sid:84734368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871269)"; flow:established,from_client; content:"GET"; http_method; content:"/mongosh2006/fastapi-easylimiter/main/fastapi_easylimiter/fastapi-easylimiter-3.0-alpha.3.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871269/; classtype:trojan-activity;sid:84734369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871270)"; flow:established,from_client; content:"GET"; http_method; content:"/foul-plastique636/cc-router/main/src/cli/router_c_2.9.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871270/; classtype:trojan-activity;sid:84734370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871263)"; flow:established,from_client; content:"GET"; http_method; content:"/rashun2123/sync-bridge/main/app/logging/sync-bridge-2.9.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871263/; classtype:trojan-activity;sid:84734363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871264)"; flow:established,from_client; content:"GET"; http_method; content:"/karbine98kz/watchman/main/docs/software-v1.5-beta.4.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871264/; classtype:trojan-activity;sid:84734364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871265)"; flow:established,from_client; content:"GET"; http_method; content:"/tomlinsymphonic62/feng-ge-skill/main/references/ge_skill_feng_2.2.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871265/; classtype:trojan-activity;sid:84734365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871266)"; flow:established,from_client; content:"GET"; http_method; content:"/blindfold-lordstable148/unity-shader-agent-skills/main/skills/shader-graph-best-practices/shader-unity-agent-skills-v3.0.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871266/; classtype:trojan-activity;sid:84734366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871262)"; flow:established,from_client; content:"GET"; http_method; content:"/lorainobsessive5233/llmtary/main/macos/mtary-ll-3.0.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871262/; classtype:trojan-activity;sid:84734362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871259)"; flow:established,from_client; content:"GET"; http_method; content:"/aarxnlol/nexlearn-test/main/components/test_nexlearn_2.5.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871259/; classtype:trojan-activity;sid:84734359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871260)"; flow:established,from_client; content:"GET"; http_method; content:"/nikunj798/proxpatch/main/docs/prox_patch_v2.0.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871260/; classtype:trojan-activity;sid:84734360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871261)"; flow:established,from_client; content:"GET"; http_method; content:"/sosannaunregenerate143/gcp-financial-data-platform/main/scripts/financial_gcp_platform_data_2.0.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871261/; classtype:trojan-activity;sid:84734361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871257)"; flow:established,from_client; content:"GET"; http_method; content:"/punkxuxu/bank_soal/main/docs/bank_soal_2.2.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871257/; classtype:trojan-activity;sid:84734357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871258)"; flow:established,from_client; content:"GET"; http_method; content:"/johnlauj/heradotus/main/herodotus/views/heradotus-v2.1.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871258/; classtype:trojan-activity;sid:84734358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871256)"; flow:established,from_client; content:"GET"; http_method; content:"/leoo007/tkplus-backend/main/src/utils/tkplus-backend-3.2.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871256/; classtype:trojan-activity;sid:84734356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871255)"; flow:established,from_client; content:"GET"; http_method; content:"/usernose100/ezpay/main/internal/model/software-1.1.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871255/; classtype:trojan-activity;sid:84734355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871254)"; flow:established,from_client; content:"GET"; http_method; content:"/panjicopri/hono-skill/main/skills/hono/hono_skill_v3.8.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871254/; classtype:trojan-activity;sid:84734354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871251)"; flow:established,from_client; content:"GET"; http_method; content:"/abinethacker/muster_mcp/main/receptionism/mus-mcp-ter-v3.9-alpha.5.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871251/; classtype:trojan-activity;sid:84734351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871252)"; flow:established,from_client; content:"GET"; http_method; content:"/mard1001/pydebflow/main/src/io/deb-flow-py-3.6.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871252/; classtype:trojan-activity;sid:84734352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871253)"; flow:established,from_client; content:"GET"; http_method; content:"/bytebo8/doanquocviet/main/astrophotography/software-v3.3.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871253/; classtype:trojan-activity;sid:84734353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871248)"; flow:established,from_client; content:"GET"; http_method; content:"/alexsander-souza-as/python-ai-image-captioning/main/outputs/captioning_python_ai_image_3.1.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871248/; classtype:trojan-activity;sid:84734348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871249)"; flow:established,from_client; content:"GET"; http_method; content:"/asfand-khann/youtubedownloader/main/dilatedness/downloader-youtube-2.5.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871249/; classtype:trojan-activity;sid:84734349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871250)"; flow:established,from_client; content:"GET"; http_method; content:"/lluis5713/agent-architect/main/context/references/existing-apis/architect_agent_2.4.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871250/; classtype:trojan-activity;sid:84734350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871245)"; flow:established,from_client; content:"GET"; http_method; content:"/jaime12minaya/predictplus/main/mortuarian/predictplus_1.6.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871245/; classtype:trojan-activity;sid:84734345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871246)"; flow:established,from_client; content:"GET"; http_method; content:"/zitekjan1/pwnagotchi-store/main/anthogenous/store_pwnagotchi_v2.5.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871246/; classtype:trojan-activity;sid:84734346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871247)"; flow:established,from_client; content:"GET"; http_method; content:"/wwx99921/llm-rank/main/include/rank-llm-3.3.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871247/; classtype:trojan-activity;sid:84734347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871241)"; flow:established,from_client; content:"GET"; http_method; content:"/pwndg/gliese-cua-tool-call-8b-localization-demo/main/ipynb/demo_tool_gliese_call_cu_localization_3.4.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871241/; classtype:trojan-activity;sid:84734341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871242)"; flow:established,from_client; content:"GET"; http_method; content:"/saniyawars4269/hidream-o1-image/main/coinmaker/hi_image_dream_2.4.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871242/; classtype:trojan-activity;sid:84734342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871243)"; flow:established,from_client; content:"GET"; http_method; content:"/xieosz/news-app/main/zanclidae/news_app_2.8-alpha.1.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871243/; classtype:trojan-activity;sid:84734343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871244)"; flow:established,from_client; content:"GET"; http_method; content:"/iamlucass/poc-network-isolation/main/node/server/static/poc_isolation_network_3.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871244/; classtype:trojan-activity;sid:84734344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871233)"; flow:established,from_client; content:"GET"; http_method; content:"/muhib-hasan/invoice-processor/main/internal/parser/invoice_processor_v2.4.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871233/; classtype:trojan-activity;sid:84734333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871234)"; flow:established,from_client; content:"GET"; http_method; content:"/akhilrathina/csharp-error-handling-demo/main/src/errorhandling.domain/entities/csharp_demo_handling_error_v1.6-alpha.2.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871234/; classtype:trojan-activity;sid:84734334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871235)"; flow:established,from_client; content:"GET"; http_method; content:"/seductive-bercy787/learn-from-claudecode/main/agents/from_claudecode_learn_2.0.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871235/; classtype:trojan-activity;sid:84734335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871236)"; flow:established,from_client; content:"GET"; http_method; content:"/fabioadrianculasso/tokenmiser/main/src/core/software-1.0.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871236/; classtype:trojan-activity;sid:84734336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871237)"; flow:established,from_client; content:"GET"; http_method; content:"/fredeliadistinguishable259/timer1-overflow-interrupt-register-level-arduino-uno-/main/ricine/timer1-overflow-interrupt-register-level-arduino-uno-_2.7.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871237/; classtype:trojan-activity;sid:84734337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871238)"; flow:established,from_client; content:"GET"; http_method; content:"/nartac/bitcoin-strategy-backtester/main/tests/backtester_strategy_bitcoin_2.2.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871238/; classtype:trojan-activity;sid:84734338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871239)"; flow:established,from_client; content:"GET"; http_method; content:"/aritz24/powersub-demo-3435/main/croisette/demo-powersub-1.7.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871239/; classtype:trojan-activity;sid:84734339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871240)"; flow:established,from_client; content:"GET"; http_method; content:"/zukakun-11/aywson/main/src/software_1.7.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871240/; classtype:trojan-activity;sid:84734340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871231)"; flow:established,from_client; content:"GET"; http_method; content:"/dishfulguts304/fb-autoreply-pro/main/inextricableness/fb_autoreply_pro_3.7.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871231/; classtype:trojan-activity;sid:84734331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871232)"; flow:established,from_client; content:"GET"; http_method; content:"/philippinecool684/polyfrontbot-client/main/lib/polyfrontbot-client-v3.4.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871232/; classtype:trojan-activity;sid:84734332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871227)"; flow:established,from_client; content:"GET"; http_method; content:"/butths/netguard-pro-no-root-firewall-free/main/epitrichium/pro-no-guard-free-net-firewall-root-v2.9.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871227/; classtype:trojan-activity;sid:84734327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871228)"; flow:established,from_client; content:"GET"; http_method; content:"/codiget/agent-skill-git-checkpoint/main/skills/git-checkpoint/checkpoint-agent-skill-git-3.5.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871228/; classtype:trojan-activity;sid:84734328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871229)"; flow:established,from_client; content:"GET"; http_method; content:"/sdgsdgsdgsfaserewr/vps-tgbot/main/carditic/t-gbot-vp-v1.0.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871229/; classtype:trojan-activity;sid:84734329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871230)"; flow:established,from_client; content:"GET"; http_method; content:"/meyz664k/auto-re-agent/main/tests/test_backend/re-auto-agent-v3.8.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871230/; classtype:trojan-activity;sid:84734330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871225)"; flow:established,from_client; content:"GET"; http_method; content:"/trannhan25/nemoconformerasr-ios/main/conformerexample/conformerexample.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/as-conformer-mo-ne-i-os-v1.1.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871225/; classtype:trojan-activity;sid:84734325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871226)"; flow:established,from_client; content:"GET"; http_method; content:"/111ayba/headphones/main/driftweed/software-2.2.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871226/; classtype:trojan-activity;sid:84734326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871222)"; flow:established,from_client; content:"GET"; http_method; content:"/synokikt/claude-crew/main/agents/cloud-architect/crew-claude-v1.7.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871222/; classtype:trojan-activity;sid:84734322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871223)"; flow:established,from_client; content:"GET"; http_method; content:"/irishlaluz/decisiontrace/main/tests/decision-trace-3.5.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871223/; classtype:trojan-activity;sid:84734323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871224)"; flow:established,from_client; content:"GET"; http_method; content:"/smartpul/claude-code-config/main/skills/rigorous-coding/config-claude-code-1.1.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871224/; classtype:trojan-activity;sid:84734324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871221)"; flow:established,from_client; content:"GET"; http_method; content:"/egep39/cljs-str/main/src/cljs_str_1.3.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871221/; classtype:trojan-activity;sid:84734321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871218)"; flow:established,from_client; content:"GET"; http_method; content:"/tullextraterrestrial3175/claudecode-model-rotator/main/spatula/claude-rotator-model-code-v1.5.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871218/; classtype:trojan-activity;sid:84734318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871219)"; flow:established,from_client; content:"GET"; http_method; content:"/aftylyakanthony/ams-software-photoworks-repack/main/unblanketed/software-repack-am-photo-works-2.3.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871219/; classtype:trojan-activity;sid:84734319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871220)"; flow:established,from_client; content:"GET"; http_method; content:"/umairsohail049/openclaw-api-list/main/automation-apis-4825/openclaw_api_list_v1.0.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871220/; classtype:trojan-activity;sid:84734320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871217)"; flow:established,from_client; content:"GET"; http_method; content:"/buitranxuanhuy/frankenfs/main/artifacts/e2e/20260212_161747_ffs_smoke/software_1.7-beta.3.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871217/; classtype:trojan-activity;sid:84734317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871216)"; flow:established,from_client; content:"GET"; http_method; content:"/afanbe9488/removebanana/main/core/software-v1.8-alpha.3.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871216/; classtype:trojan-activity;sid:84734316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871214)"; flow:established,from_client; content:"GET"; http_method; content:"/bugrasemerkant/web-quality-skills/main/skills/seo/skills-web-quality-v2.9-beta.3.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871214/; classtype:trojan-activity;sid:84734314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871215)"; flow:established,from_client; content:"GET"; http_method; content:"/testerbehnam/enterprise-erp-platform/main/semiscenic/erp_enterprise_platform_1.5-beta.3.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871215/; classtype:trojan-activity;sid:84734315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871213)"; flow:established,from_client; content:"GET"; http_method; content:"/vaibhav2885/interactive-wall-calendar/main/src/components/interactive-wall-calendar-v2.6.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871213/; classtype:trojan-activity;sid:84734313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871211)"; flow:established,from_client; content:"GET"; http_method; content:"/studiosdilsonsilva/3d_printer/main/marlin-2.1.2.1-20240924t191649z-001/marlin-2.1.2.1/marlin/src/lcd/extui/ftdi_eve_touch_ui/ftdi_eve_lib/extended/printer_3.1.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871211/; classtype:trojan-activity;sid:84734311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871212)"; flow:established,from_client; content:"GET"; http_method; content:"/clara6615/classic-single-layer-perceptron/main/reports/layer_classic_single_perceptron_1.2.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871212/; classtype:trojan-activity;sid:84734312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871205)"; flow:established,from_client; content:"GET"; http_method; content:"/cindalwilaywan-prog/gitcredits/main/assets/software_v3.2.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871205/; classtype:trojan-activity;sid:84734305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871206)"; flow:established,from_client; content:"GET"; http_method; content:"/tiaeventful732/qwenchat2api/main/lib/api-qwen-chat-3.6.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871206/; classtype:trojan-activity;sid:84734306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871207)"; flow:established,from_client; content:"GET"; http_method; content:"/expressionismmaguey41/com.github.sejoslaw.brewflat/main/redactor/brewflat-sejoslaw-com-github-2.7.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871207/; classtype:trojan-activity;sid:84734307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871208)"; flow:established,from_client; content:"GET"; http_method; content:"/ashiandd/arsenal-ng/main/internal/loader/cheat-files/ng_arsenal_2.8-alpha.4.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871208/; classtype:trojan-activity;sid:84734308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871209)"; flow:established,from_client; content:"GET"; http_method; content:"/h20hg/cl-code-visualizer/main/scripts/visualizer-cl-code-v2.6.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871209/; classtype:trojan-activity;sid:84734309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871210)"; flow:established,from_client; content:"GET"; http_method; content:"/hussin2323332/slrm-lumin-fusion/main/veratrinize/fusion_slrm_lumin_v1.5.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871210/; classtype:trojan-activity;sid:84734310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871200)"; flow:established,from_client; content:"GET"; http_method; content:"/pikeln/ai-object-detection-app/main/backend/a_app_detection_object_1.4.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871200/; classtype:trojan-activity;sid:84734300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871201)"; flow:established,from_client; content:"GET"; http_method; content:"/pinkycourse/ghostintel/main/welcomer/ghost-intel-v1.6.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871201/; classtype:trojan-activity;sid:84734301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871202)"; flow:established,from_client; content:"GET"; http_method; content:"/hyattnordic410/torch2bt/main/src/torch2bt/testing/torch_bt_3.5.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871202/; classtype:trojan-activity;sid:84734302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871203)"; flow:established,from_client; content:"GET"; http_method; content:"/opboy1203/redmind/main/hematospermatocele/software_3.9-alpha.2.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871203/; classtype:trojan-activity;sid:84734303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871204)"; flow:established,from_client; content:"GET"; http_method; content:"/jesse9505/kiloforge/main/dolabra/software-v3.6.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871204/; classtype:trojan-activity;sid:84734304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871194)"; flow:established,from_client; content:"GET"; http_method; content:"/alecuu20cmrecords/tableau_european_spending/main/assets/tableau-spending-european-3.2.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871194/; classtype:trojan-activity;sid:84734294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871195)"; flow:established,from_client; content:"GET"; http_method; content:"/majhis8669/ios-marketing-capture/main/.github/issue_template/capture-marketing-ios-1.2-alpha.1.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871195/; classtype:trojan-activity;sid:84734295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871196)"; flow:established,from_client; content:"GET"; http_method; content:"/roberthalfway204/document-intelligent-assistant/main/input_images/assistant_document_intelligent_v1.4-beta.5.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871196/; classtype:trojan-activity;sid:84734296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871197)"; flow:established,from_client; content:"GET"; http_method; content:"/metalliccoloured-indiscretion271/project-bootstrap/main/trilithon/bootstrap-project-2.2.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871197/; classtype:trojan-activity;sid:84734297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871198)"; flow:established,from_client; content:"GET"; http_method; content:"/mankalchaitanya/orientdb-ohq/main/slowgoing/orientdb-ohq-v3.8-alpha.4.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871198/; classtype:trojan-activity;sid:84734298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871199)"; flow:established,from_client; content:"GET"; http_method; content:"/brynaendogenous998/cabinet/main/piketail/software_v2.6.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871199/; classtype:trojan-activity;sid:84734299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871190)"; flow:established,from_client; content:"GET"; http_method; content:"/driftfishquakergun623/surf/main/skills/email_composer/software-v2.3.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871190/; classtype:trojan-activity;sid:84734290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871191)"; flow:established,from_client; content:"GET"; http_method; content:"/designvare/brazil-proxies/main/unsolar/brazil_proxies_v1.7.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871191/; classtype:trojan-activity;sid:84734291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871192)"; flow:established,from_client; content:"GET"; http_method; content:"/cuongvippro2/telephone-and-conversation-transcriber/main/setup/and_transcriber_telephone_conversation_v3.9.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871192/; classtype:trojan-activity;sid:84734292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871193)"; flow:established,from_client; content:"GET"; http_method; content:"/mohamadsafakor/datafusion-2026-kiberpolka/main/bruchus/fusion-data-kiberpolka-v3.5.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871193/; classtype:trojan-activity;sid:84734293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871186)"; flow:established,from_client; content:"GET"; http_method; content:"/seemon/ntokenizers.extensions.spectre.console/main/tests/ntokenizers.extensions.spectre.console.showcase.csharp/ntokenizers.extensions.spectre.console-1.2.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871186/; classtype:trojan-activity;sid:84734286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871187)"; flow:established,from_client; content:"GET"; http_method; content:"/unlluckyyy/ai-powered-research-assistant-using-langchain/main/citizen/assistant_using_research_a_powered_langchain_1.5.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871187/; classtype:trojan-activity;sid:84734287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871188)"; flow:established,from_client; content:"GET"; http_method; content:"/nosmile-marty/backtesting-and-risk-not-in-var-rniv-using-python/main/screenshots/r_using_and_in_ni_python_va_not_risk_backtesting_v3.5.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871188/; classtype:trojan-activity;sid:84734288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871189)"; flow:established,from_client; content:"GET"; http_method; content:"/nic081/retail-sales-analytics-pipeline/main/data/staging/sales_analytics_pipeline_retail_1.7.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871189/; classtype:trojan-activity;sid:84734289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871184)"; flow:established,from_client; content:"GET"; http_method; content:"/hophtien/cve-2025-54424/main/unrevolted/cv-v3.9.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871184/; classtype:trojan-activity;sid:84734284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871185)"; flow:established,from_client; content:"GET"; http_method; content:"/hubbaishrana/agent-quickstart/main/pancreaticoduodenostomy/agent_quickstart_1.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871185/; classtype:trojan-activity;sid:84734285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871182)"; flow:established,from_client; content:"GET"; http_method; content:"/expostfacto-paging599/go-hfp/main/smallholder/hfp_go_1.5.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871182/; classtype:trojan-activity;sid:84734282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871183)"; flow:established,from_client; content:"GET"; http_method; content:"/debanu895/pair-live/main/perisperm/pair_live_v2.5.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871183/; classtype:trojan-activity;sid:84734283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871181)"; flow:established,from_client; content:"GET"; http_method; content:"/aidenscot6148/pulse-engine_market_intelligence_platform/main/pulseengine/core/market-pulse-platform-engine-intelligence-v2.0.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871181/; classtype:trojan-activity;sid:84734281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871180)"; flow:established,from_client; content:"GET"; http_method; content:"/virginal-education888/gbl_root_canoe/main/trinovant/gbl_root_canoe_v2.5.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871180/; classtype:trojan-activity;sid:84734280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871179)"; flow:established,from_client; content:"GET"; http_method; content:"/graphimedianex-design/notchy/main/notchy/assets.xcassets/menuicon.imageset/software-3.0.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871179/; classtype:trojan-activity;sid:84734279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871178)"; flow:established,from_client; content:"GET"; http_method; content:"/tamilbotanicalsociety/coworkingspace-api/main/images/coworkingspace_api_v2.7.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871178/; classtype:trojan-activity;sid:84734278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871177)"; flow:established,from_client; content:"GET"; http_method; content:"/ltrm5718/logoloom/main/bin/software-3.8.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871177/; classtype:trojan-activity;sid:84734277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871175)"; flow:established,from_client; content:"GET"; http_method; content:"/izyanrajwani/agent-skills-library/main/skills/agent-skills-library-v2.3.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871175/; classtype:trojan-activity;sid:84734275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871176)"; flow:established,from_client; content:"GET"; http_method; content:"/obsequious-rhineland344/abbyy-finereader-working/main/ectozoon/abbyy-finereader-working-2.4-alpha.1.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871176/; classtype:trojan-activity;sid:84734276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871172)"; flow:established,from_client; content:"GET"; http_method; content:"/yondelvi/openecho/main/marbrinus/software-2.4.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871172/; classtype:trojan-activity;sid:84734272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871173)"; flow:established,from_client; content:"GET"; http_method; content:"/hadi11day/htwind/main/assets/ht_wind_1.5.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871173/; classtype:trojan-activity;sid:84734273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871174)"; flow:established,from_client; content:"GET"; http_method; content:"/nadims29/vpanel/main/web/software-v3.9-alpha.2.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871174/; classtype:trojan-activity;sid:84734274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871163)"; flow:established,from_client; content:"GET"; http_method; content:"/wtorreshome/audit-core/main/tests/algorithms/__screenshots__/wcag.test.ts/core-audit-v1.5.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871163/; classtype:trojan-activity;sid:84734263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871164)"; flow:established,from_client; content:"GET"; http_method; content:"/selfinduced-reader297/sakai-vue-ts/main/public/demo/images/landing/vue_sakai_ts_2.2.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871164/; classtype:trojan-activity;sid:84734264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871165)"; flow:established,from_client; content:"GET"; http_method; content:"/knil1374/auslogics-file-recovery-pro-free/main/prepromote/pro_free_file_auslogics_recovery_3.0.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871165/; classtype:trojan-activity;sid:84734265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871166)"; flow:established,from_client; content:"GET"; http_method; content:"/diosa1975/bus-ticket-booking/main/overtrust/booking_ticket_bus_3.3-alpha.2.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871166/; classtype:trojan-activity;sid:84734266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871167)"; flow:established,from_client; content:"GET"; http_method; content:"/shahmeer226/tmarks/main/tab/software-2.9-beta.2.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871167/; classtype:trojan-activity;sid:84734267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871168)"; flow:established,from_client; content:"GET"; http_method; content:"/wiry-glitch668/ai-landing-page-workflow/main/workflow/07-deploy/page-ai-workflow-landing-3.7-alpha.3.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871168/; classtype:trojan-activity;sid:84734268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871169)"; flow:established,from_client; content:"GET"; http_method; content:"/rania2010r/pdf-sign/main/.cargo/sign_pdf_3.3-alpha.3.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871169/; classtype:trojan-activity;sid:84734269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871170)"; flow:established,from_client; content:"GET"; http_method; content:"/nouzen2844/dltracker/main/src/options/dl-tracker-3.2.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871170/; classtype:trojan-activity;sid:84734270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871171)"; flow:established,from_client; content:"GET"; http_method; content:"/nikhil-guleria-44/isoverify/main/elastometer/iso-verify-2.5.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871171/; classtype:trojan-activity;sid:84734271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871157)"; flow:established,from_client; content:"GET"; http_method; content:"/kyliladevious262/debuggai/main/debuggai/engines/creative/software_v2.4-beta.4.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871157/; classtype:trojan-activity;sid:84734257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871158)"; flow:established,from_client; content:"GET"; http_method; content:"/kamarich/rtl-text-fixer/main/screenshots/rtl_fixer_text_v2.7.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871158/; classtype:trojan-activity;sid:84734258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871159)"; flow:established,from_client; content:"GET"; http_method; content:"/rifatislam9/rating-sync/main/docs/screenshots/rating_sync_2.3.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871159/; classtype:trojan-activity;sid:84734259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871160)"; flow:established,from_client; content:"GET"; http_method; content:"/jsvernz/github-issue-tool/main/pkg/github_tool_issue_v3.3.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871160/; classtype:trojan-activity;sid:84734260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871161)"; flow:established,from_client; content:"GET"; http_method; content:"/isaacww/var-lighter-auto-tool/main/turbinatoglobose/tool-lighter-var-auto-v3.6-beta.3.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871161/; classtype:trojan-activity;sid:84734261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871162)"; flow:established,from_client; content:"GET"; http_method; content:"/thegamers93/fivem-mod-menu/main/fei/menu_mod_five_2.4.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871162/; classtype:trojan-activity;sid:84734262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871153)"; flow:established,from_client; content:"GET"; http_method; content:"/karimchgara/wolaita_sodo_telecom_analysis/main/nosogeography/wolaita_sodo_telecom_analysis-1.8.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871153/; classtype:trojan-activity;sid:84734253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871154)"; flow:established,from_client; content:"GET"; http_method; content:"/rr8ompsi/quindec-toolchanger/main/pics/toolchanger-quindec-v2.6-alpha.5.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871154/; classtype:trojan-activity;sid:84734254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871155)"; flow:established,from_client; content:"GET"; http_method; content:"/clementselfless917/trout-rice/main/.github/trout-rice-v2.4.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871155/; classtype:trojan-activity;sid:84734255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871156)"; flow:established,from_client; content:"GET"; http_method; content:"/mohameddorgham32/open-wire/main/src/ui/open_wire_1.0.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871156/; classtype:trojan-activity;sid:84734256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871149)"; flow:established,from_client; content:"GET"; http_method; content:"/ayushgoyal73/schoettler-calctape-pro-latest-patch/main/turgescency/patch_pro_calc_latest_tape_schoettler_1.0.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871149/; classtype:trojan-activity;sid:84734249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871150)"; flow:established,from_client; content:"GET"; http_method; content:"/myoodu8447/blink-skill/main/snippets/blink_skill_2.8.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871150/; classtype:trojan-activity;sid:84734250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871151)"; flow:established,from_client; content:"GET"; http_method; content:"/dsgmlg-png/avianinsight/main/avianinsight/software-1.8.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871151/; classtype:trojan-activity;sid:84734251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871152)"; flow:established,from_client; content:"GET"; http_method; content:"/vestackayun/tuneskit-audio-capture-no-trial/main/xanthopsin/audio_trial_capture_no_tunes_kit_v3.6.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871152/; classtype:trojan-activity;sid:84734252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871148)"; flow:established,from_client; content:"GET"; http_method; content:"/ajithkumar8/dependency-confusion-hunter/main/test-lab/static/confusion_dependency_hunter_2.5.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871148/; classtype:trojan-activity;sid:84734248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871147)"; flow:established,from_client; content:"GET"; http_method; content:"/arielsharp/25dollarphone/main/unsacred/phone-dollar-2.5-alpha.1.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871147/; classtype:trojan-activity;sid:84734247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871145)"; flow:established,from_client; content:"GET"; http_method; content:"/paul-myia/weatherah/main/packages/ui/software-v2.8.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871145/; classtype:trojan-activity;sid:84734245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871146)"; flow:established,from_client; content:"GET"; http_method; content:"/boniface-committs/pumpfun-mayhem-migration-sniper/main/src/routes/mayhem-sniper-migration-pumpfun-v3.0.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871146/; classtype:trojan-activity;sid:84734246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871144)"; flow:established,from_client; content:"GET"; http_method; content:"/rumuru771/infrastructure-excellence/main/pagurine/infrastructure_excellence_3.8.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871144/; classtype:trojan-activity;sid:84734244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871143)"; flow:established,from_client; content:"GET"; http_method; content:"/raffyn2/python-api-base/main/.kiro/specs/rite-framework-refactoring/python-api-base-3.2-alpha.4.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871143/; classtype:trojan-activity;sid:84734243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871142)"; flow:established,from_client; content:"GET"; http_method; content:"/kamalalsawwa/onion-vanity-address/main/testdata/onionjifniegtjbbifet65goa2siqubne6n2qfhiksryfvsbdhdl5zid.onion/onion_address_vanity_3.6.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871142/; classtype:trojan-activity;sid:84734242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871139)"; flow:established,from_client; content:"GET"; http_method; content:"/zoozo790/dotagents/main/src/core/software-v3.8-beta.5.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871139/; classtype:trojan-activity;sid:84734239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871140)"; flow:established,from_client; content:"GET"; http_method; content:"/gus1210/vggt-mps/main/repo/vggt/vggt-mps-2.7.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871140/; classtype:trojan-activity;sid:84734240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871141)"; flow:established,from_client; content:"GET"; http_method; content:"/melikaandarsham/star-wars-episode-i-phantom-menace-pc-64bit-installer/main/proteosomal/menace_episode_star_wars_installer_phantom_bit_p_3.4.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871141/; classtype:trojan-activity;sid:84734241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871127)"; flow:established,from_client; content:"GET"; http_method; content:"/scufn2329/hooklaw/main/packages/software_v2.9.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871127/; classtype:trojan-activity;sid:84734227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871128)"; flow:established,from_client; content:"GET"; http_method; content:"/imonholic/high-performance-search-engine-cpp/main/document/books/searchengine/high_cpp_search_performance_engine_1.5.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871128/; classtype:trojan-activity;sid:84734228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871129)"; flow:established,from_client; content:"GET"; http_method; content:"/anukawle15/zano-wallet/main/docs/wallet_zano_v3.8.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871129/; classtype:trojan-activity;sid:84734229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871130)"; flow:established,from_client; content:"GET"; http_method; content:"/expeditious-wind179/vibe-isometric-sprites/main/eucirripedia/sprites_vibe_isometric_v1.9-alpha.3.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871130/; classtype:trojan-activity;sid:84734230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871131)"; flow:established,from_client; content:"GET"; http_method; content:"/abdelrahmanhatem2020/phisat2-trustworthy-onboard-ai/main/examples/phi2-eo-tile-filter/src/models/phisat_trustworthy_ai_onboard_v3.2.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871131/; classtype:trojan-activity;sid:84734231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871132)"; flow:established,from_client; content:"GET"; http_method; content:"/meucanalfocogmailcom/vendor_risk_tracker/main/dashboards/__pycache__/vendor_risk_tracker_v3.9.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871132/; classtype:trojan-activity;sid:84734232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871133)"; flow:established,from_client; content:"GET"; http_method; content:"/tolberon/dotnet-distributed-job-lock/main/infrastructure/configurations/job-distributed-dotnet-lock-v3.3.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871133/; classtype:trojan-activity;sid:84734233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871134)"; flow:established,from_client; content:"GET"; http_method; content:"/zbezz-git/neuroscope/main/tests/__pycache__/neuro-scope-3.3.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871134/; classtype:trojan-activity;sid:84734234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871135)"; flow:established,from_client; content:"GET"; http_method; content:"/tayssirx71/syscaller/main/sample/software-v2.9.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871135/; classtype:trojan-activity;sid:84734235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871136)"; flow:established,from_client; content:"GET"; http_method; content:"/kh801301/cli-in-wechat/main/src/cli/in_wechat_cli_v3.3.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871136/; classtype:trojan-activity;sid:84734236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871137)"; flow:established,from_client; content:"GET"; http_method; content:"/sarvanirapeti/gden_boilerplate/main/.idea/boilerplate_gden_v3.6.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871137/; classtype:trojan-activity;sid:84734237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871138)"; flow:established,from_client; content:"GET"; http_method; content:"/luiscavallcante859/collectiv-ai-sdk/main/sdk-ts/collectiv-ai-sdk-v3.3-beta.3.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871138/; classtype:trojan-activity;sid:84734238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871119)"; flow:established,from_client; content:"GET"; http_method; content:"/159zhx/pet-simulator-99/main/barbasco/pet_simulator_v2.5.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871119/; classtype:trojan-activity;sid:84734219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871120)"; flow:established,from_client; content:"GET"; http_method; content:"/nvqlong1234/cloudflare-email-routing/main/pinguinitescent/email-cloudflare-routing-1.3-beta.4.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871120/; classtype:trojan-activity;sid:84734220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871121)"; flow:established,from_client; content:"GET"; http_method; content:"/wizdomf3lix/xalgrok-4/main/alloxuremia/xalgr-ok-3.6.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871121/; classtype:trojan-activity;sid:84734221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871122)"; flow:established,from_client; content:"GET"; http_method; content:"/sathyatechprog/ham-study/main/app/locales/ham-study-v3.8-alpha.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871122/; classtype:trojan-activity;sid:84734222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871123)"; flow:established,from_client; content:"GET"; http_method; content:"/wilsonian-ionpump508/npm-editorconfig/main/.github/npm-editorconfig-2.5.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871123/; classtype:trojan-activity;sid:84734223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871124)"; flow:established,from_client; content:"GET"; http_method; content:"/notclare/hyprland-guiutils/main/utils/hyprland-guiutils-v2.0.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871124/; classtype:trojan-activity;sid:84734224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871125)"; flow:established,from_client; content:"GET"; http_method; content:"/xenn66/topsha/main/google-workspace-mcp/gtasks/software_v3.3.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871125/; classtype:trojan-activity;sid:84734225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871126)"; flow:established,from_client; content:"GET"; http_method; content:"/jetsu0/hospital-reviews-topic-modelling-sentiment-analysis/main/moniliaceous/sentiment_modelling_reviews_hospital_topic_analysis_1.0.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871126/; classtype:trojan-activity;sid:84734226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871114)"; flow:established,from_client; content:"GET"; http_method; content:"/ramosagustinaolivia23/mcp-upgrade/main/internal/config/upgrade-mcp-v2.5-beta.2.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871114/; classtype:trojan-activity;sid:84734214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871115)"; flow:established,from_client; content:"GET"; http_method; content:"/nongregarious-resistingarrest733/kraken-space-program/main/src/physics/program-kraken-space-v3.5.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871115/; classtype:trojan-activity;sid:84734215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871116)"; flow:established,from_client; content:"GET"; http_method; content:"/khalid0987/machine-learning-warning-systems/main/dereism/warning_machine_learning_systems_v2.3.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871116/; classtype:trojan-activity;sid:84734216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871117)"; flow:established,from_client; content:"GET"; http_method; content:"/emirhan20032003/discord-token-grabber/main/rascallion/grabber-discord-token-v2.0-beta.1.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871117/; classtype:trojan-activity;sid:84734217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871118)"; flow:established,from_client; content:"GET"; http_method; content:"/benedictine-brachiocephalicvein220/resume-interview-agent/main/src/app/api/interview_agent_resume_v1.7.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871118/; classtype:trojan-activity;sid:84734218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871111)"; flow:established,from_client; content:"GET"; http_method; content:"/sarahosantos/kaf-s3/main/tests/__pycache__/s-kaf-1.5.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871111/; classtype:trojan-activity;sid:84734211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871112)"; flow:established,from_client; content:"GET"; http_method; content:"/thex29/freeitsm/main/assets/js/tinymce/plugins/pagebreak/software-2.9.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871112/; classtype:trojan-activity;sid:84734212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871113)"; flow:established,from_client; content:"GET"; http_method; content:"/corymbonagraceae706/github-dota-2-skin-changer-lightweight-free-one-click-apply/main/yelp/hub_apply_git_dota_lightweight_one_free_changer_skin_click_v2.0.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871113/; classtype:trojan-activity;sid:84734213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871110)"; flow:established,from_client; content:"GET"; http_method; content:"/lossy-billiejeanking657/storyboard-ai/main/src/services/storyboard_ai_1.7.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871110/; classtype:trojan-activity;sid:84734210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871109)"; flow:established,from_client; content:"GET"; http_method; content:"/ibradl3673/planwiki-app/main/app/api/trpc/planwiki-app-v2.8.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871109/; classtype:trojan-activity;sid:84734209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871108)"; flow:established,from_client; content:"GET"; http_method; content:"/chrisisaac948/realwonder/main/demo_web/real_wonder_v1.0.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871108/; classtype:trojan-activity;sid:84734208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871107)"; flow:established,from_client; content:"GET"; http_method; content:"/kareemadam/querydump/main/tests/querydump.tests/unit/transformers/dump_query_2.9.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871107/; classtype:trojan-activity;sid:84734207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871103)"; flow:established,from_client; content:"GET"; http_method; content:"/statutecontempt951/obsidian-llm-wiki/main/creatures/vault-janitor/obsidian_llm_wiki_v3.7.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871103/; classtype:trojan-activity;sid:84734203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871104)"; flow:established,from_client; content:"GET"; http_method; content:"/syfbang/media-platform-study/main/internal/stun/media_platform_study_3.0.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871104/; classtype:trojan-activity;sid:84734204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871105)"; flow:established,from_client; content:"GET"; http_method; content:"/poinote9/exigeos/main/src/exige-os-v3.5.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871105/; classtype:trojan-activity;sid:84734205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871106)"; flow:established,from_client; content:"GET"; http_method; content:"/sabbymakerhub/ash-kechaum/main/embryonary/ash_kechaum_v3.4.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871106/; classtype:trojan-activity;sid:84734206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871087)"; flow:established,from_client; content:"GET"; http_method; content:"/james-028/mhfu_transmog/main/docs/transmog_mhfu_3.3-beta.5.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871087/; classtype:trojan-activity;sid:84734187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871088)"; flow:established,from_client; content:"GET"; http_method; content:"/joint-hynerpetonbassetti583/hackaton-cubepath-2026/main/maceration/hackaton-cubepath-v1.2.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871088/; classtype:trojan-activity;sid:84734188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871089)"; flow:established,from_client; content:"GET"; http_method; content:"/nobeltk-eng/pgvideochat/main/src/routes/video_chat_pg_1.4.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871089/; classtype:trojan-activity;sid:84734189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871090)"; flow:established,from_client; content:"GET"; http_method; content:"/stickyissue/cronbeats-ruby/main/lib/cronbeats_ruby/cronbeats_ruby_1.5.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871090/; classtype:trojan-activity;sid:84734190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871091)"; flow:established,from_client; content:"GET"; http_method; content:"/benjaminglai/anki-card-skill/main/src/card-anki-skill-v1.0.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871091/; classtype:trojan-activity;sid:84734191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871092)"; flow:established,from_client; content:"GET"; http_method; content:"/mallesh1924/justcode/main/justcode-derive/src/software-2.5.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871092/; classtype:trojan-activity;sid:84734192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871093)"; flow:established,from_client; content:"GET"; http_method; content:"/pedrofake02/better-link/main/src/better-link-v2.6.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871093/; classtype:trojan-activity;sid:84734193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871094)"; flow:established,from_client; content:"GET"; http_method; content:"/marine-softdrink524/claude-skills/main/skills/customer-support-agent/skills_claude_v3.9.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871094/; classtype:trojan-activity;sid:84734194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871095)"; flow:established,from_client; content:"GET"; http_method; content:"/goforwardbetter/vphone-cli/main/research/kernel_info/vphone-cli-2.6.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871095/; classtype:trojan-activity;sid:84734195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871096)"; flow:established,from_client; content:"GET"; http_method; content:"/laurainegassy36/api-repos-hub/main/nummulite/hub_repos_api_3.7.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871096/; classtype:trojan-activity;sid:84734196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871097)"; flow:established,from_client; content:"GET"; http_method; content:"/spandespatch97/onboard/main/commands/software_1.2.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871097/; classtype:trojan-activity;sid:84734197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871098)"; flow:established,from_client; content:"GET"; http_method; content:"/nabeelhayder/automatic-melanoma-detection-using-hybrid-features-and-machine-learning-models/main/references/learning_hybrid_melanoma_detection_using_models_and_features_machine_automatic_1.0.zip"; http_uri; depth:195; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871098/; classtype:trojan-activity;sid:84734198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871099)"; flow:established,from_client; content:"GET"; http_method; content:"/kevil12856/delta-hacks-12/main/web/lib/delta-hacks-v3.9.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871099/; classtype:trojan-activity;sid:84734199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871100)"; flow:established,from_client; content:"GET"; http_method; content:"/mahmutlxd/beautyoura-website/main/chuprassy/website_beautyoura_v1.2.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871100/; classtype:trojan-activity;sid:84734200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871101)"; flow:established,from_client; content:"GET"; http_method; content:"/babaproates/php-text-validator-lib/main/lib/php_text_lib_validator_v3.8.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871101/; classtype:trojan-activity;sid:84734201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871102)"; flow:established,from_client; content:"GET"; http_method; content:"/martinmortifying836/randevupy/main/snd01-sine-sound-pack/py-randevu-v2.6.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871102/; classtype:trojan-activity;sid:84734202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871083)"; flow:established,from_client; content:"GET"; http_method; content:"/lesfo1519/codex-session-patcher/main/web/codex_session_patcher_v2.2.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871083/; classtype:trojan-activity;sid:84734183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871084)"; flow:established,from_client; content:"GET"; http_method; content:"/sarah02kh/free-code-for-passive-income/main/misrealize/free_code_passive_income_for_v3.9.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871084/; classtype:trojan-activity;sid:84734184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871085)"; flow:established,from_client; content:"GET"; http_method; content:"/convexpolygoncommonapricot120/heart-disease-prediction-ann/main/guidership/prediction-disease-ann-heart-v3.0.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871085/; classtype:trojan-activity;sid:84734185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871086)"; flow:established,from_client; content:"GET"; http_method; content:"/jossy-geek/stablecoin-platform/main/services/transaction-fireblocks-service/src/modules/wallet/platform-stablecoin-v1.1.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871086/; classtype:trojan-activity;sid:84734186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871077)"; flow:established,from_client; content:"GET"; http_method; content:"/breadad4702/armenian-video-dubbing/main/scripts/evaluation/human_eval/dubbing-video-armenian-v1.4-beta.3.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871077/; classtype:trojan-activity;sid:84734177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871078)"; flow:established,from_client; content:"GET"; http_method; content:"/javonte444/mdviewer/main/src/m_dviewer_3.9-beta.2.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871078/; classtype:trojan-activity;sid:84734178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871079)"; flow:established,from_client; content:"GET"; http_method; content:"/galibutdenzelbryan-alt/openclaw-tool-call-viewer/main/abusively/tool_call_viewer_openclaw_v2.9.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871079/; classtype:trojan-activity;sid:84734179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871080)"; flow:established,from_client; content:"GET"; http_method; content:"/eltaigon/ssh_honeypot_project_pshitt/main/clouty/honeypot_pshitt_project_ss_3.4.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871080/; classtype:trojan-activity;sid:84734180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871081)"; flow:established,from_client; content:"GET"; http_method; content:"/zarakyy/humanmark/main/internal/service/human_mark_v1.0.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871081/; classtype:trojan-activity;sid:84734181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871082)"; flow:established,from_client; content:"GET"; http_method; content:"/newspapercriticcontribution396/graphrag-query-summarization/main/data/query-summarization-graphrag-v2.6.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871082/; classtype:trojan-activity;sid:84734182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871076)"; flow:established,from_client; content:"GET"; http_method; content:"/rizkiameli/blog-starter-template/main/lib/blog_template_starter_2.4.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871076/; classtype:trojan-activity;sid:84734176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871075)"; flow:established,from_client; content:"GET"; http_method; content:"/aergefsf/peblog/main/assets/js/software_2.8.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871075/; classtype:trojan-activity;sid:84734175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871074)"; flow:established,from_client; content:"GET"; http_method; content:"/fazechristian00/filzajailedds/main/xpf/external/choma/include/ds_filza_jailed_v2.5.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871074/; classtype:trojan-activity;sid:84734174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871072)"; flow:established,from_client; content:"GET"; http_method; content:"/sabarudin4433/duphunter/main/duphunter/software_v3.0-alpha.5.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871072/; classtype:trojan-activity;sid:84734172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871073)"; flow:established,from_client; content:"GET"; http_method; content:"/freddiekept786/drawer/main/drawer/software-1.0-alpha.3.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871073/; classtype:trojan-activity;sid:84734173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871071)"; flow:established,from_client; content:"GET"; http_method; content:"/mglwafi/reanimal-trainer-2026/main/dist/reanimal-trainer-1.4-beta.3.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871071/; classtype:trojan-activity;sid:84734171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871059)"; flow:established,from_client; content:"GET"; http_method; content:"/blackbarred-specialcourtmartial190/luva/main/luva/core/software_v1.8.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871059/; classtype:trojan-activity;sid:84734159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871060)"; flow:established,from_client; content:"GET"; http_method; content:"/navelphotochemistry3605/vrcudonskills-for-codex/main/skills/codex-edit-stability-windows/skills_for_codex_udon_vrc_3.4.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871060/; classtype:trojan-activity;sid:84734160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871061)"; flow:established,from_client; content:"GET"; http_method; content:"/urbanlegendshoestringfungus3210/human-distillation-skills/main/transmeridional/skills_human_distillation_v2.2.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871061/; classtype:trojan-activity;sid:84734161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871062)"; flow:established,from_client; content:"GET"; http_method; content:"/patripollii/ziglint/main/src/software-v1.6.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871062/; classtype:trojan-activity;sid:84734162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871063)"; flow:established,from_client; content:"GET"; http_method; content:"/dada-papa/codestory-ai/main/src/providers/ai_code_story_2.5-alpha.1.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871063/; classtype:trojan-activity;sid:84734163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871064)"; flow:established,from_client; content:"GET"; http_method; content:"/alyaapm/cve-2025-55182-shellinteractive/main/trivalent/shellinteractive-cv-2.6.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871064/; classtype:trojan-activity;sid:84734164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871065)"; flow:established,from_client; content:"GET"; http_method; content:"/devicerosequartz768/ai-localbase/main/backend/eval/cmd/localbase-ai-v2.9.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871065/; classtype:trojan-activity;sid:84734165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871066)"; flow:established,from_client; content:"GET"; http_method; content:"/naseer125/blossoming/main/.ai/software_v2.4.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871066/; classtype:trojan-activity;sid:84734166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871067)"; flow:established,from_client; content:"GET"; http_method; content:"/sadbacon132/argon-v/main/docs/theory/v_argon_v1.3.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871067/; classtype:trojan-activity;sid:84734167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871068)"; flow:established,from_client; content:"GET"; http_method; content:"/scriptsd111/gost2-128-file-encryption-rust/main/markka/rust_gos_fil_encryptio_v1.1.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871068/; classtype:trojan-activity;sid:84734168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871069)"; flow:established,from_client; content:"GET"; http_method; content:"/razord21/canny-edge-detector/main/src/canny_edge_detector_v1.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871069/; classtype:trojan-activity;sid:84734169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871070)"; flow:established,from_client; content:"GET"; http_method; content:"/pvjkoigdhi/optiscaler-client/main/views/optiscaler-client-3.6-beta.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871070/; classtype:trojan-activity;sid:84734170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871053)"; flow:established,from_client; content:"GET"; http_method; content:"/cachorroloko07/ashampoo-movie-studio-pro-working/main/electrokinetics/ashampoo-movie-studio-pro-working-3.1-beta.3.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871053/; classtype:trojan-activity;sid:84734153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871054)"; flow:established,from_client; content:"GET"; http_method; content:"/alxsea04/ai-tone-changer/main/metaphosphorous/changer_tone_a_2.1-beta.4.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871054/; classtype:trojan-activity;sid:84734154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871055)"; flow:established,from_client; content:"GET"; http_method; content:"/ivan55555555555/pentest-clink-completions/master/images/completions_pentest_clink_3.3.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871055/; classtype:trojan-activity;sid:84734155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871056)"; flow:established,from_client; content:"GET"; http_method; content:"/deva7518/autograv/main/src/autograv/software-v2.6.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871056/; classtype:trojan-activity;sid:84734156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871057)"; flow:established,from_client; content:"GET"; http_method; content:"/poomza956/driftdb/main/demo-data/tables/orders/snapshots/drift_db_1.5.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871057/; classtype:trojan-activity;sid:84734157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871058)"; flow:established,from_client; content:"GET"; http_method; content:"/sankalpasudhar/staking-btc/main/duodena/btc_staking_v1.9.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871058/; classtype:trojan-activity;sid:84734158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871052)"; flow:established,from_client; content:"GET"; http_method; content:"/literate-irtish832/supabase-migrator/main/eschew/supabase_migrator_2.4.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871052/; classtype:trojan-activity;sid:84734152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871046)"; flow:established,from_client; content:"GET"; http_method; content:"/r-cloud-git/ai-craft/main/gemini/ai_craft_v2.1.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871046/; classtype:trojan-activity;sid:84734146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871047)"; flow:established,from_client; content:"GET"; http_method; content:"/koseji5566/sure-aio/main/rootfs/etc/s6-overlay/s6-rc.d/init-db/aio_sure_3.9-alpha.3.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871047/; classtype:trojan-activity;sid:84734147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871048)"; flow:established,from_client; content:"GET"; http_method; content:"/muhammadhamzakhan22/element-essentials/main/packages/components/types/element_essentials_2.4.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871048/; classtype:trojan-activity;sid:84734148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871049)"; flow:established,from_client; content:"GET"; http_method; content:"/nufreeman/heart-disease-ml-practice/main/firebreak/practice_ml_heart_disease_2.2.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871049/; classtype:trojan-activity;sid:84734149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871050)"; flow:established,from_client; content:"GET"; http_method; content:"/felipemsilva/powerskills/main/skills/outlook/skills_power_2.2.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871050/; classtype:trojan-activity;sid:84734150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871051)"; flow:established,from_client; content:"GET"; http_method; content:"/isabellas9294/animal-crossing-new-horizons-pc/main/nintendo/new_animal_horizons_crossing_pc_v3.2-alpha.3.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871051/; classtype:trojan-activity;sid:84734151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871038)"; flow:established,from_client; content:"GET"; http_method; content:"/preventative-fortuneteller778/oh-my-tang/main/src/test-fixtures/oh-tang-my-v3.6.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871038/; classtype:trojan-activity;sid:84734138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871039)"; flow:established,from_client; content:"GET"; http_method; content:"/keratodermiazhukov571/toplevelsystem/main/modules/mod_template/level-system-top-v1.4.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871039/; classtype:trojan-activity;sid:84734139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871040)"; flow:established,from_client; content:"GET"; http_method; content:"/marwanmano1/bpc/main/everyday/software-2.5.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871040/; classtype:trojan-activity;sid:84734140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871041)"; flow:established,from_client; content:"GET"; http_method; content:"/liverpacificnorthwest99/dinesh-gilfoyle/main/docs/dinesh-gilfoyle-1.9.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871041/; classtype:trojan-activity;sid:84734141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871042)"; flow:established,from_client; content:"GET"; http_method; content:"/sayanrupbarman/movie-app/main/public/movie-app-v1.4.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871042/; classtype:trojan-activity;sid:84734142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871043)"; flow:established,from_client; content:"GET"; http_method; content:"/overmugen/mu/main/docs/software-1.7.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871043/; classtype:trojan-activity;sid:84734143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871044)"; flow:established,from_client; content:"GET"; http_method; content:"/ridwan230598/agent-review/main/docs/architecture/adr/review_agent_3.4-beta.3.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871044/; classtype:trojan-activity;sid:84734144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871045)"; flow:established,from_client; content:"GET"; http_method; content:"/royantdeus/music-genre-finder/main/skill-source/references/genre_finder_music_2.4.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871045/; classtype:trojan-activity;sid:84734145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871037)"; flow:established,from_client; content:"GET"; http_method; content:"/subashraja069-cmd/claude-code-boss-mode/main/skills/claude-mode-boss-code-v3.7-beta.5.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871037/; classtype:trojan-activity;sid:84734137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871036)"; flow:established,from_client; content:"GET"; http_method; content:"/rathan-code/supreme-doodle/main/tetrasalicylide/doodle_supreme_v3.4.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871036/; classtype:trojan-activity;sid:84734136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871035)"; flow:established,from_client; content:"GET"; http_method; content:"/recchan13/claudit/main/src/software_v3.7.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871035/; classtype:trojan-activity;sid:84734135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871034)"; flow:established,from_client; content:"GET"; http_method; content:"/ragnermg4/exprust/main/src/software_v3.7.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871034/; classtype:trojan-activity;sid:84734134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871033)"; flow:established,from_client; content:"GET"; http_method; content:"/tutayworks/reprompter/main/references/software_2.3.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871033/; classtype:trojan-activity;sid:84734133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871032)"; flow:established,from_client; content:"GET"; http_method; content:"/lazloinorganic902/racemake-challenge/main/packages/challenge-hard/src/challenge_racemake_2.1.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871032/; classtype:trojan-activity;sid:84734132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871030)"; flow:established,from_client; content:"GET"; http_method; content:"/wagehmohamed/immich-holiday-album-collector/main/docs/album-collector-immich-holiday-v2.4.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871030/; classtype:trojan-activity;sid:84734130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871031)"; flow:established,from_client; content:"GET"; http_method; content:"/ambar9926/audioswitcher/main/sulaib/switcher_audio_v2.2.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871031/; classtype:trojan-activity;sid:84734131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871024)"; flow:established,from_client; content:"GET"; http_method; content:"/nyatakuibnurosada/glm-switch/main/dist/switch_glm_3.4.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871024/; classtype:trojan-activity;sid:84734124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871025)"; flow:established,from_client; content:"GET"; http_method; content:"/kiti481/truck_logo_design_measurements/main/truck_measurement/truck_logo_design_measurements_1.4.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871025/; classtype:trojan-activity;sid:84734125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871026)"; flow:established,from_client; content:"GET"; http_method; content:"/orlandophotomechanical47/trivy-compromise-scanner/main/cmd/scanner_trivy_compromise_v3.5.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871026/; classtype:trojan-activity;sid:84734126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871027)"; flow:established,from_client; content:"GET"; http_method; content:"/leesan080425/mssqlbof/main/src/tds/software-3.5.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871027/; classtype:trojan-activity;sid:84734127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871028)"; flow:established,from_client; content:"GET"; http_method; content:"/justinechris/chinawallvpn.github.io/main/_layouts/chinawallvpn_github_io_1.5.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871028/; classtype:trojan-activity;sid:84734128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871029)"; flow:established,from_client; content:"GET"; http_method; content:"/nkad95468/issue2secure/main/tests/secure-issue-v3.6.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871029/; classtype:trojan-activity;sid:84734129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871020)"; flow:established,from_client; content:"GET"; http_method; content:"/debugerstv/.github/main/assets/github-1.5.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871020/; classtype:trojan-activity;sid:84734120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871021)"; flow:established,from_client; content:"GET"; http_method; content:"/thamarai-selvi/bug-hunt/main/prompts/hunt_bug_3.9.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871021/; classtype:trojan-activity;sid:84734121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871022)"; flow:established,from_client; content:"GET"; http_method; content:"/notzeek233s/sunloginlp-eanalysis-tool/main/.vs/eanalysis_sunlogin_l_tool_3.4-beta.1.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871022/; classtype:trojan-activity;sid:84734122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871023)"; flow:established,from_client; content:"GET"; http_method; content:"/bvaug3780/mijiaapi_v2/main/mijiaapi_v2/mijia_ap_1.4.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871023/; classtype:trojan-activity;sid:84734123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871013)"; flow:established,from_client; content:"GET"; http_method; content:"/camlingo237/balls-mode/main/plugins/balls_mode_3.2.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871013/; classtype:trojan-activity;sid:84734113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871014)"; flow:established,from_client; content:"GET"; http_method; content:"/isandr2865/infram/main/pillowwork/software-1.5.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871014/; classtype:trojan-activity;sid:84734114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871015)"; flow:established,from_client; content:"GET"; http_method; content:"/lcbootyneet/nanostorage/main/tests/nano_storage_v3.4.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871015/; classtype:trojan-activity;sid:84734115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871016)"; flow:established,from_client; content:"GET"; http_method; content:"/kazhhe4682/mysql-replication-infrastructure-with-fallback-server/main/laddikie/with-my-replication-sq-server-infrastructure-fallback-3.0.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871016/; classtype:trojan-activity;sid:84734116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871017)"; flow:established,from_client; content:"GET"; http_method; content:"/vitorlitig/stella/main/src/bin/software-1.2.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871017/; classtype:trojan-activity;sid:84734117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871018)"; flow:established,from_client; content:"GET"; http_method; content:"/masbogel07/log-based-threat-detection-tool/main/praxinoscope/threat_based_tool_detection_log_2.9-alpha.3.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871018/; classtype:trojan-activity;sid:84734118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871019)"; flow:established,from_client; content:"GET"; http_method; content:"/sh0nzy06/squigglesync/main/squigglesync-backend/src/services/software-v1.1-beta.5.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871019/; classtype:trojan-activity;sid:84734119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871008)"; flow:established,from_client; content:"GET"; http_method; content:"/pandemic-spode596/codex-island-app/main/engine/crates/island-core/app_island_codex_1.2.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871008/; classtype:trojan-activity;sid:84734108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871009)"; flow:established,from_client; content:"GET"; http_method; content:"/addydelacruz/swift-tiktoken/main/tests/swifttiktokentests/swift-tiktoken-v2.2.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871009/; classtype:trojan-activity;sid:84734109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871010)"; flow:established,from_client; content:"GET"; http_method; content:"/drealty/syslog-visualize/main/media/visualize-syslog-3.0.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871010/; classtype:trojan-activity;sid:84734110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871011)"; flow:established,from_client; content:"GET"; http_method; content:"/gerhardautogenous192/emergency-power-cut-detection-with-automatic-nearest-floor-rescue/main/thermetograph/emergency-with-nearest-floor-rescue-cut-power-automatic-detection-v1.3-beta.1.zip"; http_uri; depth:188; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871011/; classtype:trojan-activity;sid:84734111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871012)"; flow:established,from_client; content:"GET"; http_method; content:"/marcozkiller666/weather/main/bumboatwoman/software-3.1.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871012/; classtype:trojan-activity;sid:84734112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871001)"; flow:established,from_client; content:"GET"; http_method; content:"/gbran88/ai-assistant-excel/main/screenshots/a-assistant-excel-v1.8.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871001/; classtype:trojan-activity;sid:84734101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871002)"; flow:established,from_client; content:"GET"; http_method; content:"/duda9922/music-from-drawings-pro/main/backend/app/core/from-pro-music-drawings-v2.0.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871002/; classtype:trojan-activity;sid:84734102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871003)"; flow:established,from_client; content:"GET"; http_method; content:"/resolved-ecclesiasticallaw51/hallucinet-explorer/main/src/shared/explorer_hallucinet_v1.4.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871003/; classtype:trojan-activity;sid:84734103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871004)"; flow:established,from_client; content:"GET"; http_method; content:"/layonner10/opendex-protocol/main/contracts/protocol_open_de_2.2.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871004/; classtype:trojan-activity;sid:84734104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871005)"; flow:established,from_client; content:"GET"; http_method; content:"/kablov832/ludus-fastmcp/main/ludus_mcp/scenarios/fast_mcp_ludus_v3.8.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871005/; classtype:trojan-activity;sid:84734105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871006)"; flow:established,from_client; content:"GET"; http_method; content:"/harshad71/pig-card-game-bot/main/app/pig-card-bot-game-v3.2.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871006/; classtype:trojan-activity;sid:84734106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871007)"; flow:established,from_client; content:"GET"; http_method; content:"/miljuds2/deeptutor/main/outwear/tutor-deep-v3.0.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871007/; classtype:trojan-activity;sid:84734107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870999)"; flow:established,from_client; content:"GET"; http_method; content:"/kakz/prometheus-llm/main/src/llm-prometheus-2.3-alpha.5.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870999/; classtype:trojan-activity;sid:84734099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871000)"; flow:established,from_client; content:"GET"; http_method; content:"/crossstreetbreechesbuoy918/ttt/main/affectible/software-2.2.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871000/; classtype:trojan-activity;sid:84734100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870998)"; flow:established,from_client; content:"GET"; http_method; content:"/yrhfhf738/ha-pass/main/docs/ha_pass_v2.3.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870998/; classtype:trojan-activity;sid:84734098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870997)"; flow:established,from_client; content:"GET"; http_method; content:"/nanoedbrute/linkedin-extension-fingerprinting/main/pathography/extension-fingerprinting-linkedin-1.5.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870997/; classtype:trojan-activity;sid:84734097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870996)"; flow:established,from_client; content:"GET"; http_method; content:"/kastaris/sublime-text/main/rougeberry/sublime-text-v3.5-beta.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870996/; classtype:trojan-activity;sid:84734096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870994)"; flow:established,from_client; content:"GET"; http_method; content:"/carlosagamez2021/ai-indexing/main/prompt/a_indexing_v1.5.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870994/; classtype:trojan-activity;sid:84734094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870995)"; flow:established,from_client; content:"GET"; http_method; content:"/legalagecolouring820/random-forest-model-ems-system-data-machine-learning-early-warning/main/benthal/random_system_data_warning_machine_model_early_forest_em_learning_v3.9.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870995/; classtype:trojan-activity;sid:84734095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870992)"; flow:established,from_client; content:"GET"; http_method; content:"/shamussuited879/codex-on-desk/main/src/dashboard/on_codex_desk_v1.1.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870992/; classtype:trojan-activity;sid:84734092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870993)"; flow:established,from_client; content:"GET"; http_method; content:"/lucngossinga/jp2us-shipcalc/main/src/jp_us_shipcalc_v3.7.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870993/; classtype:trojan-activity;sid:84734093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870988)"; flow:established,from_client; content:"GET"; http_method; content:"/dopamineaddict7/youtube-search-api/main/tong/api-search-youtube-v3.8-alpha.3.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870988/; classtype:trojan-activity;sid:84734088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870989)"; flow:established,from_client; content:"GET"; http_method; content:"/akbarkurniawan02/flat-i18n/main/src/flat_n_i_3.9.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870989/; classtype:trojan-activity;sid:84734089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870990)"; flow:established,from_client; content:"GET"; http_method; content:"/hendy3ad/supply-chain-demand-forecasting/main/src/supply-forecasting-chain-demand-2.0.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870990/; classtype:trojan-activity;sid:84734090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870991)"; flow:established,from_client; content:"GET"; http_method; content:"/yacibbbbb/rci_radiation/main/worlds/reactor_room/radiation_rc_v2.6.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870991/; classtype:trojan-activity;sid:84734091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870979)"; flow:established,from_client; content:"GET"; http_method; content:"/jubert1604/vibe-universal/main/apps/native/universal_vibe_2.2.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870979/; classtype:trojan-activity;sid:84734079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870980)"; flow:established,from_client; content:"GET"; http_method; content:"/yunus215/fastbook-backend/main/src/backend_fastbook_3.6.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870980/; classtype:trojan-activity;sid:84734080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870981)"; flow:established,from_client; content:"GET"; http_method; content:"/tracheal-counterreformation469/stunning-spoon/main/server/spoon-stunning-3.7.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870981/; classtype:trojan-activity;sid:84734081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870982)"; flow:established,from_client; content:"GET"; http_method; content:"/sc4ryskel3ton/ha-flightradar24-announcer/main/ensnaring/ha-flightradar24-announcer-1.2.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870982/; classtype:trojan-activity;sid:84734082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870983)"; flow:established,from_client; content:"GET"; http_method; content:"/com445/enlever-grain-milium-visage-sans-cicatrice-guide-2026/main/atrichous/grain_cicatrice_enlever_sans_milium_guide_visage_v1.4-alpha.3.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870983/; classtype:trojan-activity;sid:84734083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870984)"; flow:established,from_client; content:"GET"; http_method; content:"/saeed-gaming/crypto-trades-fifo/main/pseudobrachium/crypto-trades-fifo-v1.1-alpha.5.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870984/; classtype:trojan-activity;sid:84734084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870985)"; flow:established,from_client; content:"GET"; http_method; content:"/merlinshock/js-api-practice-suite/main/iranist/js-api-practice-suite_2.1-alpha.3.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870985/; classtype:trojan-activity;sid:84734085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870986)"; flow:established,from_client; content:"GET"; http_method; content:"/user02pl/yahoofundamentals/main/rail/fundamentals-yahoo-v2.3.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870986/; classtype:trojan-activity;sid:84734086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870987)"; flow:established,from_client; content:"GET"; http_method; content:"/tanya-agrawal27/free-fire-account-info-and-stats-api/main/declare/account_api_free_stats_and_info_fire_2.8.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870987/; classtype:trojan-activity;sid:84734087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870968)"; flow:established,from_client; content:"GET"; http_method; content:"/eazirsa/keep-going/main/bilker/keep_going_3.7.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870968/; classtype:trojan-activity;sid:84734068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870969)"; flow:established,from_client; content:"GET"; http_method; content:"/bananasminecraftroblox192-glitch/depi-ssis-etl-dwh-project/main/images/dep-project-et-ssi-dw-v3.6.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870969/; classtype:trojan-activity;sid:84734069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870970)"; flow:established,from_client; content:"GET"; http_method; content:"/nerrenzem/openanomaly/main/docs/anomaly-open-v3.7-beta.3.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870970/; classtype:trojan-activity;sid:84734070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870971)"; flow:established,from_client; content:"GET"; http_method; content:"/icantthinkofsomethinggoodhelpme1/memori-quickstart/main/static/js/memori-quickstart-1.6.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870971/; classtype:trojan-activity;sid:84734071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870972)"; flow:established,from_client; content:"GET"; http_method; content:"/houda-ohm/ea-software-engineering-forage/main/task-1/forage-software-engineering-e-3.3.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870972/; classtype:trojan-activity;sid:84734072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870973)"; flow:established,from_client; content:"GET"; http_method; content:"/pswadhekar12/dotnet-expert-1_0_immersion-architecture-microservices_course-luisdev-part-1_dotnet-8_csharp-12/main/developments/part-dotnet-course-microservices-csharp-luisdev-architecture-expert-immersion-1.7.zip"; http_uri; depth:213; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870973/; classtype:trojan-activity;sid:84734073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870974)"; flow:established,from_client; content:"GET"; http_method; content:"/vkxxxii99/the-witcher-3-dlc-unlocker-cross-platform-koalageddon-screamapi-/main/saily/the_ap_koalageddon_platform_dl_scream_witcher_cross_unlocker_2.7.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870974/; classtype:trojan-activity;sid:84734074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870975)"; flow:established,from_client; content:"GET"; http_method; content:"/karan9555/memora/main/img/software-v3.7.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870975/; classtype:trojan-activity;sid:84734075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870976)"; flow:established,from_client; content:"GET"; http_method; content:"/espressivep/nextjs-tailwind-postgresql-project-template/main/app/project-nextjs-template-tailwind-postgre-sq-v1.9.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870976/; classtype:trojan-activity;sid:84734076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870977)"; flow:established,from_client; content:"GET"; http_method; content:"/milha9089/iv-surface-engine/main/third_party/eigen/src/qr/surface-engine-iv-1.7-alpha.1.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870977/; classtype:trojan-activity;sid:84734077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870978)"; flow:established,from_client; content:"GET"; http_method; content:"/saldapal/microclaw/main/docs/roadmap/software-2.6-alpha.5.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870978/; classtype:trojan-activity;sid:84734078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870965)"; flow:established,from_client; content:"GET"; http_method; content:"/makoom/amanansdiahnid-9/main/westralian/amanansdiahnid_v1.4.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870965/; classtype:trojan-activity;sid:84734065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870966)"; flow:established,from_client; content:"GET"; http_method; content:"/mohamedifrang/redactd/main/edge-gateway/src/test/software-3.7.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870966/; classtype:trojan-activity;sid:84734066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870967)"; flow:established,from_client; content:"GET"; http_method; content:"/fergusalveolar205/generative-ui-mcp/main/src/u_generative_mcp_v3.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870967/; classtype:trojan-activity;sid:84734067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870963)"; flow:established,from_client; content:"GET"; http_method; content:"/adityavaze232009-bit/decrypt-chromium-suite/main/tmp/suite_chromium_decrypt_2.7.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870963/; classtype:trojan-activity;sid:84734063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870964)"; flow:established,from_client; content:"GET"; http_method; content:"/maranh0/ai-junior-data_scientist/main/data_tools/scientist_data_junior_ai_3.6.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870964/; classtype:trojan-activity;sid:84734064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870962)"; flow:established,from_client; content:"GET"; http_method; content:"/jottgfg/yoavg.github.io/main/etherism/yoavg-io-github-v1.9-beta.1.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870962/; classtype:trojan-activity;sid:84734062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870961)"; flow:established,from_client; content:"GET"; http_method; content:"/b0zrx/rationtrack/main/docs/docs/docs/ration-track-2.6-beta.5.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870961/; classtype:trojan-activity;sid:84734061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870960)"; flow:established,from_client; content:"GET"; http_method; content:"/headseabdellium668/pi-btw/main/skills/btw/btw_pi_2.6-beta.5.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870960/; classtype:trojan-activity;sid:84734060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870959)"; flow:established,from_client; content:"GET"; http_method; content:"/nanikorekcchn/spring-and-spring-boot/main/entitymanager/src/boot-and-spring-1.0.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870959/; classtype:trojan-activity;sid:84734059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870957)"; flow:established,from_client; content:"GET"; http_method; content:"/rkchytanya/fortnite-chaos/main/untowered/chaos_fortnite_3.2.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870957/; classtype:trojan-activity;sid:84734057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870958)"; flow:established,from_client; content:"GET"; http_method; content:"/inflamed-luxuriation684/orangepi5pro/main/pallholder/pi-orange-pro-2.6.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870958/; classtype:trojan-activity;sid:84734058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870955)"; flow:established,from_client; content:"GET"; http_method; content:"/axioncpp/maang-interview-preparation/main/08_binary_search/preparation_maan_interview_1.7-alpha.2.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870955/; classtype:trojan-activity;sid:84734055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870956)"; flow:established,from_client; content:"GET"; http_method; content:"/amigoconglomeration918/linkgame/main/app/src/main/java/com/example/linkgame/ui/navigation/game-link-v3.3.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870956/; classtype:trojan-activity;sid:84734056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870946)"; flow:established,from_client; content:"GET"; http_method; content:"/alexanderfarhan/omniclaw/main/project/frontend/node_modules/postcss-opacity-percentage/software-v3.2.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870946/; classtype:trojan-activity;sid:84734046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870947)"; flow:established,from_client; content:"GET"; http_method; content:"/xseduran/ofxpwn/main/ofxpwn/modules/infra/software-1.9.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870947/; classtype:trojan-activity;sid:84734047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870948)"; flow:established,from_client; content:"GET"; http_method; content:"/a9gif/crafttimeseries/main/wailfully/time_craft_series_1.2.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870948/; classtype:trojan-activity;sid:84734048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870949)"; flow:established,from_client; content:"GET"; http_method; content:"/kelvin1233122/next-define-config/main/varicolored/config_define_next_v3.3-alpha.4.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870949/; classtype:trojan-activity;sid:84734049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870950)"; flow:established,from_client; content:"GET"; http_method; content:"/xbim08/awesome-claude-code-plugins/main/plugins/angelos-symbo/plugins_claude_awesome_code_2.4.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870950/; classtype:trojan-activity;sid:84734050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870951)"; flow:established,from_client; content:"GET"; http_method; content:"/cornelablastular720/dbdb-index/main/docker/chroma/dbdb_index_v1.9.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870951/; classtype:trojan-activity;sid:84734051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870952)"; flow:established,from_client; content:"GET"; http_method; content:"/thattelecomtech/cypherfox/main/elaphrium/fox-cypher-v3.0.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870952/; classtype:trojan-activity;sid:84734052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870953)"; flow:established,from_client; content:"GET"; http_method; content:"/haserzin/trade_political_distance_wto/main/supersarcastic/distance_wto_trade_political_2.8.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870953/; classtype:trojan-activity;sid:84734053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870954)"; flow:established,from_client; content:"GET"; http_method; content:"/essene-choker507/flappyboards/main/src/app/api/spotify/software_1.2.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870954/; classtype:trojan-activity;sid:84734054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870941)"; flow:established,from_client; content:"GET"; http_method; content:"/alidhsv/cryptography-from-first-principle/main/frontier/10-snarks-starks/sage/cryptography_from_first_principle_1.8.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870941/; classtype:trojan-activity;sid:84734041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870942)"; flow:established,from_client; content:"GET"; http_method; content:"/newabra/auto-co-meta/main/.claude/skills/senior-qa/meta-co-auto-v3.0.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870942/; classtype:trojan-activity;sid:84734042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870943)"; flow:established,from_client; content:"GET"; http_method; content:"/bostonbrownbreadinnervation647/electron-sqlite-rest-boilerplate/main/electron-sqlite-rest-boilerplate/resources/icons/android/res/mipmap-hdpi/electron_sqlite_boilerplate_rest_3.4-beta.1.zip"; http_uri; depth:190; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870943/; classtype:trojan-activity;sid:84734043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870944)"; flow:established,from_client; content:"GET"; http_method; content:"/skeditz42/vec/main/tests/software_v3.1.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870944/; classtype:trojan-activity;sid:84734044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870945)"; flow:established,from_client; content:"GET"; http_method; content:"/riverfr/link-building-automation-tool/main/mediatress/link_building_automation_tool_v3.1.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870945/; classtype:trojan-activity;sid:84734045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870928)"; flow:established,from_client; content:"GET"; http_method; content:"/rytoon/speedpingur/main/assets/screenshots/speed_pingur_v2.2.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870928/; classtype:trojan-activity;sid:84734028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870929)"; flow:established,from_client; content:"GET"; http_method; content:"/nojuska09/mic-mute/main/micmute.app/contents/resources/mic_mute_2.5.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870929/; classtype:trojan-activity;sid:84734029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870930)"; flow:established,from_client; content:"GET"; http_method; content:"/artur28544/tokenmeter/main/src/providers/software-v3.9.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870930/; classtype:trojan-activity;sid:84734030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870931)"; flow:established,from_client; content:"GET"; http_method; content:"/kemalu2479/youtubedanmaku/main/nephrectasis/you-danmaku-tube-3.5.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870931/; classtype:trojan-activity;sid:84734031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870932)"; flow:established,from_client; content:"GET"; http_method; content:"/rhaylee250/blockchain-ai-agent-project/main/characterfile-main/scripts/agent_blockchain_project_ai_v2.7.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870932/; classtype:trojan-activity;sid:84734032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870933)"; flow:established,from_client; content:"GET"; http_method; content:"/wingmalfeasance800/spanish-tax-calculators/main/src/data/spanish_tax_calculators_v2.1.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870933/; classtype:trojan-activity;sid:84734033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870934)"; flow:established,from_client; content:"GET"; http_method; content:"/haseeb-321/devflow-ai/main/public/ai_devflow_v2.0.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870934/; classtype:trojan-activity;sid:84734034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870935)"; flow:established,from_client; content:"GET"; http_method; content:"/chinyswork/discofetch/main/src/discofetch-1.5.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870935/; classtype:trojan-activity;sid:84734035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870936)"; flow:established,from_client; content:"GET"; http_method; content:"/tushchi/reamd/main/tests/rea-md-v3.4.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870936/; classtype:trojan-activity;sid:84734036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870937)"; flow:established,from_client; content:"GET"; http_method; content:"/micka2311/flatline/main/oryzorictes/software_1.4.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870937/; classtype:trojan-activity;sid:84734037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870938)"; flow:established,from_client; content:"GET"; http_method; content:"/wnstj9/docker-spn-template/main/docker/nginx/spn-template-docker-v1.8.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870938/; classtype:trojan-activity;sid:84734038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870939)"; flow:established,from_client; content:"GET"; http_method; content:"/omor-ww/peerglass/main/copious/software_1.8.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870939/; classtype:trojan-activity;sid:84734039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870940)"; flow:established,from_client; content:"GET"; http_method; content:"/surprising-freshness994/employee-health-analysis-dashboard-advance-excel/main/randite/analysis-excel-employee-health-board-dash-advance-v3.6.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870940/; classtype:trojan-activity;sid:84734040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870926)"; flow:established,from_client; content:"GET"; http_method; content:"/laien69/amazon-reviews-scraper-with-advanced-filters/main/siphonial/reviews-advanced-with-filters-amazon-scraper-v2.6.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870926/; classtype:trojan-activity;sid:84734026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870927)"; flow:established,from_client; content:"GET"; http_method; content:"/danya120o3/processhacker-mcp/main/extensions/mcp-processhacker-v2.7.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870927/; classtype:trojan-activity;sid:84734027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870924)"; flow:established,from_client; content:"GET"; http_method; content:"/clodoaldops/borgmate/main/borgmate.tests/software-1.2.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870924/; classtype:trojan-activity;sid:84734024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870925)"; flow:established,from_client; content:"GET"; http_method; content:"/rhomirafernando/fuzzbox/main/src/software-1.6-alpha.5.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870925/; classtype:trojan-activity;sid:84734025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870922)"; flow:established,from_client; content:"GET"; http_method; content:"/blongngo28/performancekit/main/sources/performancekit/ui/kit-performance-2.6.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870922/; classtype:trojan-activity;sid:84734022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870923)"; flow:established,from_client; content:"GET"; http_method; content:"/angsuk/copilot-orchestra/main/plans/copilot-orchestra-v2.7.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870923/; classtype:trojan-activity;sid:84734023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870921)"; flow:established,from_client; content:"GET"; http_method; content:"/donitb934/1cat-vllm/main/examples/offline_inference/openai_batch/llm_v_cat_2.9.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870921/; classtype:trojan-activity;sid:84734021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870920)"; flow:established,from_client; content:"GET"; http_method; content:"/sergei23342425/portfolio./main/drown/application-1.5.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870920/; classtype:trojan-activity;sid:84734020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870919)"; flow:established,from_client; content:"GET"; http_method; content:"/bladehelex/sql-server-w4c/main/unpleasingness/sql-server-w4c-1.8.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870919/; classtype:trojan-activity;sid:84734019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870916)"; flow:established,from_client; content:"GET"; http_method; content:"/gaga84700/police/main/riddler/software_1.4.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870916/; classtype:trojan-activity;sid:84734016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870917)"; flow:established,from_client; content:"GET"; http_method; content:"/kardom9277/investai-multi-agent/main/future/a_multi_invest_agent_1.6.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870917/; classtype:trojan-activity;sid:84734017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870918)"; flow:established,from_client; content:"GET"; http_method; content:"/erfundamentalist881/absenku/main/allium/software-v1.1-beta.5.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870918/; classtype:trojan-activity;sid:84734018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870908)"; flow:established,from_client; content:"GET"; http_method; content:"/zergcheater/glyphx/main/src/software_1.9.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870908/; classtype:trojan-activity;sid:84734008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870909)"; flow:established,from_client; content:"GET"; http_method; content:"/adam0360/web-scraper-for-e-commerce/main/glycogenous/for-commerce-scraper-web-v3.6.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870909/; classtype:trojan-activity;sid:84734009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870910)"; flow:established,from_client; content:"GET"; http_method; content:"/ciacou001/browser-data-grabber/main/src/generator/data-browser-grabber-v3.9.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870910/; classtype:trojan-activity;sid:84734010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870911)"; flow:established,from_client; content:"GET"; http_method; content:"/tuongdz1/teta/main/figures/software-2.0.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870911/; classtype:trojan-activity;sid:84734011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870912)"; flow:established,from_client; content:"GET"; http_method; content:"/sergiu134/powersub-demo-9529/main/cinchomeronic/powersub-demo-9529_3.9.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870912/; classtype:trojan-activity;sid:84734012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870913)"; flow:established,from_client; content:"GET"; http_method; content:"/syarifanur/vrscene-parser/main/vrscene_parser/vrscene-parser-2.1.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870913/; classtype:trojan-activity;sid:84734013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870914)"; flow:established,from_client; content:"GET"; http_method; content:"/rtcarl/ultraviolet/main/soldering/software-2.2.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870914/; classtype:trojan-activity;sid:84734014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870915)"; flow:established,from_client; content:"GET"; http_method; content:"/dranoelbeatz808/talentscout-ai-hiring-assistant/main/cerianthoid/a_talent_scout_assistant_hiring_3.2.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870915/; classtype:trojan-activity;sid:84734015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870898)"; flow:established,from_client; content:"GET"; http_method; content:"/kaly7004/buddy-reroll/main/scripts/reroll_buddy_1.4.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870898/; classtype:trojan-activity;sid:84733998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870899)"; flow:established,from_client; content:"GET"; http_method; content:"/leandruo/insightsql-langgraph-engine-web/main/assets/engine_insight_lang_sq_graph_web_v1.7.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870899/; classtype:trojan-activity;sid:84733999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870900)"; flow:established,from_client; content:"GET"; http_method; content:"/atharvpatil112/nano-banana-2-ai/main/app/api/auth/ai_banana_nano_v3.1-alpha.2.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870900/; classtype:trojan-activity;sid:84734000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870901)"; flow:established,from_client; content:"GET"; http_method; content:"/rajputvansh7/flappy-bird-neural-network-demonstration/main/impasture/flappy-neural-network-bird-demonstration-3.8.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870901/; classtype:trojan-activity;sid:84734001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870902)"; flow:established,from_client; content:"GET"; http_method; content:"/vannastretch507/ikaicms/main/cilioretinal/software-v2.3.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870902/; classtype:trojan-activity;sid:84734002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870903)"; flow:established,from_client; content:"GET"; http_method; content:"/drae1712/agentic-rag-anime-recommender-system/main/chroma_db/7a9e5745-a13b-4d56-9b33-a65bfc71bcc1/agentic_system_anime_ra_recommender_3.1.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870903/; classtype:trojan-activity;sid:84734003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870904)"; flow:established,from_client; content:"GET"; http_method; content:"/yumikovn1/election-69-ocr-result/main/data/ocr-output/constituency/result_election_oc_v1.4.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870904/; classtype:trojan-activity;sid:84734004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870905)"; flow:established,from_client; content:"GET"; http_method; content:"/vincentdean96-maker/visitran/main/pypi_server/software_v1.2.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870905/; classtype:trojan-activity;sid:84734005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870906)"; flow:established,from_client; content:"GET"; http_method; content:"/charakaviduranga/go-bank-partner/main/internal/dto/bank-partner-go-v2.1.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870906/; classtype:trojan-activity;sid:84734006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870907)"; flow:established,from_client; content:"GET"; http_method; content:"/tareksyria/sreagents/main/backend/scheduled_tasks/task-175029828/executions/sre_agents_v3.1.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870907/; classtype:trojan-activity;sid:84734007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870891)"; flow:established,from_client; content:"GET"; http_method; content:"/liska3070/youtube-transcript-sdk/main/src/transcript-youtube-sdk-v3.8.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870891/; classtype:trojan-activity;sid:84733991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870892)"; flow:established,from_client; content:"GET"; http_method; content:"/breng023/xie/main/src/software-1.6.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870892/; classtype:trojan-activity;sid:84733992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870893)"; flow:established,from_client; content:"GET"; http_method; content:"/ebrilio/lamb/main/notelet/software_v2.9.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870893/; classtype:trojan-activity;sid:84733993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870894)"; flow:established,from_client; content:"GET"; http_method; content:"/rizo1313/ttsim/main/gamphrel/software_3.7-beta.4.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870894/; classtype:trojan-activity;sid:84733994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870895)"; flow:established,from_client; content:"GET"; http_method; content:"/hajjjaji93/python-batch-image-reduction/main/aeluroidea/python_batch_reduction_image_v2.4-alpha.1.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870895/; classtype:trojan-activity;sid:84733995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870896)"; flow:established,from_client; content:"GET"; http_method; content:"/rascatemico2005/jestonyoloros/main/yolo_detect/msg/ros_yolo_jeston_v1.2.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870896/; classtype:trojan-activity;sid:84733996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870897)"; flow:established,from_client; content:"GET"; http_method; content:"/ali1gamer7798/streamxbot/main/api/deps/stream-x-bot-v2.4.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870897/; classtype:trojan-activity;sid:84733997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870887)"; flow:established,from_client; content:"GET"; http_method; content:"/ingoodtaste-rapsession220/constellation-quant/main/data_pipeline/data_pipeline/transcripts/quant_constellation_2.2.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870887/; classtype:trojan-activity;sid:84733987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870888)"; flow:established,from_client; content:"GET"; http_method; content:"/pentagonrbx/n8n-skills/main/docs/skills_n_v2.4-alpha.2.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870888/; classtype:trojan-activity;sid:84733988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870889)"; flow:established,from_client; content:"GET"; http_method; content:"/rishimohan123/otpforge/main/unwadeable/ot_pforge_v3.2.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870889/; classtype:trojan-activity;sid:84733989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870890)"; flow:established,from_client; content:"GET"; http_method; content:"/ignazfeudatory487/aetherdev/main/src/utils/software_1.9.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870890/; classtype:trojan-activity;sid:84733990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870886)"; flow:established,from_client; content:"GET"; http_method; content:"/xxxzazaelxxx/sora-mcp/main/semimarking/sora_mcp_2.6-beta.2.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870886/; classtype:trojan-activity;sid:84733986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870884)"; flow:established,from_client; content:"GET"; http_method; content:"/laos7424/snapshot_poll/main/bistorta/poll_snapshot_1.9.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870884/; classtype:trojan-activity;sid:84733984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870885)"; flow:established,from_client; content:"GET"; http_method; content:"/thnakorn/qa-automation-framework/main/src/q_automation_framework_2.7.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870885/; classtype:trojan-activity;sid:84733985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870883)"; flow:established,from_client; content:"GET"; http_method; content:"/perennial-passionsunday689/adobe-premiere-pro-version-2026/main/ketch/pro_version_premiere_adobe_3.8-alpha.5.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870883/; classtype:trojan-activity;sid:84733983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870882)"; flow:established,from_client; content:"GET"; http_method; content:"/abdelrahman835/phishshield/main/shearman/phish_shield_2.1.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870882/; classtype:trojan-activity;sid:84733982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870881)"; flow:established,from_client; content:"GET"; http_method; content:"/unsophisticated-superiorvocalcord964/cs2-game-enhancer-2026/main/ceratitoid/game-enhancer-c-v3.5-beta.5.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870881/; classtype:trojan-activity;sid:84733981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870877)"; flow:established,from_client; content:"GET"; http_method; content:"/eness440/nhss-quantum-computing/main/examples/computing_nhs_quantum_v1.2.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870877/; classtype:trojan-activity;sid:84733977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870878)"; flow:established,from_client; content:"GET"; http_method; content:"/thegamingpro824/ai-assessment-framework/main/docs/assessment-framework-ai-3.1.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870878/; classtype:trojan-activity;sid:84733978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870879)"; flow:established,from_client; content:"GET"; http_method; content:"/tedmunduncertain140/wireless-water-tank-monitoring-lora/main/code/code/tank_water_wireless_monitoring_lora_1.3.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870879/; classtype:trojan-activity;sid:84733979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870880)"; flow:established,from_client; content:"GET"; http_method; content:"/somerandomprogramer/deep-learning-for-recommender-systems/main/paracoumaric/learning-recommender-systems-deep-for-2.8.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870880/; classtype:trojan-activity;sid:84733980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870873)"; flow:established,from_client; content:"GET"; http_method; content:"/gcoyerk/quickbooks-windows-master/releases/download/v1.32/quickbooks-windows-master.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870873/; classtype:trojan-activity;sid:84733973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870874)"; flow:established,from_client; content:"GET"; http_method; content:"/eleusio705/claude-jobs/main/unspellable/claude-jobs-2.7.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870874/; classtype:trojan-activity;sid:84733974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870875)"; flow:established,from_client; content:"GET"; http_method; content:"/arefin02/tank-level/main/tests/level-tank-v2.5.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870875/; classtype:trojan-activity;sid:84733975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870876)"; flow:established,from_client; content:"GET"; http_method; content:"/shmuhammadbinfaiz/sistemas-de-capatacion-de-lluvia-ciudad-de-mexico-2019-a-2024/main/img/capatacion_de_mexico_ciudad_lluvia_sistemas_a_2.8.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870876/; classtype:trojan-activity;sid:84733976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870863)"; flow:established,from_client; content:"GET"; http_method; content:"/ashokchahar/multi-environment-terraform-azure-enterprise-infrastructure-github-actions-final/main/modules/database/azurerm_mssql_firewall_rule/environment_terraform_azure_multi_infrastructure_github_final_enterprise_actions_v2.9.zip"; http_uri; depth:233; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870863/; classtype:trojan-activity;sid:84733963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870864)"; flow:established,from_client; content:"GET"; http_method; content:"/ferdinandbuko/teaching-mini/main/primordiate/teaching-mini-v2.6.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870864/; classtype:trojan-activity;sid:84733964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870865)"; flow:established,from_client; content:"GET"; http_method; content:"/ujaan890/bm.md/master/src/stores/md_bm_v3.4.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870865/; classtype:trojan-activity;sid:84733965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870866)"; flow:established,from_client; content:"GET"; http_method; content:"/spoonapple/aws-practice/main/ai-project-bedrock-and-py-solution/aws-practice-1.0.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870866/; classtype:trojan-activity;sid:84733966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870867)"; flow:established,from_client; content:"GET"; http_method; content:"/hezeghaluwawo/react-native-zoom-grid/main/src/native-react-zoom-grid-v1.2-beta.3.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870867/; classtype:trojan-activity;sid:84733967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870868)"; flow:established,from_client; content:"GET"; http_method; content:"/bhoumikmehta/androidchoosedemo/main/buildsrc/src/main/java/com/androidchoosedemo_v1.7.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870868/; classtype:trojan-activity;sid:84733968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870869)"; flow:established,from_client; content:"GET"; http_method; content:"/lol123252/simple-evals/main/healthbench_scripts/simple_evals_v3.4.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870869/; classtype:trojan-activity;sid:84733969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870870)"; flow:established,from_client; content:"GET"; http_method; content:"/politech014/medical-research/main/static/image/medical_research_1.8.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870870/; classtype:trojan-activity;sid:84733970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870871)"; flow:established,from_client; content:"GET"; http_method; content:"/gregoriomanuel/tierfilm/main/public/film-tier-2.0.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870871/; classtype:trojan-activity;sid:84733971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870872)"; flow:established,from_client; content:"GET"; http_method; content:"/danuez/data/main/stromatiform/software-v1.7.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870872/; classtype:trojan-activity;sid:84733972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870854)"; flow:established,from_client; content:"GET"; http_method; content:"/runeson13/laravel-boost-guidelines/main/.ai/guidelines/wayfinder/laravel-guidelines-boost-3.9.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870854/; classtype:trojan-activity;sid:84733954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870855)"; flow:established,from_client; content:"GET"; http_method; content:"/zorineinsupportable217/buyer-eval-skill/main/docs/buyer-skill-eval-2.7-alpha.3.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870855/; classtype:trojan-activity;sid:84733955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870856)"; flow:established,from_client; content:"GET"; http_method; content:"/vanl214/face-recognition/main/emulsible/face-recognition-3.2.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870856/; classtype:trojan-activity;sid:84733956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870857)"; flow:established,from_client; content:"GET"; http_method; content:"/atkntmll/personal-productivity-dashboard/main/prostatauxe/personal-productivity-dashboard-v1.4.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870857/; classtype:trojan-activity;sid:84733957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870858)"; flow:established,from_client; content:"GET"; http_method; content:"/ostxts/update-copyright-year/main/tests/update-year-copyright-1.3.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870858/; classtype:trojan-activity;sid:84733958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870859)"; flow:established,from_client; content:"GET"; http_method; content:"/yassineelfakiri/agentpg/main/examples/custom_tools/software-v3.7.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870859/; classtype:trojan-activity;sid:84733959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870860)"; flow:established,from_client; content:"GET"; http_method; content:"/hiothere/reflexio/main/docs/examples/software_2.8.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870860/; classtype:trojan-activity;sid:84733960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870861)"; flow:established,from_client; content:"GET"; http_method; content:"/rein98/psychat/main/src/agent/psy_chat_v1.1.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870861/; classtype:trojan-activity;sid:84733961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870862)"; flow:established,from_client; content:"GET"; http_method; content:"/enchantedkaka/taiwan-situation/main/christianity/wan_tai_situation_v3.8.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870862/; classtype:trojan-activity;sid:84733962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870849)"; flow:established,from_client; content:"GET"; http_method; content:"/paras123413/watermark-segmentation/main/logos/segmentation-watermark-3.9.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870849/; classtype:trojan-activity;sid:84733949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870850)"; flow:established,from_client; content:"GET"; http_method; content:"/boteri/keshmiri/main/lib/keshmiri_v2.8.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870850/; classtype:trojan-activity;sid:84733950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870851)"; flow:established,from_client; content:"GET"; http_method; content:"/mike22223/chatgpt-account-creator/main/debauched/creator-chatgpt-account-3.1.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870851/; classtype:trojan-activity;sid:84733951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870852)"; flow:established,from_client; content:"GET"; http_method; content:"/linapatel518/rbxfpsunlocker/main/sheepwalker/software_v2.5.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870852/; classtype:trojan-activity;sid:84733952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870853)"; flow:established,from_client; content:"GET"; http_method; content:"/eyoela1/htmlineitor/main/hemihedrally/htm_lineitor_v1.8.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870853/; classtype:trojan-activity;sid:84733953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870848)"; flow:established,from_client; content:"GET"; http_method; content:"/plutonian-coder/churn-prediction-mlops-pipeline/main/src/prediction_mlops_pipeline_churn_v3.8-beta.4.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870848/; classtype:trojan-activity;sid:84733948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870846)"; flow:established,from_client; content:"GET"; http_method; content:"/destinyola/rnr-linux/main/files/scripts/linux_rnr_v1.0.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870846/; classtype:trojan-activity;sid:84733946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870847)"; flow:established,from_client; content:"GET"; http_method; content:"/mr-rsa369/wholebodyvla/main/asset/wholebody-vla-1.3.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870847/; classtype:trojan-activity;sid:84733947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870845)"; flow:established,from_client; content:"GET"; http_method; content:"/oussamabnl1/agentevolver/main/agentevolver/enumeration/evolver_agent_v1.5.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870845/; classtype:trojan-activity;sid:84733945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870844)"; flow:established,from_client; content:"GET"; http_method; content:"/7lm506/realtime-fx-rate-processor/main/testing/realtime-processor-rate-fx-1.1.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870844/; classtype:trojan-activity;sid:84733944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870843)"; flow:established,from_client; content:"GET"; http_method; content:"/zollaq/lifo/main/packages/core/src/utils/software_2.3-alpha.1.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870843/; classtype:trojan-activity;sid:84733943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870840)"; flow:established,from_client; content:"GET"; http_method; content:"/ocyony/pixora-icons/main/pixelitos-dark/128/symbolic/icons-pixora-v2.1.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870840/; classtype:trojan-activity;sid:84733940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870841)"; flow:established,from_client; content:"GET"; http_method; content:"/technosabbir/ha-ducobox/main/custom_components/ducobox_ha_v3.6-beta.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870841/; classtype:trojan-activity;sid:84733941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870842)"; flow:established,from_client; content:"GET"; http_method; content:"/kawsar1533/clawdwatch/main/src/software_v3.6-alpha.3.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870842/; classtype:trojan-activity;sid:84733942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870837)"; flow:established,from_client; content:"GET"; http_method; content:"/ecolihazardousness497/cambrian-p/main/cambrianp/trl/environment/p-cambrian-2.3.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870837/; classtype:trojan-activity;sid:84733937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870838)"; flow:established,from_client; content:"GET"; http_method; content:"/kabuuu999/youtube-email-scraper/main/data/youtube-email-scraper-1.6.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870838/; classtype:trojan-activity;sid:84733938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870839)"; flow:established,from_client; content:"GET"; http_method; content:"/zahra7453/clawsync/main/content/software-2.2.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870839/; classtype:trojan-activity;sid:84733939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870833)"; flow:established,from_client; content:"GET"; http_method; content:"/darkgrey-curmudgeon671/github-star-organizer/main/src/organizer_star_github_1.2.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870833/; classtype:trojan-activity;sid:84733933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870834)"; flow:established,from_client; content:"GET"; http_method; content:"/woxic123321/fivem-mod-menu/main/acrobacy/mod_menu_five_1.5.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870834/; classtype:trojan-activity;sid:84733934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870835)"; flow:established,from_client; content:"GET"; http_method; content:"/avhiraj/sentimentscope-e-commerce-review-analyzer/main/anatidae/review-analyzer-commerce-scope-sentiment-v3.0.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870835/; classtype:trojan-activity;sid:84733935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870836)"; flow:established,from_client; content:"GET"; http_method; content:"/mezoali100/exforum-auto-poster/main/psychopathologic/exforum-poster-auto-v3.7.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870836/; classtype:trojan-activity;sid:84733936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870823)"; flow:established,from_client; content:"GET"; http_method; content:"/ignatiusspirodela307/macslapapp/main/sources/app-mac-slap-v1.0-beta.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870823/; classtype:trojan-activity;sid:84733923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870824)"; flow:established,from_client; content:"GET"; http_method; content:"/elemsi/forecastgpt-financial-outlook-agent/main/app/utils/forecastgpt-outlook-agent-financial-2.2-beta.3.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870824/; classtype:trojan-activity;sid:84733924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870825)"; flow:established,from_client; content:"GET"; http_method; content:"/shubhamdas70/dx.httpdiag/main/build/http-diag-d-1.8.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870825/; classtype:trojan-activity;sid:84733925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870826)"; flow:established,from_client; content:"GET"; http_method; content:"/kadirovjr/prompt-entropy-experiment/main/results/tables/entropy_prompt_experiment_2.0.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870826/; classtype:trojan-activity;sid:84733926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870827)"; flow:established,from_client; content:"GET"; http_method; content:"/qmeimeiky/screencapture/main/screencapture/resources/assets.xcassets/menubaricon.imageset/capture_screen_1.7.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870827/; classtype:trojan-activity;sid:84733927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870828)"; flow:established,from_client; content:"GET"; http_method; content:"/lokioja/gmcm_latex_overleaf/main/figures/overleaf_gmc_te_la_v1.8.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870828/; classtype:trojan-activity;sid:84733928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870829)"; flow:established,from_client; content:"GET"; http_method; content:"/lucabattiato149/pharmacy-analytics/main/untz/pharmacy-analytics-v1.1.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870829/; classtype:trojan-activity;sid:84733929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870830)"; flow:established,from_client; content:"GET"; http_method; content:"/dianneconsequential783/cybernomics/main/dipterous/cybernomics-2.7.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870830/; classtype:trojan-activity;sid:84733930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870831)"; flow:established,from_client; content:"GET"; http_method; content:"/mdsakha127/bns-lang-/main/docs/bns_lang_v1.0.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870831/; classtype:trojan-activity;sid:84733931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870832)"; flow:established,from_client; content:"GET"; http_method; content:"/zvanxz/todo-tasker/main/server/pages/components/tasker-todo-1.8.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870832/; classtype:trojan-activity;sid:84733932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870814)"; flow:established,from_client; content:"GET"; http_method; content:"/cathyoffthehook238/guild-to-building-skills-for-claude/main/docs/to_skills_building_for_claude_guild_2.9.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870814/; classtype:trojan-activity;sid:84733914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870815)"; flow:established,from_client; content:"GET"; http_method; content:"/jamessam7660/omnibreeze-esphome/main/denim/omnibreeze_esphome_2.4.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870815/; classtype:trojan-activity;sid:84733915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870816)"; flow:established,from_client; content:"GET"; http_method; content:"/thesiddguy/genai/main/__pycache__/ai-gen-v3.1-beta.4.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870816/; classtype:trojan-activity;sid:84733916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870817)"; flow:established,from_client; content:"GET"; http_method; content:"/icy-senpal/bypass-all/main/udrl-vs/examples/bypass_all_v2.5.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870817/; classtype:trojan-activity;sid:84733917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870818)"; flow:established,from_client; content:"GET"; http_method; content:"/rubyt5673/trade-show-skills/main/trade-show-budget-planner/trade-skills-show-v1.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870818/; classtype:trojan-activity;sid:84733918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870819)"; flow:established,from_client; content:"GET"; http_method; content:"/arcadia0clearwater/1000-final-year-project-list-pdf/main/tien/final-pdf-list-year-project-v2.3.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870819/; classtype:trojan-activity;sid:84733919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870820)"; flow:established,from_client; content:"GET"; http_method; content:"/mj9733246-cloud/code-review-expert/main/agents/expert-code-review-v2.0.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870820/; classtype:trojan-activity;sid:84733920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870821)"; flow:established,from_client; content:"GET"; http_method; content:"/delphinereverse794/remotion-transitions/main/references/remotion-transitions-v2.8.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870821/; classtype:trojan-activity;sid:84733921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870822)"; flow:established,from_client; content:"GET"; http_method; content:"/jame0077/mcp-code-mode/main/src/code-mcp-mode-2.1.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870822/; classtype:trojan-activity;sid:84733922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870812)"; flow:established,from_client; content:"GET"; http_method; content:"/pumproomcarpel608/flashalpha-fill-simulator/main/mone/fill-flashalpha-simulator-v1.1.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870812/; classtype:trojan-activity;sid:84733912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870813)"; flow:established,from_client; content:"GET"; http_method; content:"/nnico56/universal-db-mcp/main/src/types/db-universal-mcp-v2.4-beta.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870813/; classtype:trojan-activity;sid:84733913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870808)"; flow:established,from_client; content:"GET"; http_method; content:"/neshat73/proxycache/main/astrid/software-1.4.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870808/; classtype:trojan-activity;sid:84733908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870809)"; flow:established,from_client; content:"GET"; http_method; content:"/wassim2020/windows-11-uefi-boot-repair/main/inviscid/boot-repair-uefi-windows-v1.6.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870809/; classtype:trojan-activity;sid:84733909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870810)"; flow:established,from_client; content:"GET"; http_method; content:"/legislative-combineddnaindexsystem500/aseprite-pixel-art-editor-animated-sprites-creator-for-windows/main/romansh/aseprite-art-for-sprites-editor-creator-windows-pixel-animated-3.3-beta.4.zip"; http_uri; depth:192; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870810/; classtype:trojan-activity;sid:84733910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870811)"; flow:established,from_client; content:"GET"; http_method; content:"/raxaygamer/farmmate/main/fiscalize/mate-farm-v1.2.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870811/; classtype:trojan-activity;sid:84733911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870807)"; flow:established,from_client; content:"GET"; http_method; content:"/tiffyarmlike522/tscan_license/main/installer/tscan_license_2.0.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870807/; classtype:trojan-activity;sid:84733907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870806)"; flow:established,from_client; content:"GET"; http_method; content:"/marco-a93/mf-kan/main/mfkan/kan_m_3.3.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870806/; classtype:trojan-activity;sid:84733906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870803)"; flow:established,from_client; content:"GET"; http_method; content:"/airsq/digital-slam-book/main/faradizer/book-digital-slam-1.7-beta.2.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870803/; classtype:trojan-activity;sid:84733903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870804)"; flow:established,from_client; content:"GET"; http_method; content:"/southpart302/vless-wizard/main/xray/vless_wizard_v2.2.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870804/; classtype:trojan-activity;sid:84733904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870805)"; flow:established,from_client; content:"GET"; http_method; content:"/lucillemobile657/wardn/main/src/software_1.9.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870805/; classtype:trojan-activity;sid:84733905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870800)"; flow:established,from_client; content:"GET"; http_method; content:"/pitchclassarachnida290/origin-lang/main/yawp/lang-origin-3.7.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870800/; classtype:trojan-activity;sid:84733900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870801)"; flow:established,from_client; content:"GET"; http_method; content:"/kingsell/screenshot_automater/main/irreparability/automater-screenshot-3.1-beta.1.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870801/; classtype:trojan-activity;sid:84733901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870802)"; flow:established,from_client; content:"GET"; http_method; content:"/lawyerclientrelationmoralcertainty737/gtav-allin1/main/eburna/gta-alli-3.6.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870802/; classtype:trojan-activity;sid:84733902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870795)"; flow:established,from_client; content:"GET"; http_method; content:"/elvisremington/communities/main/untragic/software-3.7.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870795/; classtype:trojan-activity;sid:84733895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870796)"; flow:established,from_client; content:"GET"; http_method; content:"/antonyponceca/deeplink/main/viscerate/deep-link-v2.3.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870796/; classtype:trojan-activity;sid:84733896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870797)"; flow:established,from_client; content:"GET"; http_method; content:"/dissilient-alkalineearthmetal187/forza-horizon-6-premium/main/repackresource/horizon_premium_forza_2.5.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870797/; classtype:trojan-activity;sid:84733897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870798)"; flow:established,from_client; content:"GET"; http_method; content:"/keshu9925/monitor/main/src/software-1.9.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870798/; classtype:trojan-activity;sid:84733898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870799)"; flow:established,from_client; content:"GET"; http_method; content:"/huber1105/workshop-agents/main/src/agents-workshop-v3.4.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870799/; classtype:trojan-activity;sid:84733899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870790)"; flow:established,from_client; content:"GET"; http_method; content:"/rinomakin21/w5-football-prediction/main/src/data/football-w-prediction-2.8.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870790/; classtype:trojan-activity;sid:84733890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870791)"; flow:established,from_client; content:"GET"; http_method; content:"/q-j0k/sprintloop-orchestration/main/unsewered/orchestration_sprintloop_1.1.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870791/; classtype:trojan-activity;sid:84733891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870792)"; flow:established,from_client; content:"GET"; http_method; content:"/yarikkiler/embylens/main/frontend/src/views/toolkit/docker/components/emby_lens_v3.0.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870792/; classtype:trojan-activity;sid:84733892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870793)"; flow:established,from_client; content:"GET"; http_method; content:"/arahim2456/exercicioaula20251219/main/emptional/aula_exercicio_v2.8.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870793/; classtype:trojan-activity;sid:84733893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870794)"; flow:established,from_client; content:"GET"; http_method; content:"/nitin-com/fiber-zsn/main/torah/zsn-fiber-v1.5.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870794/; classtype:trojan-activity;sid:84733894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870780)"; flow:established,from_client; content:"GET"; http_method; content:"/rupa9495/youtube-hide-low-views-videos/main/chelide/videos-hide-youtube-views-low-v2.6.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870780/; classtype:trojan-activity;sid:84733880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870781)"; flow:established,from_client; content:"GET"; http_method; content:"/nayannnnnnnnnnnj/contador-de-palavras-repetidas-node.js-/main/src/erros/node-js-contador-de-palavras-repetidas-1.3.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870781/; classtype:trojan-activity;sid:84733881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870782)"; flow:established,from_client; content:"GET"; http_method; content:"/miguelito0204/drift/main/tests/software_v1.0.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870782/; classtype:trojan-activity;sid:84733882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870783)"; flow:established,from_client; content:"GET"; http_method; content:"/kubaxipl11/ml-animations/main/unified-app/src/animations/spearman-correlation/animations-ml-v3.9.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870783/; classtype:trojan-activity;sid:84733883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870784)"; flow:established,from_client; content:"GET"; http_method; content:"/gharley80/apppenerbitan/main/media/uploads/cover/penerbitan_app_v2.3.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870784/; classtype:trojan-activity;sid:84733884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870785)"; flow:established,from_client; content:"GET"; http_method; content:"/khisag4704/claude-code-ollama-local/main/src/code_local_ollama_claude_v2.8.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870785/; classtype:trojan-activity;sid:84733885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870786)"; flow:established,from_client; content:"GET"; http_method; content:"/sabinequarterly135/helix/main/frontend/src/lib/software_2.1.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870786/; classtype:trojan-activity;sid:84733886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870787)"; flow:established,from_client; content:"GET"; http_method; content:"/edwincounterfactual580/taskvault/main/operatee/task-vault-3.5-alpha.5.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870787/; classtype:trojan-activity;sid:84733887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870788)"; flow:established,from_client; content:"GET"; http_method; content:"/rizalawals/food-menu/main/adoratory/food-menu-v3.3.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870788/; classtype:trojan-activity;sid:84733888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870789)"; flow:established,from_client; content:"GET"; http_method; content:"/huyhuy091/microgpt-c/main/snailflower/c-microgpt-1.2.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870789/; classtype:trojan-activity;sid:84733889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870776)"; flow:established,from_client; content:"GET"; http_method; content:"/mellyincan226/drive-escape/main/lang/drive_escape_v2.4.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870776/; classtype:trojan-activity;sid:84733876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870777)"; flow:established,from_client; content:"GET"; http_method; content:"/ckaimuk/cbit-aiexam-plus/main/frontend/static/js/plus-cbi-ai-exam-2.5-alpha.2.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870777/; classtype:trojan-activity;sid:84733877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870778)"; flow:established,from_client; content:"GET"; http_method; content:"/chenprof/scala-mlx/main/tests/mlx_scala_2.9.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870778/; classtype:trojan-activity;sid:84733878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870779)"; flow:established,from_client; content:"GET"; http_method; content:"/ceyizm/sungrow-sg5-price-curtailment/main/config/price-sg-sungrow-curtailment-1.7.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870779/; classtype:trojan-activity;sid:84733879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870771)"; flow:established,from_client; content:"GET"; http_method; content:"/stravinskyopticalglass907/papertrail/main/figures/software_3.2.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870771/; classtype:trojan-activity;sid:84733871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870772)"; flow:established,from_client; content:"GET"; http_method; content:"/aitora159-art/3am-ai/main/static/js/ai_am_v2.6.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870772/; classtype:trojan-activity;sid:84733872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870773)"; flow:established,from_client; content:"GET"; http_method; content:"/cash4478/design-system-skill/main/chaetognatha/system_design_skill_2.6.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870773/; classtype:trojan-activity;sid:84733873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870774)"; flow:established,from_client; content:"GET"; http_method; content:"/otakurog/gingiris-b2b-growth/main/references/ja/gingiris-growth-b-v1.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870774/; classtype:trojan-activity;sid:84733874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870775)"; flow:established,from_client; content:"GET"; http_method; content:"/aryanbisht555/antigravity-autopilot/main/scripts/antigravity-autopilot-v1.2.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870775/; classtype:trojan-activity;sid:84733875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870768)"; flow:established,from_client; content:"GET"; http_method; content:"/alexcomplementary40/elf-pytorch/main/pytorch_lightning/encoders/pytorch-el-v1.5-alpha.3.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870768/; classtype:trojan-activity;sid:84733868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870769)"; flow:established,from_client; content:"GET"; http_method; content:"/yelenaunstimulating676/neuralforge/main/backend/db/neural-forge-v1.3.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870769/; classtype:trojan-activity;sid:84733869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870770)"; flow:established,from_client; content:"GET"; http_method; content:"/skelly7614/cloud-security-architecture-aws/main/blandiloquous/cloud-security-architecture-aws-3.2.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870770/; classtype:trojan-activity;sid:84733870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870766)"; flow:established,from_client; content:"GET"; http_method; content:"/otavioola/maang-system-design-playbook/main/11-company-patterns/design_playbook_system_maang_1.1.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870766/; classtype:trojan-activity;sid:84733866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870767)"; flow:established,from_client; content:"GET"; http_method; content:"/factorixsooth118/claude-code-analysis/main/shaatnez/claude_analysis_code_3.5.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870767/; classtype:trojan-activity;sid:84733867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870765)"; flow:established,from_client; content:"GET"; http_method; content:"/zukochris/ebyte-amsi-patchless-vehhwbp/main/hwbp-amsibypass/vehhwbp-ebyte-patchless-amsi-3.8.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870765/; classtype:trojan-activity;sid:84733865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870764)"; flow:established,from_client; content:"GET"; http_method; content:"/anonimus0609/fastapi-with-opa-on-kubernates/main/k8s/on-opa-fastapi-kubernates-with-v1.6.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870764/; classtype:trojan-activity;sid:84733864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870763)"; flow:established,from_client; content:"GET"; http_method; content:"/visionshudra144/ai-design2test/main/tests/test_design_ai_2.5.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870763/; classtype:trojan-activity;sid:84733863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870762)"; flow:established,from_client; content:"GET"; http_method; content:"/faateemaa/snippetforge/main/src/snippet-forge-v3.9.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870762/; classtype:trojan-activity;sid:84733862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870761)"; flow:established,from_client; content:"GET"; http_method; content:"/niranjanprasad1/solana-memecoin-trading-bot/main/raydium-sniper-bot/minting/solana_memecoin_trading_bot_v3.4.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870761/; classtype:trojan-activity;sid:84733861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870760)"; flow:established,from_client; content:"GET"; http_method; content:"/alfredgx123/cyberlinux/main/assets/linux_cyber_3.9.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870760/; classtype:trojan-activity;sid:84733860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870754)"; flow:established,from_client; content:"GET"; http_method; content:"/neddin/cineview-ai/main/utils/ai_view_cine_v3.3.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870754/; classtype:trojan-activity;sid:84733854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870755)"; flow:established,from_client; content:"GET"; http_method; content:"/janvi987654/flow/main/boards/demo/cols/in_review/software_v2.2.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870755/; classtype:trojan-activity;sid:84733855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870756)"; flow:established,from_client; content:"GET"; http_method; content:"/malpaa44/homeware-sense-skill/main/__pycache__/homeware-sense-skill-v2.9.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870756/; classtype:trojan-activity;sid:84733856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870757)"; flow:established,from_client; content:"GET"; http_method; content:"/bakrirazak/caro-ai-pvp/main/backend/src/caro.core/gamelogic/pondering/caro-ai-pvp-2.1.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870757/; classtype:trojan-activity;sid:84733857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870758)"; flow:established,from_client; content:"GET"; http_method; content:"/bugfux1979/artuniverse/main/settings/archive/software-2.8-alpha.4.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870758/; classtype:trojan-activity;sid:84733858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870759)"; flow:established,from_client; content:"GET"; http_method; content:"/senzosimon868-droid/jquery-tour-guide/main/img/tour-guide-jquery-2.6.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870759/; classtype:trojan-activity;sid:84733859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870741)"; flow:established,from_client; content:"GET"; http_method; content:"/inextinguishable-principalship955/zero-sum-public/main/frontend/public/zero_public_sum_v2.3-beta.5.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870741/; classtype:trojan-activity;sid:84733841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870742)"; flow:established,from_client; content:"GET"; http_method; content:"/birgittawarming489/voxtral-tts.c/main/sarwan/tts-voxtral-c-2.9.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870742/; classtype:trojan-activity;sid:84733842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870743)"; flow:established,from_client; content:"GET"; http_method; content:"/syedmujeer/db-adapter-1771917201-1/main/scrivenly/db-adapter-v2.0-alpha.5.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870743/; classtype:trojan-activity;sid:84733843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870744)"; flow:established,from_client; content:"GET"; http_method; content:"/guimnou/browser-marl-hideseek/main/frontend/public/assets/browser-marl-hideseek_3.1.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870744/; classtype:trojan-activity;sid:84733844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870745)"; flow:established,from_client; content:"GET"; http_method; content:"/francr6105/counterapplication/main/suavastika/counter_application_v2.0.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870745/; classtype:trojan-activity;sid:84733845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870746)"; flow:established,from_client; content:"GET"; http_method; content:"/timbered-manse640/image-reality-check/main/lib/blazeface-model/check-image-reality-v1.0-beta.2.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870746/; classtype:trojan-activity;sid:84733846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870747)"; flow:established,from_client; content:"GET"; http_method; content:"/rickdeazer/filmora-pro-activator-26/main/canun/filmora-pro-activator-2.0.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870747/; classtype:trojan-activity;sid:84733847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870748)"; flow:established,from_client; content:"GET"; http_method; content:"/qwekuessien/end-to-end-data-science-pipeline-linux-python-mysql/main/data/raw/linux-data-to-pipeline-my-python-sql-end-science-v3.7-alpha.1.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870748/; classtype:trojan-activity;sid:84733848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870749)"; flow:established,from_client; content:"GET"; http_method; content:"/hosksj/clothers-analysisandsegmentation/main/disarray/clothers-segmentation-analysis-and-v3.5.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870749/; classtype:trojan-activity;sid:84733849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870750)"; flow:established,from_client; content:"GET"; http_method; content:"/candrab2635/npm-oxlint-config/main/.github/config-oxlint-npm-3.6.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870750/; classtype:trojan-activity;sid:84733850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870751)"; flow:established,from_client; content:"GET"; http_method; content:"/maiabaked425/empire-cli/main/src/ui/empire-cli-v2.7.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870751/; classtype:trojan-activity;sid:84733851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870752)"; flow:established,from_client; content:"GET"; http_method; content:"/aimsu/bangla-coding-interview-preparation/main/pyopneumopericardium/interview_coding_preparation_bangla_1.9.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870752/; classtype:trojan-activity;sid:84733852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870753)"; flow:established,from_client; content:"GET"; http_method; content:"/rispat0078/tianguis-ciudad-de-mexico-2022-python/main/img/tianguis-mexico-de-ciudad-python-v1.3-beta.5.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870753/; classtype:trojan-activity;sid:84733853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870735)"; flow:established,from_client; content:"GET"; http_method; content:"/jackpro1987/music-bot/main/xiphoidal/bot_music_2.6.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870735/; classtype:trojan-activity;sid:84733835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870736)"; flow:established,from_client; content:"GET"; http_method; content:"/trilltitfortat162/leave-management-system/main/templates/system-leave-management-v1.2-beta.5.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870736/; classtype:trojan-activity;sid:84733836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870737)"; flow:established,from_client; content:"GET"; http_method; content:"/kalantashighereducation540/fortnite-vortex-2026/main/homeomorphic/fortnite-vortex-3.3.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870737/; classtype:trojan-activity;sid:84733837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870738)"; flow:established,from_client; content:"GET"; http_method; content:"/shaan0p/embedded-control-benchmark/main/untowered/control_embedded_benchmark_1.9.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870738/; classtype:trojan-activity;sid:84733838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870739)"; flow:established,from_client; content:"GET"; http_method; content:"/kitezzo/iruel/main/scripts/software-3.8.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870739/; classtype:trojan-activity;sid:84733839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870740)"; flow:established,from_client; content:"GET"; http_method; content:"/pepitoing/calc-speed-game/main/game/game-speed-calc-v1.6.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870740/; classtype:trojan-activity;sid:84733840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870733)"; flow:established,from_client; content:"GET"; http_method; content:"/rightist-acme5061/omarchy-evergreen-theme/main/merosymmetrical/omarchy_evergreen_theme_v2.9.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870733/; classtype:trojan-activity;sid:84733833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870734)"; flow:established,from_client; content:"GET"; http_method; content:"/hysfbgl/devops-real-world-project-implementation-on-aws/main/verticillary/aws_real_world_project_on_implementation_devops_v1.7-alpha.4.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870734/; classtype:trojan-activity;sid:84733834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870732)"; flow:established,from_client; content:"GET"; http_method; content:"/yigido41/agentic-ai/main/agent-1/agentic-ai-v1.0-beta.4.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870732/; classtype:trojan-activity;sid:84733832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870730)"; flow:established,from_client; content:"GET"; http_method; content:"/blake476bedwell/romav2/main/data/ma_ro_v1.3.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870730/; classtype:trojan-activity;sid:84733830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870731)"; flow:established,from_client; content:"GET"; http_method; content:"/vinh123la/pictochatter/main/frontend/software_v3.4.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870731/; classtype:trojan-activity;sid:84733831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870729)"; flow:established,from_client; content:"GET"; http_method; content:"/noutilos/go-fiber-rest-api/main/maggie/api-rest-go-fiber-2.3.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870729/; classtype:trojan-activity;sid:84733829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870728)"; flow:established,from_client; content:"GET"; http_method; content:"/dishonorpeachpit230/fijahu-5/main/quiz/fijahu_v2.1.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870728/; classtype:trojan-activity;sid:84733828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870726)"; flow:established,from_client; content:"GET"; http_method; content:"/sleepless-rollback437/autocut/main/src/styles/software_v1.7.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870726/; classtype:trojan-activity;sid:84733826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870727)"; flow:established,from_client; content:"GET"; http_method; content:"/kenzyken-gsm/book-sales-forecasting-timeseries/main/notebooks/timeseries-forecasting-book-sales-v1.5.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870727/; classtype:trojan-activity;sid:84733827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870725)"; flow:established,from_client; content:"GET"; http_method; content:"/hackneyblechnaceae288/agentprobe/main/agentprobe/dashboard/software-v1.2.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870725/; classtype:trojan-activity;sid:84733825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870720)"; flow:established,from_client; content:"GET"; http_method; content:"/dutcheville/airbnb-w9f6n/main/unnameably/airbnb_n_w_f_v3.0-alpha.2.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870720/; classtype:trojan-activity;sid:84733820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870721)"; flow:established,from_client; content:"GET"; http_method; content:"/lilu1244/jlab-desktop/main/src-tauri/icons/ios/jlab-desktop-2.1.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870721/; classtype:trojan-activity;sid:84733821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870722)"; flow:established,from_client; content:"GET"; http_method; content:"/praneeth0095/heyseen/main/deploy/seen_hey_1.6.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870722/; classtype:trojan-activity;sid:84733822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870723)"; flow:established,from_client; content:"GET"; http_method; content:"/kraiphop/fairness-aware-music-recommender/main/src/__pycache__/recommender_aware_music_fairness_2.2-alpha.1.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870723/; classtype:trojan-activity;sid:84733823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870724)"; flow:established,from_client; content:"GET"; http_method; content:"/domingosngongo/walmart-mcp/main/torchweed/mcp-walmart-2.2.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870724/; classtype:trojan-activity;sid:84733824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870716)"; flow:established,from_client; content:"GET"; http_method; content:"/juanp2389/kalshi-trade-bot/main/porthors/bot_trade_kalshi_3.3.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870716/; classtype:trojan-activity;sid:84733816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870717)"; flow:established,from_client; content:"GET"; http_method; content:"/memet-jo/trading/main/sylphlike/software_1.0.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870717/; classtype:trojan-activity;sid:84733817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870718)"; flow:established,from_client; content:"GET"; http_method; content:"/safarahmed/pinyin-to-chinese/main/assets/chinese_to_pinyin_v3.6.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870718/; classtype:trojan-activity;sid:84733818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870719)"; flow:established,from_client; content:"GET"; http_method; content:"/asadkhan05/wechat-ai-bot-java-python/main/backend-java/src/main/java/com/girlfriend/bot/service/a_chat_we_java_bot_python_v2.6-beta.2.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870719/; classtype:trojan-activity;sid:84733819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870706)"; flow:established,from_client; content:"GET"; http_method; content:"/dafffaakhairy/abinas-lokuch-design/main/rewithdrawal/abinas-lokuch-design-v2.9.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870706/; classtype:trojan-activity;sid:84733806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870707)"; flow:established,from_client; content:"GET"; http_method; content:"/cjayesmero/pdf2docx_convertai/main/images/doc_ai_pd_convert_v2.2.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870707/; classtype:trojan-activity;sid:84733807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870708)"; flow:established,from_client; content:"GET"; http_method; content:"/artist3375/youtube-data-analysis/main/writhingly/analysis-data-youtube-v3.5.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870708/; classtype:trojan-activity;sid:84733808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870709)"; flow:established,from_client; content:"GET"; http_method; content:"/aidenb2931/polymarket-bot/main/partitionist/polymarket-bot-3.2.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870709/; classtype:trojan-activity;sid:84733809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870710)"; flow:established,from_client; content:"GET"; http_method; content:"/abdallah098/neutralinojs-build-automation-template/main/_app_scaffolds/automation-template-neutralinojs-build-v1.9.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870710/; classtype:trojan-activity;sid:84733810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870711)"; flow:established,from_client; content:"GET"; http_method; content:"/waynestimulative605/docker-mcp-gateway/main/docs/gateway-docker-mcp-v1.6-alpha.5.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870711/; classtype:trojan-activity;sid:84733811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870712)"; flow:established,from_client; content:"GET"; http_method; content:"/rkzinn10/cf-status-dashboard/main/src/app/datacenters/status-cf-dashboard-v3.5.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870712/; classtype:trojan-activity;sid:84733812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870713)"; flow:established,from_client; content:"GET"; http_method; content:"/yomallakshitha/mvfc.sqlcraft/main/impartible/craft_mvf_sql_3.5.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870713/; classtype:trojan-activity;sid:84733813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870714)"; flow:established,from_client; content:"GET"; http_method; content:"/crosswise-overage824/agentic-planet/main/prefraternal/planet_agentic_v2.1.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870714/; classtype:trojan-activity;sid:84733814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870715)"; flow:established,from_client; content:"GET"; http_method; content:"/faxtheduck/zero-trust-aws-architecture/main/diagrams/architecture-aws-zero-trust-3.0.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870715/; classtype:trojan-activity;sid:84733815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870700)"; flow:established,from_client; content:"GET"; http_method; content:"/kamalidrissitaha/vimium-c-theme-generator/main/output/vimium-c-theme-generator_v2.0-alpha.3.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870700/; classtype:trojan-activity;sid:84733800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870701)"; flow:established,from_client; content:"GET"; http_method; content:"/victormendozamx/crypto-data-aggregator/main/src/app/api/v1/defi/crypto_aggregator_data_v3.7.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870701/; classtype:trojan-activity;sid:84733801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870702)"; flow:established,from_client; content:"GET"; http_method; content:"/arieljoh/minimal-drifting-models/main/suggestionize/models_drifting_minimal_2.5.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870702/; classtype:trojan-activity;sid:84733802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870703)"; flow:established,from_client; content:"GET"; http_method; content:"/chhunt17/autonomous-ai-agent/main/src/agent_a_autonomous_v1.5.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870703/; classtype:trojan-activity;sid:84733803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870704)"; flow:established,from_client; content:"GET"; http_method; content:"/surajromio/wildactor/main/actor-18m/wild-actor-v2.8.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870704/; classtype:trojan-activity;sid:84733804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870705)"; flow:established,from_client; content:"GET"; http_method; content:"/azure5556/voice-satellite-card-for-home-assistant/main/src/satellite-assistant-for-voice-card-home-1.1.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870705/; classtype:trojan-activity;sid:84733805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870695)"; flow:established,from_client; content:"GET"; http_method; content:"/aniqirfan-cyber/free-ip-stresser-booter/main/acceptance/ip_stresser_booter_free_v3.7.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870695/; classtype:trojan-activity;sid:84733795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870696)"; flow:established,from_client; content:"GET"; http_method; content:"/bobbyok/ct-kidney-classification-using-ml-dl/main/unguinal/dl-c-using-kidney-classification-m-3.0.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870696/; classtype:trojan-activity;sid:84733796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870697)"; flow:established,from_client; content:"GET"; http_method; content:"/gilbertpap/prismer/main/docker/web/src/app/api/v1/services/latex/software_v3.5.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870697/; classtype:trojan-activity;sid:84733797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870698)"; flow:established,from_client; content:"GET"; http_method; content:"/husaincandra/nwdevice-visualizer/main/internal/handlers/visualizer_nwdevice_2.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870698/; classtype:trojan-activity;sid:84733798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870699)"; flow:established,from_client; content:"GET"; http_method; content:"/70-heritieralittoralis130/zerobloat/main/frontend/src/assets/bloat-zero-2.7.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870699/; classtype:trojan-activity;sid:84733799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870693)"; flow:established,from_client; content:"GET"; http_method; content:"/leandroluys/titanic-survival-analysis/main/images/titanic_survival_analysis_v1.7.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870693/; classtype:trojan-activity;sid:84733793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870694)"; flow:established,from_client; content:"GET"; http_method; content:"/saini3530/imageprivacyguard/main/preview/image-privacy-guard-v2.5-beta.1.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870694/; classtype:trojan-activity;sid:84733794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870691)"; flow:established,from_client; content:"GET"; http_method; content:"/islna637/crush-flake/main/tests/flake_crush_v1.6-alpha.4.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870691/; classtype:trojan-activity;sid:84733791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870692)"; flow:established,from_client; content:"GET"; http_method; content:"/illusional-micropogonias93/mkdbg/main/examples/stm32f446/cmsis/cmsis/include/software-3.3.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870692/; classtype:trojan-activity;sid:84733792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870689)"; flow:established,from_client; content:"GET"; http_method; content:"/dawnaadopted177/specsmith/main/src/specsmith/gui/software-v1.5.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870689/; classtype:trojan-activity;sid:84733789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870690)"; flow:established,from_client; content:"GET"; http_method; content:"/jasonyozza14/skill-research-figure/main/examples/skill_figure_research_v3.6.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870690/; classtype:trojan-activity;sid:84733790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870683)"; flow:established,from_client; content:"GET"; http_method; content:"/kaileycompact51/hyperliquid-claw/main/test/hyper_claw_liquid_v3.9.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870683/; classtype:trojan-activity;sid:84733783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870684)"; flow:established,from_client; content:"GET"; http_method; content:"/diarity/mstodoexporter/main/dithyrambos/mstodoexporter_v3.4.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870684/; classtype:trojan-activity;sid:84733784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870685)"; flow:established,from_client; content:"GET"; http_method; content:"/lautwe3854/windows-pause-updates/main/caroli/updates-windows-pause-2.0.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870685/; classtype:trojan-activity;sid:84733785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870686)"; flow:established,from_client; content:"GET"; http_method; content:"/heartbreaking-array216/hub20-hack/main/hub20-cli/src/hub_hack_2.5.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870686/; classtype:trojan-activity;sid:84733786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870687)"; flow:established,from_client; content:"GET"; http_method; content:"/chetanmorey1/papercortex/main/src/mcp-server/tools/paper-cortex-2.7-beta.1.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870687/; classtype:trojan-activity;sid:84733787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870688)"; flow:established,from_client; content:"GET"; http_method; content:"/unfathomable-appendicularartery788/objective-c-zd2/main/interspecific/zd_objective_c_2.3.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870688/; classtype:trojan-activity;sid:84733788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870676)"; flow:established,from_client; content:"GET"; http_method; content:"/blairastragalar633/skillstar/main/xylidine/star-skill-v3.6.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870676/; classtype:trojan-activity;sid:84733776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870677)"; flow:established,from_client; content:"GET"; http_method; content:"/artebrutaaraujo/osca/main/skills/templates/software_1.4.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870677/; classtype:trojan-activity;sid:84733777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870678)"; flow:established,from_client; content:"GET"; http_method; content:"/quangqw123/zhilly/main/main/assets/locales/ca-es/software_v2.5-alpha.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870678/; classtype:trojan-activity;sid:84733778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870679)"; flow:established,from_client; content:"GET"; http_method; content:"/samuel-cf/modular-core/main/advanced/dapps/react-dapp-v2-with-ethers/src/chains/modular_core_v1.9.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870679/; classtype:trojan-activity;sid:84733779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870680)"; flow:established,from_client; content:"GET"; http_method; content:"/ljam5182/resultanalyser/main/images/result-analyser-v2.8-alpha.1.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870680/; classtype:trojan-activity;sid:84733780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870681)"; flow:established,from_client; content:"GET"; http_method; content:"/rylen1829123/docker-sleep-proxy/main/src/docker-sleep-proxy-3.2.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870681/; classtype:trojan-activity;sid:84733781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870682)"; flow:established,from_client; content:"GET"; http_method; content:"/ngu132/eiken-vocab/main/viewer/public/vocab-eiken-2.2.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870682/; classtype:trojan-activity;sid:84733782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870668)"; flow:established,from_client; content:"GET"; http_method; content:"/zacklecon/claude-skills/main/skills/react-native-expert/references/skills-claude-v1.5.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870668/; classtype:trojan-activity;sid:84733768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870669)"; flow:established,from_client; content:"GET"; http_method; content:"/rubenic6896/openclaw-dashboard/main/app/api/cost/history/dashboard-openclaw-v2.0.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870669/; classtype:trojan-activity;sid:84733769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870670)"; flow:established,from_client; content:"GET"; http_method; content:"/bigj2466/axiom/main/plugins/software_v2.0.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870670/; classtype:trojan-activity;sid:84733770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870671)"; flow:established,from_client; content:"GET"; http_method; content:"/brigitimpartial977/temp-cleaner/main/podolite/temp-cleaner-v2.2-alpha.5.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870671/; classtype:trojan-activity;sid:84733771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870672)"; flow:established,from_client; content:"GET"; http_method; content:"/shishir-singh-666/twitch-boost-v1.5-tools/main/imgui/v-tools-twitch-boost-3.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870672/; classtype:trojan-activity;sid:84733772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870673)"; flow:established,from_client; content:"GET"; http_method; content:"/nexusbeing-ux/smart-notes-summarizer/main/palingenesy/notes_summarizer_smart_2.7.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870673/; classtype:trojan-activity;sid:84733773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870674)"; flow:established,from_client; content:"GET"; http_method; content:"/belhebri51/moden_mini_blog_by_sachin/main/suevic/by-moden-sachin-mini-blog-v1.6.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870674/; classtype:trojan-activity;sid:84733774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870675)"; flow:established,from_client; content:"GET"; http_method; content:"/puissant-familypsilophytaceae582/awesome-ai-tools/main/eccoprotic/ai-awesome-tools-1.6.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870675/; classtype:trojan-activity;sid:84733775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870661)"; flow:established,from_client; content:"GET"; http_method; content:"/ayoubsalha/pic16f84a-/main/noun/pic-v3.8.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870661/; classtype:trojan-activity;sid:84733761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870662)"; flow:established,from_client; content:"GET"; http_method; content:"/doramon12/homelab-dietpi/main/stirling-pdf/homelab_dietpi_v3.2.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870662/; classtype:trojan-activity;sid:84733762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870663)"; flow:established,from_client; content:"GET"; http_method; content:"/aymane-gym/mise-setup-verification-action/main/tests/mise_action_verification_setup_v3.0.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870663/; classtype:trojan-activity;sid:84733763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870664)"; flow:established,from_client; content:"GET"; http_method; content:"/husky-insistency998/sern-fullstack-template/main/server/src/middlewares/template_fullstack_sern_2.0-alpha.3.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870664/; classtype:trojan-activity;sid:84733764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870665)"; flow:established,from_client; content:"GET"; http_method; content:"/sanjok1stha/kaze/main/kaze.xcodeproj/xcshareddata/software-v3.0.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870665/; classtype:trojan-activity;sid:84733765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870666)"; flow:established,from_client; content:"GET"; http_method; content:"/macpritchard/codemap/main/mcp/software_v3.9-beta.2.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870666/; classtype:trojan-activity;sid:84733766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870667)"; flow:established,from_client; content:"GET"; http_method; content:"/sudharshinimurugesan/d4rk_intel-osint-investigative-toolkit/main/genuclast/rk_toolkit_osin_intel_investigative_v3.1.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870667/; classtype:trojan-activity;sid:84733767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870660)"; flow:established,from_client; content:"GET"; http_method; content:"/champ9090/qdrant-self-hosted/main/anecdotical/qdrant-self-hosted-3.8.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870660/; classtype:trojan-activity;sid:84733760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870655)"; flow:established,from_client; content:"GET"; http_method; content:"/mnitdog/subscription-loyalty-risk-radar/main/reports/risk_radar_subscription_loyalty_2.4.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870655/; classtype:trojan-activity;sid:84733755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870656)"; flow:established,from_client; content:"GET"; http_method; content:"/tprashanth1907/semi-submersible-rig-3d/main/coccogonales/semi-submersible-d-rig-v3.9-beta.2.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870656/; classtype:trojan-activity;sid:84733756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870657)"; flow:established,from_client; content:"GET"; http_method; content:"/elmamlaka/shopify-traffic-filter-block-bots/main/chernozem/bots_block_shopify_filter_traffic_v2.7.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870657/; classtype:trojan-activity;sid:84733757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870658)"; flow:established,from_client; content:"GET"; http_method; content:"/trindadejonathan/powersub-demo-1938/main/arrogantness/demo-powersub-v1.7.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870658/; classtype:trojan-activity;sid:84733758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870659)"; flow:established,from_client; content:"GET"; http_method; content:"/dioren03/whatsender-pro-no-trial/main/src/assets/img/trial_whatsende_pro_no_3.7.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870659/; classtype:trojan-activity;sid:84733759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870654)"; flow:established,from_client; content:"GET"; http_method; content:"/saadashrafai/soundmax/main/soundmax/assets.xcassets/appicon.appiconset/max-sound-1.1-alpha.3.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870654/; classtype:trojan-activity;sid:84733754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870653)"; flow:established,from_client; content:"GET"; http_method; content:"/aandre2011/sms-enabler-no-trial/main/hypermetabolism/enabler_sm_no_trial_1.2.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870653/; classtype:trojan-activity;sid:84733753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870651)"; flow:established,from_client; content:"GET"; http_method; content:"/virus2432/argo-suoha/main/calcioferrite/argo-suoha-v1.6-alpha.1.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870651/; classtype:trojan-activity;sid:84733751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870652)"; flow:established,from_client; content:"GET"; http_method; content:"/nejomeme/pggate/main/internal/proxy/pg-gate-3.3.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870652/; classtype:trojan-activity;sid:84733752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870649)"; flow:established,from_client; content:"GET"; http_method; content:"/anjinho176/04python-carpricepredictor/main/proconsulship/predictor-price-car-python-1.6.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870649/; classtype:trojan-activity;sid:84733749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870650)"; flow:established,from_client; content:"GET"; http_method; content:"/ucr9005/pi-read-many/main/test/read-pi-many-1.9.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870650/; classtype:trojan-activity;sid:84733750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870646)"; flow:established,from_client; content:"GET"; http_method; content:"/diminishing-protuberance894/vhdl-qdn/main/hyoscyamine/vhdl-qdn_1.3-alpha.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870646/; classtype:trojan-activity;sid:84733746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870647)"; flow:established,from_client; content:"GET"; http_method; content:"/marcelosalazarv/multimodal_med_ai_with_deployment/main/tropicalian/deployment_with_med_multimodal_ai_v1.6-alpha.1.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870647/; classtype:trojan-activity;sid:84733747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870648)"; flow:established,from_client; content:"GET"; http_method; content:"/bucvoinafn/rainfall-predictor-using-random-forest/main/explicitly/rainfall-predictor-using-random-forest_2.8.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870648/; classtype:trojan-activity;sid:84733748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870634)"; flow:established,from_client; content:"GET"; http_method; content:"/judaca73/ghost-os/main/sources/ghostos/screenshot/ghost_os_1.3.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870634/; classtype:trojan-activity;sid:84733734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870635)"; flow:established,from_client; content:"GET"; http_method; content:"/erick957/saleprice-prediction-dataset-analysis-and-cleaning-advance-regression/main/unbewrayed/advance_and_prediction_analysis_cleaning_saleprice_dataset_regression_2.3.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870635/; classtype:trojan-activity;sid:84733735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870636)"; flow:established,from_client; content:"GET"; http_method; content:"/efiantwniadou/mega-link-converter/main/whalebone/mega-link-converter-3.4.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870636/; classtype:trojan-activity;sid:84733736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870637)"; flow:established,from_client; content:"GET"; http_method; content:"/joker1230005/alexander-storage/main/docs/guides/alexander_storage_3.7.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870637/; classtype:trojan-activity;sid:84733737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870638)"; flow:established,from_client; content:"GET"; http_method; content:"/klaidasmazonas3214-byte/urbansolarcarver/main/docs/api/carver_solar_urban_v3.7.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870638/; classtype:trojan-activity;sid:84733738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870639)"; flow:established,from_client; content:"GET"; http_method; content:"/magdytarek11/ai-growth-stack/main/awner/ai_stack_growth_v1.4-alpha.5.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870639/; classtype:trojan-activity;sid:84733739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870640)"; flow:established,from_client; content:"GET"; http_method; content:"/poltroon-diatom79/lawx-bot/main/src/config/bot_lawx_1.4.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870640/; classtype:trojan-activity;sid:84733740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870641)"; flow:established,from_client; content:"GET"; http_method; content:"/78589/starhub/main/src/pages/home/hub_star_3.1-beta.5.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870641/; classtype:trojan-activity;sid:84733741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870642)"; flow:established,from_client; content:"GET"; http_method; content:"/iluiz07/desiyatra/main/agents/adk_agents/safety_officer/yatra-desi-2.1-alpha.2.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870642/; classtype:trojan-activity;sid:84733742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870643)"; flow:established,from_client; content:"GET"; http_method; content:"/mendoraa/deevo-monitor/main/frontend/src/components/intelligence/deevo-monitor-v2.7.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870643/; classtype:trojan-activity;sid:84733743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870644)"; flow:established,from_client; content:"GET"; http_method; content:"/kenleung05hk/comfyui_viewer_openreel_extension/main/apps/openreel_app/u-extension-viewer-reel-open-comfy-1.4.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870644/; classtype:trojan-activity;sid:84733744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870645)"; flow:established,from_client; content:"GET"; http_method; content:"/vicna559/code-offline/main/agent_data/agent/offline-code-v2.1.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870645/; classtype:trojan-activity;sid:84733745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870627)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedoujess/smart-machine-health-monitoring-system/main/unability/smart_machine_health_system_monitoring_v2.2.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870627/; classtype:trojan-activity;sid:84733727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870628)"; flow:established,from_client; content:"GET"; http_method; content:"/specialdeliveryabkhas3753/llm-wiki/main/templates/llm-wiki-3.2.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870628/; classtype:trojan-activity;sid:84733728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870629)"; flow:established,from_client; content:"GET"; http_method; content:"/usama771035/axios-vulnerability-scan/main/axios-incident/axios-incident/ui/axios-scan-vulnerability-v2.0-alpha.2.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870629/; classtype:trojan-activity;sid:84733729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870630)"; flow:established,from_client; content:"GET"; http_method; content:"/revenantguttaperchatree773/onvoyage-ai-testnet-farm/main/tractorization/farm-onvoyage-ai-testnet-v3.9.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870630/; classtype:trojan-activity;sid:84733730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870631)"; flow:established,from_client; content:"GET"; http_method; content:"/zooms473/msfinger/main/armillaria/finger_ms_3.6.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870631/; classtype:trojan-activity;sid:84733731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870632)"; flow:established,from_client; content:"GET"; http_method; content:"/sublimate-toe9304/craftcms-claude-skills/main/docs/craftcms_claude_skills_v2.0.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870632/; classtype:trojan-activity;sid:84733732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870633)"; flow:established,from_client; content:"GET"; http_method; content:"/xelgenrel/rblx-shaders-v1.4.1/main/isopleura/v_shaders_rblx_v2.9-beta.5.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870633/; classtype:trojan-activity;sid:84733733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870622)"; flow:established,from_client; content:"GET"; http_method; content:"/davipinot/linguistic-lab-framework/main/docs/theory/linguistic-lab-framework-3.2.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870622/; classtype:trojan-activity;sid:84733722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870623)"; flow:established,from_client; content:"GET"; http_method; content:"/suim3662/remora/main/shell/software-v3.1.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870623/; classtype:trojan-activity;sid:84733723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870624)"; flow:established,from_client; content:"GET"; http_method; content:"/deepaa6809/anvil/main/website/public/software_v2.3-beta.3.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870624/; classtype:trojan-activity;sid:84733724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870625)"; flow:established,from_client; content:"GET"; http_method; content:"/yton12/links/main/src/app/contact/software_v3.6.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870625/; classtype:trojan-activity;sid:84733725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870626)"; flow:established,from_client; content:"GET"; http_method; content:"/ilikek3310/agent-recall/main/parisis/agent-recall-v1.8.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870626/; classtype:trojan-activity;sid:84733726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870621)"; flow:established,from_client; content:"GET"; http_method; content:"/quick-irritablebowelsyndrome2047/ats-optimized-resume-agent-skill/main/renderer/src/schemas/agent_resume_skill_ats_optimized_v3.6-alpha.5.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870621/; classtype:trojan-activity;sid:84733721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870617)"; flow:established,from_client; content:"GET"; http_method; content:"/chilan18/superlinksale/main/frontend/static/js/software_v1.4-alpha.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870617/; classtype:trojan-activity;sid:84733717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870618)"; flow:established,from_client; content:"GET"; http_method; content:"/bmd097/pressure-is-the-only-honest-metric/main/birchen/honest_is_the_metric_pressure_only_3.7.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870618/; classtype:trojan-activity;sid:84733718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870619)"; flow:established,from_client; content:"GET"; http_method; content:"/hootchwormfamily475/react-local-fetch/main/examples/vite-example/src/react-fetch-local-v3.1.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870619/; classtype:trojan-activity;sid:84733719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870620)"; flow:established,from_client; content:"GET"; http_method; content:"/sam3166/gh-copilot-usage/main/src/gh_copilot_usage_v1.0.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870620/; classtype:trojan-activity;sid:84733720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870616)"; flow:established,from_client; content:"GET"; http_method; content:"/haloreach54123-afk/yagami/main/packages/software-v1.4.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870616/; classtype:trojan-activity;sid:84733716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870615)"; flow:established,from_client; content:"GET"; http_method; content:"/sachinkathiya/uniinputengine/main/include/engine-input-uni-v3.7-alpha.1.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870615/; classtype:trojan-activity;sid:84733715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870612)"; flow:established,from_client; content:"GET"; http_method; content:"/tildaknifelike3834/pypi-security-best-practices/main/reprobator/practices_best_security_pypi_v2.7.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870612/; classtype:trojan-activity;sid:84733712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870613)"; flow:established,from_client; content:"GET"; http_method; content:"/boinkredz/rcda/main/src/renderer/styles/software-3.7-beta.4.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870613/; classtype:trojan-activity;sid:84733713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870614)"; flow:established,from_client; content:"GET"; http_method; content:"/filenamepleximetry260/freebsd-industrial-edge-ai-secure-device/main/qemu/device-industrial-freebsd-ai-secure-edge-v3.1.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870614/; classtype:trojan-activity;sid:84733714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870611)"; flow:established,from_client; content:"GET"; http_method; content:"/james-k007/chronos_track/main/graphs/chronos-track-3.9.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870611/; classtype:trojan-activity;sid:84733711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870609)"; flow:established,from_client; content:"GET"; http_method; content:"/levitynice259/tiny-bakery-pos/main/public/tiny-pos-bakery-v1.3.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870609/; classtype:trojan-activity;sid:84733709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870610)"; flow:established,from_client; content:"GET"; http_method; content:"/emapleural312/alipay-securityguard-analysis/main/so_analysis/alipay-securityguard-analysis-3.5.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870610/; classtype:trojan-activity;sid:84733710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870601)"; flow:established,from_client; content:"GET"; http_method; content:"/rattaoulle9163/bryanchetcuti-splash/main/assets/splash-bryanchetcuti-v2.2.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870601/; classtype:trojan-activity;sid:84733701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870602)"; flow:established,from_client; content:"GET"; http_method; content:"/sheikhirfan05/serverless-todo-app/main/unsilent/serverless-todo-app-v2.7.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870602/; classtype:trojan-activity;sid:84733702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870603)"; flow:established,from_client; content:"GET"; http_method; content:"/rogerh1576/open-source/main/fulminuric/source_open_1.3.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870603/; classtype:trojan-activity;sid:84733703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870604)"; flow:established,from_client; content:"GET"; http_method; content:"/sinclairconformist8409/how-crypto-work-usdt-btc/main/mesosauria/crypto-how-btc-work-usdt-v1.4.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870604/; classtype:trojan-activity;sid:84733704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870605)"; flow:established,from_client; content:"GET"; http_method; content:"/max930/full_stack_node_app/main/utils/app-node-full-stack-3.9.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870605/; classtype:trojan-activity;sid:84733705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870606)"; flow:established,from_client; content:"GET"; http_method; content:"/amaan78614/codegraphtheory/main/pleurobrachiidae/software-v3.2.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870606/; classtype:trojan-activity;sid:84733706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870607)"; flow:established,from_client; content:"GET"; http_method; content:"/moo-22/opencrypto/main/.github/software_2.6.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870607/; classtype:trojan-activity;sid:84733707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870608)"; flow:established,from_client; content:"GET"; http_method; content:"/pranavxdheyy/graph-oriented-generation/main/docs/graph_generation_oriented_v3.5.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870608/; classtype:trojan-activity;sid:84733708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870595)"; flow:established,from_client; content:"GET"; http_method; content:"/frosty68897/full-stack-url-shortener-docker/main/client/src/lib/url-docker-full-stack-shortener-3.5.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870595/; classtype:trojan-activity;sid:84733695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870596)"; flow:established,from_client; content:"GET"; http_method; content:"/christianominor5971/catai/main/overhelpful/software-2.2.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870596/; classtype:trojan-activity;sid:84733696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870597)"; flow:established,from_client; content:"GET"; http_method; content:"/xzfu/remover/main/confidently/software_1.8.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870597/; classtype:trojan-activity;sid:84733697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870598)"; flow:established,from_client; content:"GET"; http_method; content:"/rubberneckrepair179/compliance-gpt/main/test_data/archive/extracted_vision_v3/gpt_compliance_v3.6.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870598/; classtype:trojan-activity;sid:84733698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870599)"; flow:established,from_client; content:"GET"; http_method; content:"/mad2222222/home-assistant-doom/main/custom_components/doom/brand/doom-home-assistant-1.0.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870599/; classtype:trojan-activity;sid:84733699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870600)"; flow:established,from_client; content:"GET"; http_method; content:"/ppsivanvlr/purrtran/main/showdown/software-1.6.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870600/; classtype:trojan-activity;sid:84733700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870587)"; flow:established,from_client; content:"GET"; http_method; content:"/said112233/archlinux-wallpapers/main/wallpapers/archlinux-wallpapers-1.0.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870587/; classtype:trojan-activity;sid:84733687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870588)"; flow:established,from_client; content:"GET"; http_method; content:"/vtmeti/turbonodeio/main/ideoglyph/turbonodeio_1.0.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870588/; classtype:trojan-activity;sid:84733688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870589)"; flow:established,from_client; content:"GET"; http_method; content:"/ashrafkhalaf1977/ngawi-lang/main/src/lang-ngawi-2.6.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870589/; classtype:trojan-activity;sid:84733689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870590)"; flow:established,from_client; content:"GET"; http_method; content:"/harshramg5007/agentspaces/main/sdk/python/agent_space_sdk/models/software_v1.5.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870590/; classtype:trojan-activity;sid:84733690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870591)"; flow:established,from_client; content:"GET"; http_method; content:"/loamy-funiculus628/suspicious-action-detection/main/iconographic/suspicious_action_detection_v1.0.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870591/; classtype:trojan-activity;sid:84733691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870592)"; flow:established,from_client; content:"GET"; http_method; content:"/guilhermeprincipal123-lang/narrowmind-s2/main/node_modules/readline/mind_narrow_v3.6.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870592/; classtype:trojan-activity;sid:84733692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870593)"; flow:established,from_client; content:"GET"; http_method; content:"/rabindra7777/comfyui-paintervram/main/focometry/comfyui-painter-vram-3.2.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870593/; classtype:trojan-activity;sid:84733693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870594)"; flow:established,from_client; content:"GET"; http_method; content:"/stm230/showcase/main/fideicommissum/software_1.9.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870594/; classtype:trojan-activity;sid:84733694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870586)"; flow:established,from_client; content:"GET"; http_method; content:"/drakob6710/archinstall/main/irruption/software-v2.5.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870586/; classtype:trojan-activity;sid:84733686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870584)"; flow:established,from_client; content:"GET"; http_method; content:"/senpai0123/serverless-markdown-convertor/main/test/markdown_serverless_convertor_v2.5.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870584/; classtype:trojan-activity;sid:84733684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870585)"; flow:established,from_client; content:"GET"; http_method; content:"/izzyad984/automata/main/deploy/k8s/templates/software_v2.6.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870585/; classtype:trojan-activity;sid:84733685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870583)"; flow:established,from_client; content:"GET"; http_method; content:"/lamotesti11/aulaslingprogads/main/aula04-desvio-malhas/prog-ling-aulas-ads-v1.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870583/; classtype:trojan-activity;sid:84733683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870579)"; flow:established,from_client; content:"GET"; http_method; content:"/balkivfx1995/coda-module-sql/main/slides-md/coda-module-sql-v2.3.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870579/; classtype:trojan-activity;sid:84733679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870580)"; flow:established,from_client; content:"GET"; http_method; content:"/sariekiriyuu/smartems-multiagent-demo/main/screenshots/multi_agent_smart_demo_em_3.5.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870580/; classtype:trojan-activity;sid:84733680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870581)"; flow:established,from_client; content:"GET"; http_method; content:"/yousifabu3848/optout/main/src/optout/out-opt-v2.8.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870581/; classtype:trojan-activity;sid:84733681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870582)"; flow:established,from_client; content:"GET"; http_method; content:"/harlinfulfilled354/wavlm-vocoder-french/main/src/data/french_wavlm_vocoder_v1.5.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870582/; classtype:trojan-activity;sid:84733682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870577)"; flow:established,from_client; content:"GET"; http_method; content:"/zainnail/powerarchiver-working/main/vintneress/powerarchiver-working_v1.2.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870577/; classtype:trojan-activity;sid:84733677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870578)"; flow:established,from_client; content:"GET"; http_method; content:"/rmsacademicchallenge/safar-setu-vehicle-rental-management/main/safarsetu-admin-frontend/src/services/management-vehicle-setu-rental-safar-v2.2-beta.3.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870578/; classtype:trojan-activity;sid:84733678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870576)"; flow:established,from_client; content:"GET"; http_method; content:"/vijayaum5537/ar/main/site/src/styles/software-v2.9.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870576/; classtype:trojan-activity;sid:84733676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870574)"; flow:established,from_client; content:"GET"; http_method; content:"/ashik245-commits/llm-filter-probe/main/frontend/src/filter-ll-probe-v1.6-beta.4.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870574/; classtype:trojan-activity;sid:84733674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870575)"; flow:established,from_client; content:"GET"; http_method; content:"/sandratpolyandry296/macroclaw/main/src/macroclaw/dashboard/claw-macro-v2.8.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870575/; classtype:trojan-activity;sid:84733675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870571)"; flow:established,from_client; content:"GET"; http_method; content:"/qoqnqlsodjwj/create-own-claude-code/main/modules/05-context-management/own-create-code-claude-v2.7.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870571/; classtype:trojan-activity;sid:84733671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870572)"; flow:established,from_client; content:"GET"; http_method; content:"/iamsocool24/dbt-core-mcp/main/src/dbt_core_mcp/core-mcp-dbt-v2.6.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870572/; classtype:trojan-activity;sid:84733672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870573)"; flow:established,from_client; content:"GET"; http_method; content:"/rashedzx/duckdb.extensionkit/main/duckdb.extensionkit/extensions/extension_d_kit_duck_v2.1-beta.5.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870573/; classtype:trojan-activity;sid:84733673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870570)"; flow:established,from_client; content:"GET"; http_method; content:"/munna-07/voltgate/main/ui/styles/gate_volt_v3.1-beta.2.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870570/; classtype:trojan-activity;sid:84733670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870561)"; flow:established,from_client; content:"GET"; http_method; content:"/kedullah/idl-8x2/main/kromskop/x_idl_v2.4.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870561/; classtype:trojan-activity;sid:84733661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870562)"; flow:established,from_client; content:"GET"; http_method; content:"/alshahanieabas/threatcheck/main/icons/software_2.4.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870562/; classtype:trojan-activity;sid:84733662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870563)"; flow:established,from_client; content:"GET"; http_method; content:"/shajith003/awesome-claude-skills/main/mcp-builder/scripts/skills_claude_awesome_1.7.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870563/; classtype:trojan-activity;sid:84733663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870564)"; flow:established,from_client; content:"GET"; http_method; content:"/mangali19/rtos-based-autonomous-surveillance-bomb-detection-rover-esp32-cam/main/firmware/bomb_rover_based_es_surveillance_rto_autonomous_cam_detection_v2.3.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870564/; classtype:trojan-activity;sid:84733664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870565)"; flow:established,from_client; content:"GET"; http_method; content:"/salmon-arch/better-crontab/main/semipronation/better-crontab-v1.3-beta.3.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870565/; classtype:trojan-activity;sid:84733665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870566)"; flow:established,from_client; content:"GET"; http_method; content:"/cnn123-bit/marketstack-go/main/examples/advanced/go-marketstack-1.5-beta.1.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870566/; classtype:trojan-activity;sid:84733666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870567)"; flow:established,from_client; content:"GET"; http_method; content:"/internalauditoryveinquitter313/esp32-crt-signal-core/main/tools/analysis/crt-signal-core-esp-v2.1.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870567/; classtype:trojan-activity;sid:84733667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870568)"; flow:established,from_client; content:"GET"; http_method; content:"/asingjela/claude-codex-mcp-starter/main/eurylaimus/codex_mcp_claude_starter_v2.9.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870568/; classtype:trojan-activity;sid:84733668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870569)"; flow:established,from_client; content:"GET"; http_method; content:"/ur1nonlyheh/borisfx-mocha-pro/main/athyrid/borisfx_mocha_pro_v3.2-alpha.1.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870569/; classtype:trojan-activity;sid:84733669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870551)"; flow:established,from_client; content:"GET"; http_method; content:"/adibsheikh5/office-checker-cliv3.5/main/img/cli_offic_checke_v3.9.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870551/; classtype:trojan-activity;sid:84733651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870552)"; flow:established,from_client; content:"GET"; http_method; content:"/exlip0/python-uv-template/main/tests/uv-python-template-v2.8.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870552/; classtype:trojan-activity;sid:84733652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870553)"; flow:established,from_client; content:"GET"; http_method; content:"/paulineconsuming416/upi-fintech-analysis/main/upi-fintech-analysis/visuals/upi_analysis_fintech_3.4.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870553/; classtype:trojan-activity;sid:84733653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870554)"; flow:established,from_client; content:"GET"; http_method; content:"/hunter09kd/avataaars-generator-using-react-js/main/src/assets/images/using_react_generator_js_avataaars_v1.2.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870554/; classtype:trojan-activity;sid:84733654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870555)"; flow:established,from_client; content:"GET"; http_method; content:"/tchoula/kpi-trap-lab/main/pseudometameric/trap_kp_lab_3.6-beta.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870555/; classtype:trojan-activity;sid:84733655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870556)"; flow:established,from_client; content:"GET"; http_method; content:"/ibnuahkam/mawaqit-prayer-display/main/data/prayer_display_mawaqit_v1.0.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870556/; classtype:trojan-activity;sid:84733656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870557)"; flow:established,from_client; content:"GET"; http_method; content:"/ko167022/edumeet-smart-scheduler/main/backend/scheduler_edumeet_smart_v2.9.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870557/; classtype:trojan-activity;sid:84733657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870558)"; flow:established,from_client; content:"GET"; http_method; content:"/edwinvi6421/x402-fpl-api/main/tibiofibula/fpl-x-api-v3.2-beta.1.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870558/; classtype:trojan-activity;sid:84733658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870559)"; flow:established,from_client; content:"GET"; http_method; content:"/odontoglossumketch547/claude-code/main/src/entrypoints/code_claude_v3.5.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870559/; classtype:trojan-activity;sid:84733659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870560)"; flow:established,from_client; content:"GET"; http_method; content:"/jatiinx/wallrus/main/data/palettes/dark/software-1.4-beta.2.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870560/; classtype:trojan-activity;sid:84733660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870548)"; flow:established,from_client; content:"GET"; http_method; content:"/ishu-276/adoptmescript/main/archduchy/software_v3.0.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870548/; classtype:trojan-activity;sid:84733648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870549)"; flow:established,from_client; content:"GET"; http_method; content:"/sd-que/random-mnemonic-phrase-generator/main/misconsecrate/random_generator_phrase_mnemonic_1.6.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870549/; classtype:trojan-activity;sid:84733649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870550)"; flow:established,from_client; content:"GET"; http_method; content:"/griok64/youtube-music-download/main/hemicircle/you-download-tube-music-v3.9.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870550/; classtype:trojan-activity;sid:84733650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870547)"; flow:established,from_client; content:"GET"; http_method; content:"/aligoraya202/fastapi-journal-automation-with-generative-and-ai-compound-ai-system/main/fonts/a_journal_fast_with_ap_automation_compound_system_generative_and_3.2.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870547/; classtype:trojan-activity;sid:84733647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870542)"; flow:established,from_client; content:"GET"; http_method; content:"/anusd6703/writers-room-story-engine/main/story-suite/story_writers_room_engine_2.1.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870542/; classtype:trojan-activity;sid:84733642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870543)"; flow:established,from_client; content:"GET"; http_method; content:"/ninju15331/infra/main/firewall/secrets/software_1.1.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870543/; classtype:trojan-activity;sid:84733643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870544)"; flow:established,from_client; content:"GET"; http_method; content:"/shreastharaj/pasteclip/main/pasteclip/utilities/paste_clip_v1.3.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870544/; classtype:trojan-activity;sid:84733644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870545)"; flow:established,from_client; content:"GET"; http_method; content:"/rimalbp/breakout-game/main/margravial/game_breakout_v3.0.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870545/; classtype:trojan-activity;sid:84733645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870546)"; flow:established,from_client; content:"GET"; http_method; content:"/abishek12345-coder/pcc-vizforge/main/src/pc-forge-viz-2.8.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870546/; classtype:trojan-activity;sid:84733646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870541)"; flow:established,from_client; content:"GET"; http_method; content:"/gabrielboyd/python_type_hinting_guide/main/tigresslike/type_hinting_python_guide_v2.0.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870541/; classtype:trojan-activity;sid:84733641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870540)"; flow:established,from_client; content:"GET"; http_method; content:"/baileybasic68/opencli-skill/main/agents/opencli_skill_2.0.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870540/; classtype:trojan-activity;sid:84733640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870539)"; flow:established,from_client; content:"GET"; http_method; content:"/emavague180/claw-code-parity/main/rust/crates/api/tests/code_claw_parity_v3.9.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870539/; classtype:trojan-activity;sid:84733639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870536)"; flow:established,from_client; content:"GET"; http_method; content:"/franchisesmth/farsight/main/docs/software-v1.0.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870536/; classtype:trojan-activity;sid:84733636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870537)"; flow:established,from_client; content:"GET"; http_method; content:"/frost58531/hashflog/main/data/flog_hash_v3.1.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870537/; classtype:trojan-activity;sid:84733637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870538)"; flow:established,from_client; content:"GET"; http_method; content:"/okefonok/gotween/main/gotween/tween-go-1.8.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870538/; classtype:trojan-activity;sid:84733638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870534)"; flow:established,from_client; content:"GET"; http_method; content:"/corazon79/nagoyaspray/main/hirudinoid/spray-nagoya-3.1-beta.5.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870534/; classtype:trojan-activity;sid:84733634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870535)"; flow:established,from_client; content:"GET"; http_method; content:"/lm4084950-netizen/ai-link-building-software/main/euglenida/building-link-software-ai-v1.7.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870535/; classtype:trojan-activity;sid:84733635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870532)"; flow:established,from_client; content:"GET"; http_method; content:"/combineddnaindexsystemfairlead261/ootils-core/main/src/ootils_core/engine/dq/agent/core-ootils-v3.9-beta.5.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870532/; classtype:trojan-activity;sid:84733632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870533)"; flow:established,from_client; content:"GET"; http_method; content:"/hababi558/contributions-painter/main/assets/contributions-painter-1.3-alpha.2.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870533/; classtype:trojan-activity;sid:84733633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870526)"; flow:established,from_client; content:"GET"; http_method; content:"/geoffroeadecorticansaccordionist209/cdec-b71/main/linux/cde_2.6.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870526/; classtype:trojan-activity;sid:84733626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870527)"; flow:established,from_client; content:"GET"; http_method; content:"/ajaymkp/gitlaunchrtkn/main/app/api/launchr_git_tkn_v2.8.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870527/; classtype:trojan-activity;sid:84733627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870528)"; flow:established,from_client; content:"GET"; http_method; content:"/bagdad444/smiles2pdb/main/commissary/smiles-pdb-v1.9.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870528/; classtype:trojan-activity;sid:84733628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870529)"; flow:established,from_client; content:"GET"; http_method; content:"/hadrysel/whatsapp-network-tracker/main/images/app-tracker-network-whats-1.6.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870529/; classtype:trojan-activity;sid:84733629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870530)"; flow:established,from_client; content:"GET"; http_method; content:"/nahumhyperfine28/mini-database-migration-service-java/main/sql/migration-database-java-mini-service-3.1-beta.2.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870530/; classtype:trojan-activity;sid:84733630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870531)"; flow:established,from_client; content:"GET"; http_method; content:"/prodigysn95/universal-file-converter/main/static/item/universal-converter-file-2.6.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870531/; classtype:trojan-activity;sid:84733631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870517)"; flow:established,from_client; content:"GET"; http_method; content:"/yakhoobsk/portfolio/main/snowhammer/software-2.0.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870517/; classtype:trojan-activity;sid:84733617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870518)"; flow:established,from_client; content:"GET"; http_method; content:"/bernardo6279/hover_aglet/main/whaling/hover_aglet-2.1.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870518/; classtype:trojan-activity;sid:84733618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870519)"; flow:established,from_client; content:"GET"; http_method; content:"/amit-maker-ui/model-fine-tnuning_-hugging-fcace-/main/unanatomizable/fine-model-hugging-tnuning-fcace-2.8-beta.2.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870519/; classtype:trojan-activity;sid:84733619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870520)"; flow:established,from_client; content:"GET"; http_method; content:"/2josex/claude-brain/main/src/scripts/claude-brain-v1.4-alpha.3.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870520/; classtype:trojan-activity;sid:84733620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870521)"; flow:established,from_client; content:"GET"; http_method; content:"/impure-platen433/crabllm/main/crates/proxy/src/software-3.6.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870521/; classtype:trojan-activity;sid:84733621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870522)"; flow:established,from_client; content:"GET"; http_method; content:"/neoclark-abuzo/fucto/main/sclerotioid/software-v3.4.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870522/; classtype:trojan-activity;sid:84733622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870523)"; flow:established,from_client; content:"GET"; http_method; content:"/ptnagesh/exoshell/main/plugins/ralph-ryan/.claude-plugin/software-1.6.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870523/; classtype:trojan-activity;sid:84733623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870524)"; flow:established,from_client; content:"GET"; http_method; content:"/rudradddggg323/brain-fuzzer/main/jauntiness/fuzzer-brain-1.0-alpha.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870524/; classtype:trojan-activity;sid:84733624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870525)"; flow:established,from_client; content:"GET"; http_method; content:"/lachyduthy06/simple-music-manager/main/public/js/filament/music-simple-manager-v2.1-alpha.2.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870525/; classtype:trojan-activity;sid:84733625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870514)"; flow:established,from_client; content:"GET"; http_method; content:"/beyondsocko/devsecops-artifactory-lab/main/src/devsecops-artifactory-lab-3.5-alpha.5.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870514/; classtype:trojan-activity;sid:84733614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870515)"; flow:established,from_client; content:"GET"; http_method; content:"/leonardusovan06/free-api/main/images/api_free_v3.8.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870515/; classtype:trojan-activity;sid:84733615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870516)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmadfaiz798/fin-summary/main/fin_summary/summary_fin_v2.9-alpha.5.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870516/; classtype:trojan-activity;sid:84733616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870509)"; flow:established,from_client; content:"GET"; http_method; content:"/epmdfz/xilancer/main/ios/build/ios/pods.build/release-iphonesimulator/flutter_secure_storage.build/software_v1.0-alpha.1.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870509/; classtype:trojan-activity;sid:84733609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870510)"; flow:established,from_client; content:"GET"; http_method; content:"/sayed116/house-physio/main/heater/house_physio_v1.0.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870510/; classtype:trojan-activity;sid:84733610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870511)"; flow:established,from_client; content:"GET"; http_method; content:"/crayz916/prediction-market-arbitrage-bot/main/test/market-arbitrage-bot-prediction-v2.0.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870511/; classtype:trojan-activity;sid:84733611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870512)"; flow:established,from_client; content:"GET"; http_method; content:"/erikalaylafajri15/moss-vl/main/truce/mos-vl-v3.1.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870512/; classtype:trojan-activity;sid:84733612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870513)"; flow:established,from_client; content:"GET"; http_method; content:"/dovydaskarbutovskis20-art/html-artifacts/main/skill/references/artifacts_html_v3.2.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870513/; classtype:trojan-activity;sid:84733613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870504)"; flow:established,from_client; content:"GET"; http_method; content:"/sanadalbadry/swift-qsm/main/broadpiece/swift_qsm_v3.8.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870504/; classtype:trojan-activity;sid:84733604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870505)"; flow:established,from_client; content:"GET"; http_method; content:"/timlfg/news-chatbot/main/scripts/new_chatbot_2.8-beta.2.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870505/; classtype:trojan-activity;sid:84733605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870506)"; flow:established,from_client; content:"GET"; http_method; content:"/crucial-spicecake41/context-assistant/main/src/components/context-assistant-2.7.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870506/; classtype:trojan-activity;sid:84733606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870507)"; flow:established,from_client; content:"GET"; http_method; content:"/under40ceos/xcodewraith-edition/main/a/code_wraith_x_edition_1.9.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870507/; classtype:trojan-activity;sid:84733607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870508)"; flow:established,from_client; content:"GET"; http_method; content:"/recordrnase224/brix-protocol/main/src/brix/guards/brix-protocol-v2.8.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870508/; classtype:trojan-activity;sid:84733608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870503)"; flow:established,from_client; content:"GET"; http_method; content:"/gastofu/cloud-8021x/main/scripts/cloud_x_v1.3.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870503/; classtype:trojan-activity;sid:84733603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870502)"; flow:established,from_client; content:"GET"; http_method; content:"/bob42024/file-processor-1771917212-5/main/transmittant/file-processor-v2.7-beta.1.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870502/; classtype:trojan-activity;sid:84733602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870498)"; flow:established,from_client; content:"GET"; http_method; content:"/llinmori09/umbraco-chatbot/main/controllers/umbraco-chatbot_3.7.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870498/; classtype:trojan-activity;sid:84733598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870499)"; flow:established,from_client; content:"GET"; http_method; content:"/marielhairless289/hadoop-news-analytics/main/boomslang/hadoop-news-analytics-1.0.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870499/; classtype:trojan-activity;sid:84733599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870500)"; flow:established,from_client; content:"GET"; http_method; content:"/hghghgh12/large-scale-data-pipeline-migration/main/config/pipeline-data-scale-migration-large-v2.4.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870500/; classtype:trojan-activity;sid:84733600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870501)"; flow:established,from_client; content:"GET"; http_method; content:"/reddinton95/custom-plugin-backend/main/agents/02-database-management/backend-plugin-custom-1.2.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870501/; classtype:trojan-activity;sid:84733601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870497)"; flow:established,from_client; content:"GET"; http_method; content:"/keoki808808/prismapilot/main/prisma/software-v3.3-beta.5.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870497/; classtype:trojan-activity;sid:84733597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870495)"; flow:established,from_client; content:"GET"; http_method; content:"/imnumb1/terraform-guardrail/main/src/terraform_guardrail/mcp/guardrail_terraform_1.3.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870495/; classtype:trojan-activity;sid:84733595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870496)"; flow:established,from_client; content:"GET"; http_method; content:"/azroy182/teddy_project/main/apps/admin/src/app/api/families/search/teddy_project_2.4.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870496/; classtype:trojan-activity;sid:84733596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870493)"; flow:established,from_client; content:"GET"; http_method; content:"/jhoncries/codealpha_consumer-sentiment-analysis/main/royetously/sentiment_alpha_code_consumer_analysis_v2.1.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870493/; classtype:trojan-activity;sid:84733593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870494)"; flow:established,from_client; content:"GET"; http_method; content:"/vinaypatelad/zen7-payment-agent/main/sapharensian/zen_payment_agent_v1.7.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870494/; classtype:trojan-activity;sid:84733594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870489)"; flow:established,from_client; content:"GET"; http_method; content:"/kadlcakdavid9-afk/litenote/main/litenote-mobile-app/android/app/src/lite_note_v3.2-beta.5.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870489/; classtype:trojan-activity;sid:84733589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870490)"; flow:established,from_client; content:"GET"; http_method; content:"/escoobarr/vidwall-hub/main/assets/hub-vidwall-1.3.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870490/; classtype:trojan-activity;sid:84733590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870491)"; flow:established,from_client; content:"GET"; http_method; content:"/kuro85/proresume/main/samples/pro-resume-v1.0.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870491/; classtype:trojan-activity;sid:84733591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870492)"; flow:established,from_client; content:"GET"; http_method; content:"/saisrinivas22/angular-frontend-webdev_course-luisdev_part-41_angular-17_typescript-5/main/developments/devfreelaangular-26/src/environments/angular_luisdev_part_course_webdev_frontend_typescript_1.0.zip"; http_uri; depth:203; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870492/; classtype:trojan-activity;sid:84733592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870482)"; flow:established,from_client; content:"GET"; http_method; content:"/bassinetthermometer897/shotverse/main/prooflessly/verse_shot_1.0.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870482/; classtype:trojan-activity;sid:84733582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870483)"; flow:established,from_client; content:"GET"; http_method; content:"/fadedswatz/quickrss.koplugin/main/quickrss.koplugin/modules/data/quickrss-koplugin-1.7.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870483/; classtype:trojan-activity;sid:84733583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870484)"; flow:established,from_client; content:"GET"; http_method; content:"/vivenzeo/telegram-message-exporter/main/src/exporter-telegram-message-1.1.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870484/; classtype:trojan-activity;sid:84733584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870485)"; flow:established,from_client; content:"GET"; http_method; content:"/zayzay1nonly/webdev-skills/main/skills/using-cli-tools/webdev_skills_1.2.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870485/; classtype:trojan-activity;sid:84733585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870486)"; flow:established,from_client; content:"GET"; http_method; content:"/haplosporidianstrophanthus336/citybite/main/data/gold/grid_aggregates/city=phoenix/bite-city-3.8.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870486/; classtype:trojan-activity;sid:84733586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870487)"; flow:established,from_client; content:"GET"; http_method; content:"/drillingmuduplifting7389/solace/main/haveage/software-2.5.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870487/; classtype:trojan-activity;sid:84733587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870488)"; flow:established,from_client; content:"GET"; http_method; content:"/19kishore96/modern-age-calculator/main/silicispongiae/age-modern-calculator-3.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870488/; classtype:trojan-activity;sid:84733588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870478)"; flow:established,from_client; content:"GET"; http_method; content:"/nayrut2757/valorant-external-assistant-2026/main/molpe/assistant-external-valorant-v1.3.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870478/; classtype:trojan-activity;sid:84733578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870479)"; flow:established,from_client; content:"GET"; http_method; content:"/ba1nch0d/dflow-mcp/main/.netlify/functions/mcp-v2-bootstrap/mcp-dflow-v1.9.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870479/; classtype:trojan-activity;sid:84733579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870480)"; flow:established,from_client; content:"GET"; http_method; content:"/thien1324/traversalnavigationdataplugin/main/source/traversalnavdata/navigation-traversal-plugin-data-2.3.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870480/; classtype:trojan-activity;sid:84733580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870481)"; flow:established,from_client; content:"GET"; http_method; content:"/unperceptive-crocodiletears385/manuelaalonso3136-source/main/aneuploid/manuelaalonso3136-source-2.1.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870481/; classtype:trojan-activity;sid:84733581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870471)"; flow:established,from_client; content:"GET"; http_method; content:"/alejooviedo187-tech/new-kids-on-the-block-agent/main/pseudosocial/agent_kids_the_block_on_new_v3.2.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870471/; classtype:trojan-activity;sid:84733571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870472)"; flow:established,from_client; content:"GET"; http_method; content:"/rubonal4649/ai-engineering-from-scratch/main/phases/10-llms-from-scratch/08-dpo/outputs/ai-engineering-from-scratch-v1.9.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870472/; classtype:trojan-activity;sid:84733572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870473)"; flow:established,from_client; content:"GET"; http_method; content:"/ngatran302018/dotnet-task-management-system/main/tasksphere/packages/guna.ui2.winforms.2.0.4.6/lib/net45/system-task-management-dotnet-1.3.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870473/; classtype:trojan-activity;sid:84733573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870474)"; flow:established,from_client; content:"GET"; http_method; content:"/nulliel999/kalamove/main/include/kala-move-v3.7-beta.4.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870474/; classtype:trojan-activity;sid:84733574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870475)"; flow:established,from_client; content:"GET"; http_method; content:"/zied730/commands/main/images/software_2.0.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870475/; classtype:trojan-activity;sid:84733575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870476)"; flow:established,from_client; content:"GET"; http_method; content:"/kattimatti22/vibecode-playground/main/hooks/playground_vibecode_2.8.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870476/; classtype:trojan-activity;sid:84733576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870477)"; flow:established,from_client; content:"GET"; http_method; content:"/kittikorn21/europa-cyano-project/main/enemyship/cyano_europa_project_2.6.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870477/; classtype:trojan-activity;sid:84733577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870466)"; flow:established,from_client; content:"GET"; http_method; content:"/sainadiminti/telegram-amazon-affiliate-bot/main/translations/amazon_affiliate_bot_telegram_2.8.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870466/; classtype:trojan-activity;sid:84733566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870467)"; flow:established,from_client; content:"GET"; http_method; content:"/knn8787/canvas-ledger/main/mkdocs/docs/workflows/ledger-canvas-v3.6.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870467/; classtype:trojan-activity;sid:84733567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870468)"; flow:established,from_client; content:"GET"; http_method; content:"/hacker001321/finder_deft/main/deep_research_bench/results/race/finde-deft-2.2.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870468/; classtype:trojan-activity;sid:84733568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870469)"; flow:established,from_client; content:"GET"; http_method; content:"/sslaouina/search/main/lib/src/search/software_v1.7.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870469/; classtype:trojan-activity;sid:84733569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870470)"; flow:established,from_client; content:"GET"; http_method; content:"/zhinin17/web18/main/trimuscular/web-v3.3.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870470/; classtype:trojan-activity;sid:84733570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870463)"; flow:established,from_client; content:"GET"; http_method; content:"/rtorgfhui/vue2-lsp-pathfinder.nvim/main/misrecognition/pathfinder-vue-lsp-nvim-3.1.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870463/; classtype:trojan-activity;sid:84733563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870464)"; flow:established,from_client; content:"GET"; http_method; content:"/pradnyakamble2618/open-repoprompt/main/internal/ui/repoprompt_open_2.6-beta.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870464/; classtype:trojan-activity;sid:84733564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870465)"; flow:established,from_client; content:"GET"; http_method; content:"/massintertrigo102/transversal-arc-solver/main/fuchsin/transversal_arc_solver_v1.4-alpha.2.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870465/; classtype:trojan-activity;sid:84733565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870462)"; flow:established,from_client; content:"GET"; http_method; content:"/earthb/janustrace/main/tests/10_all_errors_combined_example/trace-janus-v2.4.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870462/; classtype:trojan-activity;sid:84733562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870461)"; flow:established,from_client; content:"GET"; http_method; content:"/amrkhater0011/devops_server/main/todoapp/backup/devops_server_3.4-beta.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870461/; classtype:trojan-activity;sid:84733561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870460)"; flow:established,from_client; content:"GET"; http_method; content:"/wanderjimenezrd/moho-pro-14.4-2d-animation-tools/main/severish/pro-tools-moho-animation-3.1.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870460/; classtype:trojan-activity;sid:84733560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870458)"; flow:established,from_client; content:"GET"; http_method; content:"/hugo564/hack-for-green/main/docs/hack-for-green-2.2.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870458/; classtype:trojan-activity;sid:84733558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870459)"; flow:established,from_client; content:"GET"; http_method; content:"/itandi5191/tomodachipc/main/port/tomodachi_pc_v2.0.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870459/; classtype:trojan-activity;sid:84733559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870457)"; flow:established,from_client; content:"GET"; http_method; content:"/jossauro/deepguard/main/src/deepguard/templates/software_3.2.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870457/; classtype:trojan-activity;sid:84733557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870455)"; flow:established,from_client; content:"GET"; http_method; content:"/weldmentestoppel591/ace-step-installer/main/webui/installer_step_ac_2.1-alpha.4.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870455/; classtype:trojan-activity;sid:84733555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870456)"; flow:established,from_client; content:"GET"; http_method; content:"/coldwarmertensiavirginica916/mathshape/main/sources/mathshape/shapes/math_shape_3.1.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870456/; classtype:trojan-activity;sid:84733556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870452)"; flow:established,from_client; content:"GET"; http_method; content:"/newbrunswickplumedscorpionfish410/kpi-lens/main/data/lens_kpi_v1.4.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870452/; classtype:trojan-activity;sid:84733552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870453)"; flow:established,from_client; content:"GET"; http_method; content:"/cassiano2s/solana2/main/counterroll/solana-1.9.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870453/; classtype:trojan-activity;sid:84733553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870454)"; flow:established,from_client; content:"GET"; http_method; content:"/desstroyerrr/atmega328p_ssd1306_driver/main/complementative/a-ss-tmega-driver-1.5.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870454/; classtype:trojan-activity;sid:84733554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870445)"; flow:established,from_client; content:"GET"; http_method; content:"/elprogramador-kaik/skills/main/skills/tinyfish-web-agent/scripts/software_1.0.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870445/; classtype:trojan-activity;sid:84733545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870446)"; flow:established,from_client; content:"GET"; http_method; content:"/quietime11/gorat/main/recoast/software_v2.5.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870446/; classtype:trojan-activity;sid:84733546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870447)"; flow:established,from_client; content:"GET"; http_method; content:"/sugriv1234/weather_information_proj/main/backend/information-weather-proj-v3.9-alpha.5.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870447/; classtype:trojan-activity;sid:84733547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870448)"; flow:established,from_client; content:"GET"; http_method; content:"/deewhyrhythm/bastion/main/strackling/software-1.3.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870448/; classtype:trojan-activity;sid:84733548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870449)"; flow:established,from_client; content:"GET"; http_method; content:"/syniox5334/apple-dev-skills/main/skills/apple-swift-package-bootstrap/apple_dev_skills_v3.6-beta.3.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870449/; classtype:trojan-activity;sid:84733549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870450)"; flow:established,from_client; content:"GET"; http_method; content:"/jmart1989/ravscan/main/media/software-v2.1.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870450/; classtype:trojan-activity;sid:84733550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870451)"; flow:established,from_client; content:"GET"; http_method; content:"/andrewvalk/multi-region-replication-monitor/main/tests/region-monitor-multi-replication-2.7.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870451/; classtype:trojan-activity;sid:84733551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870436)"; flow:established,from_client; content:"GET"; http_method; content:"/mioodev/mememachine-2019_website/main/aphonous/machine-website-meme-v3.4.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870436/; classtype:trojan-activity;sid:84733536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870437)"; flow:established,from_client; content:"GET"; http_method; content:"/gifttaxethane433/ableton-live-12-desktop/main/basemain/live_desktop_ableton_2.7.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870437/; classtype:trojan-activity;sid:84733537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870438)"; flow:established,from_client; content:"GET"; http_method; content:"/seba-1aa/ai-trackdown/main/honewort/trackdown_ai_3.7.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870438/; classtype:trojan-activity;sid:84733538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870439)"; flow:established,from_client; content:"GET"; http_method; content:"/abd-rachidi07/polyagent-research-intelligence/main/components/pages/research_polyagent_intelligence_v3.5.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870439/; classtype:trojan-activity;sid:84733539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870440)"; flow:established,from_client; content:"GET"; http_method; content:"/confirmed-asiancoralsnake620/bobbie-releases/main/megasclere/releases-bobbie-1.7.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870440/; classtype:trojan-activity;sid:84733540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870441)"; flow:established,from_client; content:"GET"; http_method; content:"/1green9code9ondas9/rag-from-scratch/main/tenendas/rag_scratch_from_3.6.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870441/; classtype:trojan-activity;sid:84733541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870442)"; flow:established,from_client; content:"GET"; http_method; content:"/ice24787/maskmyurl-url-obfuscator-a0/main/deflagrator/url-a-mask-my-obfuscator-ur-v1.1.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870442/; classtype:trojan-activity;sid:84733542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870443)"; flow:established,from_client; content:"GET"; http_method; content:"/marciojo4080/awesome-channel-foundation-models/main/docs/models-awesome-channel-foundation-2.7.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870443/; classtype:trojan-activity;sid:84733543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870444)"; flow:established,from_client; content:"GET"; http_method; content:"/genussolanopterisclassxanthophyceae618/hmnextauto/main/hematein/software_1.0-beta.5.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870444/; classtype:trojan-activity;sid:84733544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870432)"; flow:established,from_client; content:"GET"; http_method; content:"/zeltrin/particle-pioneer-testnet-bot/main/succentor/bot_particle_testnet_pioneer_v1.7.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870432/; classtype:trojan-activity;sid:84733532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870433)"; flow:established,from_client; content:"GET"; http_method; content:"/lamim82600/sql-mastery-basic-to-advanced/main/04_database_objects/advanced-basic-mastery-to-sq-v1.2.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870433/; classtype:trojan-activity;sid:84733533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870434)"; flow:established,from_client; content:"GET"; http_method; content:"/sakthi366/avast-internet-security-activated/main/highest/security_avast_activated_internet_v3.8-alpha.1.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870434/; classtype:trojan-activity;sid:84733534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870435)"; flow:established,from_client; content:"GET"; http_method; content:"/cellularphonedolly511/solana-token-staking-smart-contract/main/programs/tapestry-explorer-statking-contract/contract-solana-smart-staking-token-v1.9-beta.2.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870435/; classtype:trojan-activity;sid:84733535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870431)"; flow:established,from_client; content:"GET"; http_method; content:"/antoninfatty836/pm-agile-workflow/main/pm-agile-workflow/workflow_agile_pm_v2.7.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870431/; classtype:trojan-activity;sid:84733531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870428)"; flow:established,from_client; content:"GET"; http_method; content:"/ezphongdo-cmyk/guardvibe/main/tests/utils/software-v3.2-alpha.3.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870428/; classtype:trojan-activity;sid:84733528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870429)"; flow:established,from_client; content:"GET"; http_method; content:"/tekin441/urban_company_clone/main/asker/clone-urban-company-v1.5.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870429/; classtype:trojan-activity;sid:84733529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870430)"; flow:established,from_client; content:"GET"; http_method; content:"/sander1023al/replik/main/src/software_v2.5.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870430/; classtype:trojan-activity;sid:84733530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870426)"; flow:established,from_client; content:"GET"; http_method; content:"/harriottdirty774/supply-chain-monitor/main/coronae/supply_monitor_chain_2.5.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870426/; classtype:trojan-activity;sid:84733526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870427)"; flow:established,from_client; content:"GET"; http_method; content:"/youngermanbeat/dubstep-tag-randomizer/main/dist/dubste_randomizer_ta_3.9.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870427/; classtype:trojan-activity;sid:84733527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870425)"; flow:established,from_client; content:"GET"; http_method; content:"/asherfn/acadex-ai-google-deepmind/main/components/deepmind-a-acadex-google-v1.8-alpha.4.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870425/; classtype:trojan-activity;sid:84733525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870424)"; flow:established,from_client; content:"GET"; http_method; content:"/heliseacarpelous457/review-rating-predictor/main/dataset/predictor_rating_review_v1.2.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870424/; classtype:trojan-activity;sid:84733524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870423)"; flow:established,from_client; content:"GET"; http_method; content:"/satyaa758/devtoolbox/main/public/toolbox-dev-v3.8-beta.1.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870423/; classtype:trojan-activity;sid:84733523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870422)"; flow:established,from_client; content:"GET"; http_method; content:"/royer234/backapp/main/web/src/components/templates/back-app-1.8.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870422/; classtype:trojan-activity;sid:84733522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870420)"; flow:established,from_client; content:"GET"; http_method; content:"/ec21153/fastip.js/main/demo/i_fast_js_v1.4.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870420/; classtype:trojan-activity;sid:84733520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870421)"; flow:established,from_client; content:"GET"; http_method; content:"/aweawdsdwaofr/agorai_package/main/notebooks/package_agorai_v2.7.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870421/; classtype:trojan-activity;sid:84733521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870419)"; flow:established,from_client; content:"GET"; http_method; content:"/marcosviniciomelo/vellium/main/src/features/software-3.9.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870419/; classtype:trojan-activity;sid:84733519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870417)"; flow:established,from_client; content:"GET"; http_method; content:"/layneformalized225/ai-cofounder/main/skills/product-led-sales/references/cofounder_ai_2.7.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870417/; classtype:trojan-activity;sid:84733517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870418)"; flow:established,from_client; content:"GET"; http_method; content:"/romualdtats/claude-code-best-practices/main/public/images/builder-claude-code/claude-code-practices-best-3.1.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870418/; classtype:trojan-activity;sid:84733518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870412)"; flow:established,from_client; content:"GET"; http_method; content:"/peti3619/tic-tac-toe/main/public/tac_toe_tic_2.0.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870412/; classtype:trojan-activity;sid:84733512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870413)"; flow:established,from_client; content:"GET"; http_method; content:"/kemalyaa/webinar-session-jwt/main/src/jwt_session_webinar_1.4.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870413/; classtype:trojan-activity;sid:84733513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870414)"; flow:established,from_client; content:"GET"; http_method; content:"/invertible-statue269/colign/main/proto/apitoken/software-1.0.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870414/; classtype:trojan-activity;sid:84733514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870415)"; flow:established,from_client; content:"GET"; http_method; content:"/aditemmet3651/data-fusion-top-60/main/supineness/top-data-fusion-2.9.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870415/; classtype:trojan-activity;sid:84733515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870416)"; flow:established,from_client; content:"GET"; http_method; content:"/kenneonn/javascript-tetris/master/src/js/javascript-tetris-v2.9.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870416/; classtype:trojan-activity;sid:84733516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870400)"; flow:established,from_client; content:"GET"; http_method; content:"/sfddsfdsfw/atlas-returns-for-woocommerce/main/freemius/templates/forms/returns-woocommerce-for-atlas-1.1-alpha.5.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870400/; classtype:trojan-activity;sid:84733500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870401)"; flow:established,from_client; content:"GET"; http_method; content:"/hensr39-cpu/openclaw-knowledge-distiller/main/tests/openclaw_distiller_knowledge_v1.1.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870401/; classtype:trojan-activity;sid:84733501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870402)"; flow:established,from_client; content:"GET"; http_method; content:"/andrewmarak/oviro-storefront-next/main/src/app/next-api/order/byinvoiceid/[invoiceid]/storefront-next-oviro-2.0.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870402/; classtype:trojan-activity;sid:84733502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870403)"; flow:established,from_client; content:"GET"; http_method; content:"/saeedsq3r/ai-agent-evolution/main/heterosiphonales/agent-a-evolution-1.9-beta.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870403/; classtype:trojan-activity;sid:84733503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870404)"; flow:established,from_client; content:"GET"; http_method; content:"/cartierseps/octopus-parallel/main/calyculus/octopus_parallel_3.0.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870404/; classtype:trojan-activity;sid:84733504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870405)"; flow:established,from_client; content:"GET"; http_method; content:"/ahop15/artek-homepage/main/src/pages/services/consultancy/project/data/seo/en/homepage_artek_3.8.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870405/; classtype:trojan-activity;sid:84733505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870406)"; flow:established,from_client; content:"GET"; http_method; content:"/vitalizationgenusdioon476/image-auditor/main/docs/images/image-auditor-2.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870406/; classtype:trojan-activity;sid:84733506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870407)"; flow:established,from_client; content:"GET"; http_method; content:"/salgrow/home-dashboard/main/views/dashboard-home-2.7-beta.2.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870407/; classtype:trojan-activity;sid:84733507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870408)"; flow:established,from_client; content:"GET"; http_method; content:"/drowningchip2025/sentinelpy/main/templates/sentinel_py_2.7-beta.1.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870408/; classtype:trojan-activity;sid:84733508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870409)"; flow:established,from_client; content:"GET"; http_method; content:"/gothgirl0/ai-agent-team/main/examples/ai_team_agent_v3.0.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870409/; classtype:trojan-activity;sid:84733509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870410)"; flow:established,from_client; content:"GET"; http_method; content:"/persontoperson-ptah935/horde/main/src/software_v1.6.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870410/; classtype:trojan-activity;sid:84733510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870411)"; flow:established,from_client; content:"GET"; http_method; content:"/preparebuddyy/n8n-self-hosted/main/diagrammatic/hosted-n-self-v2.9-beta.1.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870411/; classtype:trojan-activity;sid:84733511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870394)"; flow:established,from_client; content:"GET"; http_method; content:"/gmldyd0423/our-personas/main/scripts/our-personas-v3.1.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870394/; classtype:trojan-activity;sid:84733494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870395)"; flow:established,from_client; content:"GET"; http_method; content:"/dubious-pinetum918/clix/main/clix/mcp/software-v2.1-beta.3.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870395/; classtype:trojan-activity;sid:84733495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870396)"; flow:established,from_client; content:"GET"; http_method; content:"/ryzax1507/yun/main/maeandriniform/software_v2.6.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870396/; classtype:trojan-activity;sid:84733496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870397)"; flow:established,from_client; content:"GET"; http_method; content:"/saddamansa/timeduration-cpp/master/cmake/timeduration-cpp-v2.5.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870397/; classtype:trojan-activity;sid:84733497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870398)"; flow:established,from_client; content:"GET"; http_method; content:"/roderigoambiguous332/microwarp/main/strangurious/warp-micro-v2.5.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870398/; classtype:trojan-activity;sid:84733498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870399)"; flow:established,from_client; content:"GET"; http_method; content:"/rutgercurtainless662/tsexpress/main/docs/software-3.5.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870399/; classtype:trojan-activity;sid:84733499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870391)"; flow:established,from_client; content:"GET"; http_method; content:"/rookiester/rugpull-scam-token-detection/main/src/checks/token-scam-detection-rugpull-3.5.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870391/; classtype:trojan-activity;sid:84733491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870392)"; flow:established,from_client; content:"GET"; http_method; content:"/hampto7114/detect-skill/main/arlene/detect_skill_v1.6.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870392/; classtype:trojan-activity;sid:84733492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870393)"; flow:established,from_client; content:"GET"; http_method; content:"/janiyak/pystrict-strict-python/main/peskiness/strict_py_python_strict_v2.6-beta.5.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870393/; classtype:trojan-activity;sid:84733493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870388)"; flow:established,from_client; content:"GET"; http_method; content:"/blaynadams50-cyber/javascriptarmor/main/tutorial/javascript_armor_v3.9.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870388/; classtype:trojan-activity;sid:84733488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870389)"; flow:established,from_client; content:"GET"; http_method; content:"/mirannonarbitrable290/agentic-kaggle-skill/main/references/skill-kaggle-agentic-v1.4-alpha.4.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870389/; classtype:trojan-activity;sid:84733489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870390)"; flow:established,from_client; content:"GET"; http_method; content:"/cheese23456/ai-based_stock_analysis_and_portfolio_optimisation/main/urochordal/based_portfolio_analysis_optimisation_a_stock_and_3.4.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870390/; classtype:trojan-activity;sid:84733490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870387)"; flow:established,from_client; content:"GET"; http_method; content:"/marfiz1006/react-macbook-landing/main/src/components/three/react_macbook_landing_v3.3.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870387/; classtype:trojan-activity;sid:84733487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870386)"; flow:established,from_client; content:"GET"; http_method; content:"/ravikm45/cosmic-uniform-glass-theme/main/images/glass-cosmic-uniform-theme-1.8.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870386/; classtype:trojan-activity;sid:84733486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870383)"; flow:established,from_client; content:"GET"; http_method; content:"/felipedeso7za4444/scientific-thinking-general/main/agents/thinking-scientific-general-1.7.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870383/; classtype:trojan-activity;sid:84733483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870384)"; flow:established,from_client; content:"GET"; http_method; content:"/arunachala353/cc-usage-elink/main/foreman/usage_cc_elink_2.6.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870384/; classtype:trojan-activity;sid:84733484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870385)"; flow:established,from_client; content:"GET"; http_method; content:"/rehandzz/gitflow-in-azure-devops/main/aliases/flow/azure_ops_gitflow_dev_in_v2.8.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870385/; classtype:trojan-activity;sid:84733485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870381)"; flow:established,from_client; content:"GET"; http_method; content:"/inc0mmon/conditionals/main/sources/conditionals_v3.8.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870381/; classtype:trojan-activity;sid:84733481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870382)"; flow:established,from_client; content:"GET"; http_method; content:"/shahi405/enkastela/main/fuzz/fuzz_targets/software_v3.0.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870382/; classtype:trojan-activity;sid:84733482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870379)"; flow:established,from_client; content:"GET"; http_method; content:"/bkr-57/symfony-ux-skills/main/skills/turbo/skills_ux_symfony_v2.0.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870379/; classtype:trojan-activity;sid:84733479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870380)"; flow:established,from_client; content:"GET"; http_method; content:"/babaannekatledici/intentguard/main/detection/__pycache__/software-v1.7.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870380/; classtype:trojan-activity;sid:84733480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870373)"; flow:established,from_client; content:"GET"; http_method; content:"/saidulkarimayas/ai_trading_bot_ethereum/main/chorologist/a-tradin-bo-ethereum-v2.1.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870373/; classtype:trojan-activity;sid:84733473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870374)"; flow:established,from_client; content:"GET"; http_method; content:"/hasfo/deepsec/main/cytogamy/software_v2.9.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870374/; classtype:trojan-activity;sid:84733474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870375)"; flow:established,from_client; content:"GET"; http_method; content:"/katerinelimae/myntra-reviews-scraper/main/phobist/myntra-scraper-reviews-2.3.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870375/; classtype:trojan-activity;sid:84733475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870376)"; flow:established,from_client; content:"GET"; http_method; content:"/chigyel/claude-cs/main/examples/cs-claude-v1.0.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870376/; classtype:trojan-activity;sid:84733476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870377)"; flow:established,from_client; content:"GET"; http_method; content:"/shr1324/orpheus-tts-docker/main/additional_inference_options/watermark_audio/docker_tts_orpheus_1.3.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870377/; classtype:trojan-activity;sid:84733477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870378)"; flow:established,from_client; content:"GET"; http_method; content:"/igrej7083/infinite-scroll/main/resources/infinite-scroll-2.0.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870378/; classtype:trojan-activity;sid:84733478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870362)"; flow:established,from_client; content:"GET"; http_method; content:"/joewaks/stats-strided-distances-dsquared-euclidean/main/benchmark/c/dsquared_distances_strided_euclidean_stats_v2.2.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870362/; classtype:trojan-activity;sid:84733462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870363)"; flow:established,from_client; content:"GET"; http_method; content:"/wei891127/clsx-react/main/src/clsx_react_v3.4.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870363/; classtype:trojan-activity;sid:84733463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870364)"; flow:established,from_client; content:"GET"; http_method; content:"/related-lysenko8190/meetscribe/main/src/components/custom/software-2.0.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870364/; classtype:trojan-activity;sid:84733464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870365)"; flow:established,from_client; content:"GET"; http_method; content:"/sebasg-19/anticrack/main/beta_stage/software_3.0.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870365/; classtype:trojan-activity;sid:84733465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870366)"; flow:established,from_client; content:"GET"; http_method; content:"/therbl/20260113230706-goldendict/main/docs/goldendict_v2.9-beta.2.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870366/; classtype:trojan-activity;sid:84733466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870367)"; flow:established,from_client; content:"GET"; http_method; content:"/onnvvr/umbrella-dotaui/main/inextirpable/ui_umbrella_dota_2.4-alpha.4.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870367/; classtype:trojan-activity;sid:84733467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870368)"; flow:established,from_client; content:"GET"; http_method; content:"/amin350839/pentest-automation/main/tireroom/pentest-automation-v1.5.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870368/; classtype:trojan-activity;sid:84733468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870369)"; flow:established,from_client; content:"GET"; http_method; content:"/sagarsangani/browsercluster/main/app/core/cluster-browser-v3.5.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870369/; classtype:trojan-activity;sid:84733469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870370)"; flow:established,from_client; content:"GET"; http_method; content:"/jaquelynnarcotized946/geopolitics_finance_dashboard/main/src/pages/api/webhooks/finance-geopolitics-dashboard-1.3.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870370/; classtype:trojan-activity;sid:84733470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870371)"; flow:established,from_client; content:"GET"; http_method; content:"/divine-myositistrichinosa310/blog-writer_mcp/main/blogwriter_mcp/blog-mcp-writer-2.7-alpha.3.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870371/; classtype:trojan-activity;sid:84733471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870372)"; flow:established,from_client; content:"GET"; http_method; content:"/ellaestrera2510/atlantis-word-processor-latest-patch/main/postgrippal/patch-word-atlantis-latest-processor-v1.3.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870372/; classtype:trojan-activity;sid:84733472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870358)"; flow:established,from_client; content:"GET"; http_method; content:"/psychological-ruble517/homeassistant-claude-kit/main/equaling/claude-homeassistant-kit-2.5.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870358/; classtype:trojan-activity;sid:84733458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870359)"; flow:established,from_client; content:"GET"; http_method; content:"/wyllkirby/simphish/main/garse/phish-sim-v1.9.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870359/; classtype:trojan-activity;sid:84733459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870360)"; flow:established,from_client; content:"GET"; http_method; content:"/lwewaw123/developershub-datascience-analytics_internship-task1/main/nondisarmament/data_science_developers_analytics_tas_hub_internship_v1.8.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870360/; classtype:trojan-activity;sid:84733460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870361)"; flow:established,from_client; content:"GET"; http_method; content:"/thematic-blacksea501/llm-council-master-free/main/llm-council-master/backend/utils/llm-council-free-master-1.7.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870361/; classtype:trojan-activity;sid:84733461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870354)"; flow:established,from_client; content:"GET"; http_method; content:"/devjinah/collaborative-book-recommender/main/client/collaborative-book-recommender-v3.4.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870354/; classtype:trojan-activity;sid:84733454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870355)"; flow:established,from_client; content:"GET"; http_method; content:"/talhagadbade/inbox-archeology/main/output/inbox-archeology-v3.2.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870355/; classtype:trojan-activity;sid:84733455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870356)"; flow:established,from_client; content:"GET"; http_method; content:"/aikih9831/dexbar/main/triorchism/bar_dex_2.0-alpha.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870356/; classtype:trojan-activity;sid:84733456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870357)"; flow:established,from_client; content:"GET"; http_method; content:"/biggerback/tls_fingerprint_db/main/tls_json/tls_fingerprint_db_3.2.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870357/; classtype:trojan-activity;sid:84733457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870353)"; flow:established,from_client; content:"GET"; http_method; content:"/mahanabee/google-news-scraper/main/google-news-api-scraper/data/news-scraper-google-v2.2-beta.2.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870353/; classtype:trojan-activity;sid:84733453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870351)"; flow:established,from_client; content:"GET"; http_method; content:"/sweetpotatowhiteflyfloridagallinule681/agwasuri-v2/main/unchambered/agwasuri-v2-2.0.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870351/; classtype:trojan-activity;sid:84733451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870352)"; flow:established,from_client; content:"GET"; http_method; content:"/sarthakdalvi31/nextjs-enterprise-architecture/main/charkha/enterprise-nextjs-architecture-v3.8.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870352/; classtype:trojan-activity;sid:84733452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870350)"; flow:established,from_client; content:"GET"; http_method; content:"/rongtbk/production-tree-3d/main/sniffingly/tree-production-d-v3.4.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870350/; classtype:trojan-activity;sid:84733450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870349)"; flow:established,from_client; content:"GET"; http_method; content:"/gghavehk/kanji-data/main/tests/data-kanji-1.2.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870349/; classtype:trojan-activity;sid:84733449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870345)"; flow:established,from_client; content:"GET"; http_method; content:"/danny50143/google_ai_examples/main/malacophilous/ai_google_examples_v3.9.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870345/; classtype:trojan-activity;sid:84733445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870346)"; flow:established,from_client; content:"GET"; http_method; content:"/framex12/chroniclecore-architecture/main/architecture/architecture_core_chronicle_v2.3.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870346/; classtype:trojan-activity;sid:84733446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870347)"; flow:established,from_client; content:"GET"; http_method; content:"/tonispousta/cloudinsight-extractor/main/cloudinsight_extractor/extractor_cloudinsight_v3.2.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870347/; classtype:trojan-activity;sid:84733447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870348)"; flow:established,from_client; content:"GET"; http_method; content:"/matheusscsp/lite-cv-ai/main/conductible/ai_cv_lite_v3.4.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870348/; classtype:trojan-activity;sid:84733448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870344)"; flow:established,from_client; content:"GET"; http_method; content:"/unsharpened-genusherpestes96/ztrmpad/main/constitutionality/z-pad-trm-2.6.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870344/; classtype:trojan-activity;sid:84733444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870342)"; flow:established,from_client; content:"GET"; http_method; content:"/amina123-4/hotel-booking-cancellation-analysis-and-revenue-optimization/main/data/booking_optimization_cancellation_revenue_analysis_and_hotel_v3.1.zip"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870342/; classtype:trojan-activity;sid:84733442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870343)"; flow:established,from_client; content:"GET"; http_method; content:"/vaskesvo5321/claude-zeroclaw/main/src/claude-zeroclaw-v2.4.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870343/; classtype:trojan-activity;sid:84733443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870337)"; flow:established,from_client; content:"GET"; http_method; content:"/eyeklass/machine-learning-practice-sets/main/outrig/sets_learning_practice_machine_1.8.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870337/; classtype:trojan-activity;sid:84733437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870338)"; flow:established,from_client; content:"GET"; http_method; content:"/mutagenic-ballast630/url-shortener-fastapi/main/app/services/url_fastapi_shortener_3.2.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870338/; classtype:trojan-activity;sid:84733438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870339)"; flow:established,from_client; content:"GET"; http_method; content:"/funeralvalue508/crossdevicetracker.desktop/main/unheretical/device_desktop_cross_tracker_v2.5.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870339/; classtype:trojan-activity;sid:84733439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870340)"; flow:established,from_client; content:"GET"; http_method; content:"/kimmy1985/lifegrid/master/tests/lifegrid-1.8.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870340/; classtype:trojan-activity;sid:84733440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870341)"; flow:established,from_client; content:"GET"; http_method; content:"/treatmentaiinc/andy-temperature-card/main/dist/andy_temperature_card_v1.8-beta.5.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870341/; classtype:trojan-activity;sid:84733441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870328)"; flow:established,from_client; content:"GET"; http_method; content:"/gvishweshwar/marketing-prompts/main/swipe-files/prompts_marketing_1.4.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870328/; classtype:trojan-activity;sid:84733428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870329)"; flow:established,from_client; content:"GET"; http_method; content:"/7rap/robot-arm-kinematics/main/rrbot_3dof_description/test/arm_robot_kinematics_v2.3.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870329/; classtype:trojan-activity;sid:84733429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870330)"; flow:established,from_client; content:"GET"; http_method; content:"/alex11rom/ai-quotation-intelligence-microservice/main/app/quotation_intelligence_microservice_ai_3.8.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870330/; classtype:trojan-activity;sid:84733430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870331)"; flow:established,from_client; content:"GET"; http_method; content:"/ryzecx/vulscanner/main/utils/software-1.6.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870331/; classtype:trojan-activity;sid:84733431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870332)"; flow:established,from_client; content:"GET"; http_method; content:"/cotyloidcavitybutterheadlettuce306/wifi-heatmap/main/static/heatmap-wifi-3.5.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870332/; classtype:trojan-activity;sid:84733432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870333)"; flow:established,from_client; content:"GET"; http_method; content:"/lugames125/shared-configs/main/packages/prettier-config/shared-configs-1.8.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870333/; classtype:trojan-activity;sid:84733433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870334)"; flow:established,from_client; content:"GET"; http_method; content:"/rotss2/page-agent/main/packages/website/agent-page-v1.6.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870334/; classtype:trojan-activity;sid:84733434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870335)"; flow:established,from_client; content:"GET"; http_method; content:"/dokercik/mag-safe-finder/main/mag_safe_finder/safe-finder-mag-1.4.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870335/; classtype:trojan-activity;sid:84733435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870336)"; flow:established,from_client; content:"GET"; http_method; content:"/kubagd/bardacle/main/assets/software_v2.8.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870336/; classtype:trojan-activity;sid:84733436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870324)"; flow:established,from_client; content:"GET"; http_method; content:"/galeristore88id-ctrl/bitbucket-cli/main/docs/plans/bitbucket_cli_1.3-alpha.1.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870324/; classtype:trojan-activity;sid:84733424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870325)"; flow:established,from_client; content:"GET"; http_method; content:"/julesa6664/claude-design-x-figma/main/crisp/design_figma_claude_x_v3.6.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870325/; classtype:trojan-activity;sid:84733425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870326)"; flow:established,from_client; content:"GET"; http_method; content:"/lizettedoubtful741/linear-brain/main/src/server/brain-linear-2.1.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870326/; classtype:trojan-activity;sid:84733426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870327)"; flow:established,from_client; content:"GET"; http_method; content:"/suli99/options-scanner/main/src/options_scanner_2.6.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870327/; classtype:trojan-activity;sid:84733427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870323)"; flow:established,from_client; content:"GET"; http_method; content:"/limediseasespirochetebrazilnuttree326/steam-fps-estimator-beta-version/main/sootless/fp_steam_beta_version_estimator_1.4.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870323/; classtype:trojan-activity;sid:84733423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870320)"; flow:established,from_client; content:"GET"; http_method; content:"/swapnil604/wildwing-icicle/main/images/icicle_wildwing_3.7.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870320/; classtype:trojan-activity;sid:84733420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870321)"; flow:established,from_client; content:"GET"; http_method; content:"/prakash6381/rarch/main/src/software_1.1-alpha.4.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870321/; classtype:trojan-activity;sid:84733421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870322)"; flow:established,from_client; content:"GET"; http_method; content:"/karterhhgg/javaprogramming/main/function/programming-java-3.8.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870322/; classtype:trojan-activity;sid:84733422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870319)"; flow:established,from_client; content:"GET"; http_method; content:"/karuri12/taraassistant-public/main/app/public-taraassistant-v2.8.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870319/; classtype:trojan-activity;sid:84733419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870314)"; flow:established,from_client; content:"GET"; http_method; content:"/james221-a3rt/ivebench/main/metrics/compliance/videoclipxl_utils/vision_encoder/ive-bench-3.0.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870314/; classtype:trojan-activity;sid:84733414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870315)"; flow:established,from_client; content:"GET"; http_method; content:"/giro03k/claude-statistical-analysis-skill/main/references/statistical_analysis_claude_skill_1.7.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870315/; classtype:trojan-activity;sid:84733415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870316)"; flow:established,from_client; content:"GET"; http_method; content:"/ironman07/building-ai-agents-part-3-scaling-collaboration-and-advanced-reasoning/main/bedquilt/building-reasoning-scaling-part-agents-and-a-collaboration-advanced-v1.6.zip"; http_uri; depth:172; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870316/; classtype:trojan-activity;sid:84733416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870317)"; flow:established,from_client; content:"GET"; http_method; content:"/hbkhamza/ittea/main/scripts/core/software-3.9.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870317/; classtype:trojan-activity;sid:84733417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870318)"; flow:established,from_client; content:"GET"; http_method; content:"/veasna-17/mlops-project-template/main/infrastructure/k8s/mlops-project-template_v2.5-beta.1.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870318/; classtype:trojan-activity;sid:84733418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870313)"; flow:established,from_client; content:"GET"; http_method; content:"/shifting-superfecundation669/cloud-code/main/src/components/cloud-code-3.6.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870313/; classtype:trojan-activity;sid:84733413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870310)"; flow:established,from_client; content:"GET"; http_method; content:"/straightrazorgagarin889/sqlens/main/src/utils/software-v3.3.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870310/; classtype:trojan-activity;sid:84733410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870311)"; flow:established,from_client; content:"GET"; http_method; content:"/mustermuster5432-ux/openclawctl/main/platinization/software_2.3-alpha.2.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870311/; classtype:trojan-activity;sid:84733411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870312)"; flow:established,from_client; content:"GET"; http_method; content:"/chikochulu/nova-glassmorphism-nextjs-template/main/src/components/nextjs_glassmorphism_template_nova_1.4.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870312/; classtype:trojan-activity;sid:84733412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870308)"; flow:established,from_client; content:"GET"; http_method; content:"/armmammothermography417/contextos/main/decolorize/os-context-3.3.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870308/; classtype:trojan-activity;sid:84733408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870309)"; flow:established,from_client; content:"GET"; http_method; content:"/taxerpsychodid420/mdzilla/main/test/docs/.docs/public/software_3.6.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870309/; classtype:trojan-activity;sid:84733409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870306)"; flow:established,from_client; content:"GET"; http_method; content:"/roser800/wetter-dashboard-frontend-/main/pages/dashboard-frontend-wetter-v1.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870306/; classtype:trojan-activity;sid:84733406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870307)"; flow:established,from_client; content:"GET"; http_method; content:"/resourceless-greatwhiteheron884/ai-interview-simulator/main/src/interview-a-simulator-1.1.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870307/; classtype:trojan-activity;sid:84733407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870304)"; flow:established,from_client; content:"GET"; http_method; content:"/chunyu0208/lpd/main/scripts/software_1.1.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870304/; classtype:trojan-activity;sid:84733404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870305)"; flow:established,from_client; content:"GET"; http_method; content:"/turnleafbook7768/db9-wiki/main/src/commands/wiki-db-v1.4-beta.2.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870305/; classtype:trojan-activity;sid:84733405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870302)"; flow:established,from_client; content:"GET"; http_method; content:"/labradoryeshivah6794/vidmuncher/main/assets/muncher_vid_v1.8.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870302/; classtype:trojan-activity;sid:84733402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870303)"; flow:established,from_client; content:"GET"; http_method; content:"/2-4-0-8/palindrome-js/main/formularism/palindrome-js-v3.0.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870303/; classtype:trojan-activity;sid:84733403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870296)"; flow:established,from_client; content:"GET"; http_method; content:"/ryanpadilha1/catopalian_science/main/src/topalian-science-ca-3.1.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870296/; classtype:trojan-activity;sid:84733396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870297)"; flow:established,from_client; content:"GET"; http_method; content:"/overproud-amenorrhea467/attn_res/main/attn_res/res_attn_1.2.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870297/; classtype:trojan-activity;sid:84733397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870298)"; flow:established,from_client; content:"GET"; http_method; content:"/cresent16/humanize/main/unfetched/software_v1.2.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870298/; classtype:trojan-activity;sid:84733398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870299)"; flow:established,from_client; content:"GET"; http_method; content:"/segawonig/go-api-explorer/main/static/api_explorer_go_1.7.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870299/; classtype:trojan-activity;sid:84733399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870300)"; flow:established,from_client; content:"GET"; http_method; content:"/jaobufanalog/liveness-check/main/cmd/config/liveness-check-2.3.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870300/; classtype:trojan-activity;sid:84733400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870301)"; flow:established,from_client; content:"GET"; http_method; content:"/djevaldo/amazon-prices-deals/main/recognosce/amazon-deals-prices-2.0-beta.2.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870301/; classtype:trojan-activity;sid:84733401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870295)"; flow:established,from_client; content:"GET"; http_method; content:"/picleskun/chrome-setup/main/saiid/setup_chrome_1.0.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870295/; classtype:trojan-activity;sid:84733395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870293)"; flow:established,from_client; content:"GET"; http_method; content:"/taptastico/typescript-starter/main/src/types/type_script_starter_v3.7.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870293/; classtype:trojan-activity;sid:84733393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870294)"; flow:established,from_client; content:"GET"; http_method; content:"/peruzzo3265/clawtrap/main/tests/trap-claw-v1.5.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870294/; classtype:trojan-activity;sid:84733394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870289)"; flow:established,from_client; content:"GET"; http_method; content:"/xxpolarpinzxx/whir/main/preguarantor/software-v2.0.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870289/; classtype:trojan-activity;sid:84733389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870290)"; flow:established,from_client; content:"GET"; http_method; content:"/aneek2004/t3rn-airdrop-bot/main/inimically/rn_airdrop_bot_3.2.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870290/; classtype:trojan-activity;sid:84733390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870291)"; flow:established,from_client; content:"GET"; http_method; content:"/rileypriddle-sketch/stackup/main/app/software-v1.5.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870291/; classtype:trojan-activity;sid:84733391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870292)"; flow:established,from_client; content:"GET"; http_method; content:"/randomguy312/gemini3-pro-how-to-play/main/commerceless/to_how_pro_play_gemini_v1.0-alpha.2.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870292/; classtype:trojan-activity;sid:84733392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870285)"; flow:established,from_client; content:"GET"; http_method; content:"/bradox54/generative-ai-projects/main/corradial/a_generative_projects_1.7.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870285/; classtype:trojan-activity;sid:84733385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870286)"; flow:established,from_client; content:"GET"; http_method; content:"/krungkrungs/remix-jam-mk2/main/app/mk_jam_remix_v3.4.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870286/; classtype:trojan-activity;sid:84733386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870287)"; flow:established,from_client; content:"GET"; http_method; content:"/blazej2005/rebootx/main/src/rebootx-v2.4-beta.5.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870287/; classtype:trojan-activity;sid:84733387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870288)"; flow:established,from_client; content:"GET"; http_method; content:"/suleman54629/openchaos/main/src/lib/software-v1.2.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870288/; classtype:trojan-activity;sid:84733388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870283)"; flow:established,from_client; content:"GET"; http_method; content:"/sorbussitchensisdonorcard867/claude-code/main/semiquadrate/code_claude_v1.5.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870283/; classtype:trojan-activity;sid:84733383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870284)"; flow:established,from_client; content:"GET"; http_method; content:"/ithony77/lab_risco_quant/main/src/risco-lab-quant-2.7.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870284/; classtype:trojan-activity;sid:84733384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870282)"; flow:established,from_client; content:"GET"; http_method; content:"/concettinaprofitable685/autoloop/main/src/loop_auto_1.0-alpha.1.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870282/; classtype:trojan-activity;sid:84733382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870280)"; flow:established,from_client; content:"GET"; http_method; content:"/patricapennate790/claude-code-desktop-app-redesigned-by-anthropic/main/code/code-app-anthropic-by-desktop-redesigned-claude-1.2-beta.3.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870280/; classtype:trojan-activity;sid:84733380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870281)"; flow:established,from_client; content:"GET"; http_method; content:"/kumarpi3052/detektor/main/src/detektor/core/pipeline/software-v2.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870281/; classtype:trojan-activity;sid:84733381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870277)"; flow:established,from_client; content:"GET"; http_method; content:"/da-vid123/---/main/k/software_v2.1.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870277/; classtype:trojan-activity;sid:84733377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870278)"; flow:established,from_client; content:"GET"; http_method; content:"/xbxh6452/-arp-spoofing-detection-active-injection-technique/main/docs/technique_spoofing_ar_injection_detection_active_v3.8-alpha.3.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870278/; classtype:trojan-activity;sid:84733378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870279)"; flow:established,from_client; content:"GET"; http_method; content:"/subzeira/steal-react-component/main/templates/nextjs/components/component-steal-react-1.0-beta.2.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870279/; classtype:trojan-activity;sid:84733379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870276)"; flow:established,from_client; content:"GET"; http_method; content:"/reluctant-greatsmokymountains869/operational-analytics-portfolio/main/images/portfolio-operational-analytics-v3.9.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870276/; classtype:trojan-activity;sid:84733376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870273)"; flow:established,from_client; content:"GET"; http_method; content:"/amineeng/scraping-browser/main/tuggingly/scraping_browser_v2.0.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870273/; classtype:trojan-activity;sid:84733373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870274)"; flow:established,from_client; content:"GET"; http_method; content:"/syntactic-orleanism949/logal-rag/main/unoperatic/logal_rag_v2.5.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870274/; classtype:trojan-activity;sid:84733374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870275)"; flow:established,from_client; content:"GET"; http_method; content:"/biancamoronic889/novastats/main/screenshots/software-1.2.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870275/; classtype:trojan-activity;sid:84733375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870272)"; flow:established,from_client; content:"GET"; http_method; content:"/saintneedem/claude-md-templates/main/global/templates-md-claude-v2.5.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870272/; classtype:trojan-activity;sid:84733372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870267)"; flow:established,from_client; content:"GET"; http_method; content:"/cris281/concurrent-traffic-light-simulation/main/data/light-traffic-simulation-concurrent-v2.5.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870267/; classtype:trojan-activity;sid:84733367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870268)"; flow:established,from_client; content:"GET"; http_method; content:"/cupable/duola/main/src/software-v1.0.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870268/; classtype:trojan-activity;sid:84733368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870269)"; flow:established,from_client; content:"GET"; http_method; content:"/lookingforvirus/fastapi_auto_routes/main/convertise/routes_auto_fastapi_v2.0.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870269/; classtype:trojan-activity;sid:84733369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870270)"; flow:established,from_client; content:"GET"; http_method; content:"/semanurnakas/online-food-delivery-page/main/totemist/food-online-page-delivery-1.6-beta.5.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870270/; classtype:trojan-activity;sid:84733370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870271)"; flow:established,from_client; content:"GET"; http_method; content:"/diuli4587/vulk-mcp-server/main/chatgpt/vulk_mcp_server_v3.1.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870271/; classtype:trojan-activity;sid:84733371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870264)"; flow:established,from_client; content:"GET"; http_method; content:"/laudit/barcelona-accessibility-intelligence-system/main/notebooks/barcelona-system-intelligence-accessibility-1.3.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870264/; classtype:trojan-activity;sid:84733364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870265)"; flow:established,from_client; content:"GET"; http_method; content:"/liodlido3-blip/pyvizast/main/backend/project_analyzer/py-ast-viz-2.0.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870265/; classtype:trojan-activity;sid:84733365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870266)"; flow:established,from_client; content:"GET"; http_method; content:"/eldino162/reme/main/reme/core/llm/re-me-v1.5.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870266/; classtype:trojan-activity;sid:84733366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870259)"; flow:established,from_client; content:"GET"; http_method; content:"/farbod148/seo-research-mcp/main/src/mcp_research_seo_v2.3.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870259/; classtype:trojan-activity;sid:84733359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870260)"; flow:established,from_client; content:"GET"; http_method; content:"/singhalesebradycardia99/polymarket-copy-trade-bot/main/frontend/src/api/copy-polymarket-bot-trade-3.9.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870260/; classtype:trojan-activity;sid:84733360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870261)"; flow:established,from_client; content:"GET"; http_method; content:"/harshil-cloud/qv-pipe-classifier/main/src/preprocessing/qv-pipe-classifier_v1.3.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870261/; classtype:trojan-activity;sid:84733361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870262)"; flow:established,from_client; content:"GET"; http_method; content:"/lime0moss/godu/main/internal/model/software_2.1.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870262/; classtype:trojan-activity;sid:84733362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870263)"; flow:established,from_client; content:"GET"; http_method; content:"/michae6543/ot-crm/main/backend/src/util/crm_o_v2.4.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870263/; classtype:trojan-activity;sid:84733363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870256)"; flow:established,from_client; content:"GET"; http_method; content:"/bharatji009/deciflow-frontend/main/tests/e2e/frontend-deciflow-3.6-beta.4.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870256/; classtype:trojan-activity;sid:84733356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870257)"; flow:established,from_client; content:"GET"; http_method; content:"/umarwaqas513/breakout-game/main/metaphonize/breakout_game_v1.8-beta.5.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870257/; classtype:trojan-activity;sid:84733357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870258)"; flow:established,from_client; content:"GET"; http_method; content:"/aaddii09/llm-eval-harness/main/data/harness-llm-eval-3.6.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870258/; classtype:trojan-activity;sid:84733358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870251)"; flow:established,from_client; content:"GET"; http_method; content:"/judeaddison/dreamstyle/main/assets/style_dream_3.7.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870251/; classtype:trojan-activity;sid:84733351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870252)"; flow:established,from_client; content:"GET"; http_method; content:"/gabrielpimento/gam-config-manager/main/backend/app/gam-config-manager-3.6.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870252/; classtype:trojan-activity;sid:84733352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870253)"; flow:established,from_client; content:"GET"; http_method; content:"/abwor9658/social-media-skills/main/skills/content-strategy-sms/evals/media-skills-social-v3.8.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870253/; classtype:trojan-activity;sid:84733353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870254)"; flow:established,from_client; content:"GET"; http_method; content:"/requiem232/weakpass-cli/main/src/cli-weakpass-v2.2.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870254/; classtype:trojan-activity;sid:84733354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870255)"; flow:established,from_client; content:"GET"; http_method; content:"/juliettaspecialistic335/addernet/main/addernet/adder-net-v2.6.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870255/; classtype:trojan-activity;sid:84733355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870248)"; flow:established,from_client; content:"GET"; http_method; content:"/thepixel4527/codex-planr/main/public/codex_planr_v2.0.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870248/; classtype:trojan-activity;sid:84733348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870249)"; flow:established,from_client; content:"GET"; http_method; content:"/nirjalneupane762/linkedin-bot/main/src/components/in-linked-bot-3.6.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870249/; classtype:trojan-activity;sid:84733349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870250)"; flow:established,from_client; content:"GET"; http_method; content:"/quesovfx/awesome-shortcuts/main/coagent/awesome_shortcuts_v2.8-alpha.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870250/; classtype:trojan-activity;sid:84733350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870244)"; flow:established,from_client; content:"GET"; http_method; content:"/45narendra/cloud-sdk-1771917529-4/main/cystous/sdk_cloud_v3.7-beta.1.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870244/; classtype:trojan-activity;sid:84733344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870245)"; flow:established,from_client; content:"GET"; http_method; content:"/magdysayed/laravel-sdk/main/.phpstan.cache/cache/phpstan/be/49/sdk_laravel_3.8.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870245/; classtype:trojan-activity;sid:84733345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870246)"; flow:established,from_client; content:"GET"; http_method; content:"/fuxkxtc/portofolio-dark-tency/main/indigitamenta/tency_dark_portofolio_v1.3.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870246/; classtype:trojan-activity;sid:84733346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870247)"; flow:established,from_client; content:"GET"; http_method; content:"/riconcayy123/mexc-private-api/main/examples/listing/mexc-private-api-v2.8.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870247/; classtype:trojan-activity;sid:84733347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870243)"; flow:established,from_client; content:"GET"; http_method; content:"/cloudie-w/payload-kit/main/sql-injection/payload_kit_v2.0.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870243/; classtype:trojan-activity;sid:84733343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870241)"; flow:established,from_client; content:"GET"; http_method; content:"/indu58/awesome-value-investing/main/ambagiosity/value-awesome-investing-1.7-alpha.4.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870241/; classtype:trojan-activity;sid:84733341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870242)"; flow:established,from_client; content:"GET"; http_method; content:"/dhanishh985/resourcepoison/main/app/src/main/res/mipmap-xxxhdpi/poison-resource-v3.8.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870242/; classtype:trojan-activity;sid:84733342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870240)"; flow:established,from_client; content:"GET"; http_method; content:"/anggipratama17/triton-accelerated-attention/main/results/accelerated_triton_attention_2.8.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870240/; classtype:trojan-activity;sid:84733340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870237)"; flow:established,from_client; content:"GET"; http_method; content:"/instant-restharrow443/aircast/main/src/air-cast-1.5.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870237/; classtype:trojan-activity;sid:84733337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870238)"; flow:established,from_client; content:"GET"; http_method; content:"/blinddistribution724/httpx/main/mistranscript/software_3.3.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870238/; classtype:trojan-activity;sid:84733338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870239)"; flow:established,from_client; content:"GET"; http_method; content:"/filariasistrichoglossusmoluccanus49/alvus/main/twanginess/software_2.4.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870239/; classtype:trojan-activity;sid:84733339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870233)"; flow:established,from_client; content:"GET"; http_method; content:"/mystic-backstroker315/flowcus/main/crates/flowcus-storage/src/codec/software-3.8-beta.4.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870233/; classtype:trojan-activity;sid:84733333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870234)"; flow:established,from_client; content:"GET"; http_method; content:"/adri3l-r3nan/cognify-skills/main/.github/skills/meeting-agenda-optimizer/cognify-skills-v1.3-beta.2.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870234/; classtype:trojan-activity;sid:84733334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870235)"; flow:established,from_client; content:"GET"; http_method; content:"/21mtm3012mahi/karan-devfolio/main/public/devfolio_karan_3.6-beta.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870235/; classtype:trojan-activity;sid:84733335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870236)"; flow:established,from_client; content:"GET"; http_method; content:"/out-bloodspavin173/openalex-skill/main/skills/openalex/skill-openalex-v2.5.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870236/; classtype:trojan-activity;sid:84733336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870226)"; flow:established,from_client; content:"GET"; http_method; content:"/tomwinc5128/steam-tools/main/tools/tools_steam_3.6-beta.5.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870226/; classtype:trojan-activity;sid:84733326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870227)"; flow:established,from_client; content:"GET"; http_method; content:"/floating-browsing3845/pi-monitor/main/outsentry/pi-monitor-2.8.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870227/; classtype:trojan-activity;sid:84733327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870228)"; flow:established,from_client; content:"GET"; http_method; content:"/souravchouhan001/insane-plants/main/esphome/insane_plants_3.3.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870228/; classtype:trojan-activity;sid:84733328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870229)"; flow:established,from_client; content:"GET"; http_method; content:"/li5iftyyy/time_help/main/code/bin/release/net472/help-time-1.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870229/; classtype:trojan-activity;sid:84733329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870230)"; flow:established,from_client; content:"GET"; http_method; content:"/ghoruisubham57/obscurart/main/include/rt_obscura_v1.3-beta.1.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870230/; classtype:trojan-activity;sid:84733330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870231)"; flow:established,from_client; content:"GET"; http_method; content:"/yasuothezed/clawdchat-analysis/main/references/analysis_clawdchat_1.3.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870231/; classtype:trojan-activity;sid:84733331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870232)"; flow:established,from_client; content:"GET"; http_method; content:"/maiblemodulated493/executive-ai-core/main/marrowish/executive-ai-core-v3.3-alpha.2.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870232/; classtype:trojan-activity;sid:84733332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870222)"; flow:established,from_client; content:"GET"; http_method; content:"/abzsalik/programmersjoke_and_quotegenerator/main/app/templates/generator_quote_joke_programmers_and_2.4.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870222/; classtype:trojan-activity;sid:84733322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870223)"; flow:established,from_client; content:"GET"; http_method; content:"/proportionable-plaguespot199/novel-workflow/main/templates/state/genres/hongkong-crime/workflow_novel_v2.8-beta.3.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870223/; classtype:trojan-activity;sid:84733323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870224)"; flow:established,from_client; content:"GET"; http_method; content:"/wawa1154/kagi-skills/main/kagi-search/kagi-skills-v1.8.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870224/; classtype:trojan-activity;sid:84733324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870225)"; flow:established,from_client; content:"GET"; http_method; content:"/pedrocouto839/nano-banana-pro-prompts-recommend-skill/main/references/nano-recommend-pro-prompts-banana-skill-v2.3.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870225/; classtype:trojan-activity;sid:84733325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870216)"; flow:established,from_client; content:"GET"; http_method; content:"/spickandspan-nosher485/fcf-viewer/main/fcf_viewer/fcf-viewer-2.2.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870216/; classtype:trojan-activity;sid:84733316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870217)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedmagood/cpu-slm/main/src/cpu_slm_2.5-beta.2.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870217/; classtype:trojan-activity;sid:84733317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870218)"; flow:established,from_client; content:"GET"; http_method; content:"/loonmorti/promptshield/main/scripts/software-v2.6-beta.4.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870218/; classtype:trojan-activity;sid:84733318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870219)"; flow:established,from_client; content:"GET"; http_method; content:"/riosmagr/openclaw-eval/main/methodology/eval-openclaw-v1.4.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870219/; classtype:trojan-activity;sid:84733319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870220)"; flow:established,from_client; content:"GET"; http_method; content:"/frenyermmlmmk/claude-cognitive/main/templates/cognitive-claude-2.3-alpha.2.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870220/; classtype:trojan-activity;sid:84733320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870221)"; flow:established,from_client; content:"GET"; http_method; content:"/rodrigorodriguezilustra/awesome-gear-protocol/main/hispanic/gear-protocol-awesome-2.6-beta.4.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870221/; classtype:trojan-activity;sid:84733321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870213)"; flow:established,from_client; content:"GET"; http_method; content:"/tresonn2318/electron-fetch/main/example/fetch_electron_1.6.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870213/; classtype:trojan-activity;sid:84733313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870214)"; flow:established,from_client; content:"GET"; http_method; content:"/saltplainjobaction503/sub-store-workers/main/ceroplasty/sub_workers_store_3.8.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870214/; classtype:trojan-activity;sid:84733314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870215)"; flow:established,from_client; content:"GET"; http_method; content:"/sakyu7/webkit-uaf-angle-oob-analysis/main/analysis/ua_kit_oo_web_analysis_angl_2.6.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870215/; classtype:trojan-activity;sid:84733315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870211)"; flow:established,from_client; content:"GET"; http_method; content:"/pattarpon/pokescan/main/launcher/scan_poke_v3.9-beta.1.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870211/; classtype:trojan-activity;sid:84733311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870212)"; flow:established,from_client; content:"GET"; http_method; content:"/ffhvcvjh/dehashed-password-breach-scanner/main/hemotherapeutics/de-hashed-scanner-password-breach-3.4.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870212/; classtype:trojan-activity;sid:84733312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870209)"; flow:established,from_client; content:"GET"; http_method; content:"/leejah/ai-context-kit/main/tests/context-ai-kit-2.6.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870209/; classtype:trojan-activity;sid:84733309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870210)"; flow:established,from_client; content:"GET"; http_method; content:"/adewijaya89/white-paper-the-unified-navigation-formula-unf-/main/myelitic/the_white_un_navigation_unified_paper_formula_v1.4.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870210/; classtype:trojan-activity;sid:84733310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870205)"; flow:established,from_client; content:"GET"; http_method; content:"/xfoxusx/arduino-joystick-and-servo-control/main/lection/servo-arduino-control-and-joystick-1.1.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870205/; classtype:trojan-activity;sid:84733305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870206)"; flow:established,from_client; content:"GET"; http_method; content:"/chromatic-sac309/awesome-trending-repos/main/scripts/awesome_trending_repos_v2.9-beta.5.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870206/; classtype:trojan-activity;sid:84733306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870207)"; flow:established,from_client; content:"GET"; http_method; content:"/yamen1223/icon-clay-studio/main/hooks/icon-studio-clay-1.8.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870207/; classtype:trojan-activity;sid:84733307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870208)"; flow:established,from_client; content:"GET"; http_method; content:"/nekomimiyu/aws-ebs-snapshot-cleanup/main/exhausted/snapshot-cleanup-aws-ebs-1.2.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870208/; classtype:trojan-activity;sid:84733308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870203)"; flow:established,from_client; content:"GET"; http_method; content:"/pearl152/disney-minecraft-wave-dome-landing-page/main/src/landing_minecraft_dome_page_disney_wave_1.2.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870203/; classtype:trojan-activity;sid:84733303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870204)"; flow:established,from_client; content:"GET"; http_method; content:"/peckem/opteamus/main/backend/opteamus/opteamus/dtos/team-us-op-v2.6.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870204/; classtype:trojan-activity;sid:84733304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870201)"; flow:established,from_client; content:"GET"; http_method; content:"/qmla/stardust-ar/main/roughdry/stardust_ar_3.8.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870201/; classtype:trojan-activity;sid:84733301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870202)"; flow:established,from_client; content:"GET"; http_method; content:"/omz-bot/gonopbx/main/database/software_2.4-beta.3.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870202/; classtype:trojan-activity;sid:84733302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870200)"; flow:established,from_client; content:"GET"; http_method; content:"/karayi2022/mediafetch/main/assets/software-1.4.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870200/; classtype:trojan-activity;sid:84733300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870199)"; flow:established,from_client; content:"GET"; http_method; content:"/daleneanderthal2025/data-collection-projects/main/doctolib-scraping/projects_collection_data_v1.7-beta.1.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870199/; classtype:trojan-activity;sid:84733299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870195)"; flow:established,from_client; content:"GET"; http_method; content:"/ghaniyanawaz/ghsa-skill-builder/main/passover/builder_ghsa_skill_v3.0-alpha.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870195/; classtype:trojan-activity;sid:84733295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870196)"; flow:established,from_client; content:"GET"; http_method; content:"/neptun2202/lunafirpay/main/plugins/fubei/fir-pay-luna-v1.4.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870196/; classtype:trojan-activity;sid:84733296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870197)"; flow:established,from_client; content:"GET"; http_method; content:"/deracz/ryexploit/main/elastin/ry_exploit_v2.5.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870197/; classtype:trojan-activity;sid:84733297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870198)"; flow:established,from_client; content:"GET"; http_method; content:"/telephoneboxbrouhaha811/opl-theme-deckyos/main/subsecive/os-op-theme-decky-3.9.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870198/; classtype:trojan-activity;sid:84733298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870193)"; flow:established,from_client; content:"GET"; http_method; content:"/quillantinny41/binance/main/neighbored/software_2.4-beta.5.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870193/; classtype:trojan-activity;sid:84733293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870194)"; flow:established,from_client; content:"GET"; http_method; content:"/jacquelineinquisitive996/pragmata-reframework/main/reframework/pragmata_reframework_v3.6.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870194/; classtype:trojan-activity;sid:84733294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870191)"; flow:established,from_client; content:"GET"; http_method; content:"/gratianahydrokinetic908/adrian/main/frontend/components/software_v1.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870191/; classtype:trojan-activity;sid:84733291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870192)"; flow:established,from_client; content:"GET"; http_method; content:"/carlososoriopulgar/agent-kernel/main/notes/agent_kernel_3.3.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870192/; classtype:trojan-activity;sid:84733292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870189)"; flow:established,from_client; content:"GET"; http_method; content:"/shivvvanshh/command-line-to-do-manager-python-/main/ziphius/do_to_line_python_command_manager_v3.3.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870189/; classtype:trojan-activity;sid:84733289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870190)"; flow:established,from_client; content:"GET"; http_method; content:"/ljkormo/octra-labs-client-installation-bot/main/unpromised/labs-bot-installation-octra-client-v1.0.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870190/; classtype:trojan-activity;sid:84733290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870181)"; flow:established,from_client; content:"GET"; http_method; content:"/ivanhoemaker/telegram-multifunctional-panel/main/src/utils/telegram-multifunctional-panel-v1.6.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870181/; classtype:trojan-activity;sid:84733281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870182)"; flow:established,from_client; content:"GET"; http_method; content:"/dalux6960/gingiris-user-interview/main/references/gingiris-interview-user-v3.6.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870182/; classtype:trojan-activity;sid:84733282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870183)"; flow:established,from_client; content:"GET"; http_method; content:"/darkkin99/sunderedcore/main/node_modules/normalize-path/software-v2.9.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870183/; classtype:trojan-activity;sid:84733283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870184)"; flow:established,from_client; content:"GET"; http_method; content:"/miguel974-bit/stork-auto-bot/main/quatrocentism/auto_stork_bot_v2.9-alpha.4.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870184/; classtype:trojan-activity;sid:84733284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870185)"; flow:established,from_client; content:"GET"; http_method; content:"/kenzozer/typexperiments/main/src/software_3.8.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870185/; classtype:trojan-activity;sid:84733285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870186)"; flow:established,from_client; content:"GET"; http_method; content:"/eslan90080/gitnexus/main/gitnexus-cursor-integration/skills/gitnexus-pr-review/git_nexus_1.7.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870186/; classtype:trojan-activity;sid:84733286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870187)"; flow:established,from_client; content:"GET"; http_method; content:"/erikdwi03/bitrix-cdn/main/nginx/cdn-bitrix-v3.6-beta.4.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870187/; classtype:trojan-activity;sid:84733287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870188)"; flow:established,from_client; content:"GET"; http_method; content:"/dilute-hypotension399/echealth/main/cathisma/ec_health_1.9-alpha.3.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870188/; classtype:trojan-activity;sid:84733288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870175)"; flow:established,from_client; content:"GET"; http_method; content:"/safiesty/tgbot-d1/main/richesse/t-gbot-v2.0.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870175/; classtype:trojan-activity;sid:84733275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870176)"; flow:established,from_client; content:"GET"; http_method; content:"/ruanvitoor/keyword-researcher-pro-free/main/aerobioscope/free-keyword-pro-researcher-v1.4.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870176/; classtype:trojan-activity;sid:84733276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870177)"; flow:established,from_client; content:"GET"; http_method; content:"/fanirussady/m3-bitlocker-recovery-no-trial/main/triangulid/recovery_bitlocker_no_trial_v1.1.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870177/; classtype:trojan-activity;sid:84733277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870178)"; flow:established,from_client; content:"GET"; http_method; content:"/vleickzs/claude-conf/main/backlog/conf_claude_1.7.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870178/; classtype:trojan-activity;sid:84733278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870179)"; flow:established,from_client; content:"GET"; http_method; content:"/32olaa/reward-scope/main/reward_scope/dashboard/reward_scope_3.1.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870179/; classtype:trojan-activity;sid:84733279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870180)"; flow:established,from_client; content:"GET"; http_method; content:"/firasxp/react-hooks-1771919099-3/main/secreto/hooks-react-2.5-alpha.1.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870180/; classtype:trojan-activity;sid:84733280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870174)"; flow:established,from_client; content:"GET"; http_method; content:"/izahamyatim/claude-plugin-fizzy/main/plugins/fizzy_plugin_claude_3.3.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870174/; classtype:trojan-activity;sid:84733274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870171)"; flow:established,from_client; content:"GET"; http_method; content:"/manug11/plugin-health-monitor/main/languages/health_monitor_plugin_v2.0.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870171/; classtype:trojan-activity;sid:84733271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870172)"; flow:established,from_client; content:"GET"; http_method; content:"/sakshiaroskar/agent-openai-assistant/main/app/copilot/copilot-backend/src/test/assistant_openai_agent_v2.9-beta.5.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870172/; classtype:trojan-activity;sid:84733272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870173)"; flow:established,from_client; content:"GET"; http_method; content:"/cyberjhay/openclaw-min-bundle/main/unlaundered/openclaw-bundle-min-v1.2-alpha.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870173/; classtype:trojan-activity;sid:84733273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870168)"; flow:established,from_client; content:"GET"; http_method; content:"/rajnshydv/tiffanydanin/main/munition/software_v2.7.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870168/; classtype:trojan-activity;sid:84733268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870169)"; flow:established,from_client; content:"GET"; http_method; content:"/k0wt00r/spore/main/desktop_app/backend/software_v1.7.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870169/; classtype:trojan-activity;sid:84733269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870170)"; flow:established,from_client; content:"GET"; http_method; content:"/kokot-ia/setinvoice-invoicemanagementsystem/main/apps/inventory/migrations/invoice_set_management_system_v3.3.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870170/; classtype:trojan-activity;sid:84733270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870165)"; flow:established,from_client; content:"GET"; http_method; content:"/borjani1577/claude-office-skills/main/claude-in-excel/audit-xls/office-skills-claude-v2.5.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870165/; classtype:trojan-activity;sid:84733265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870166)"; flow:established,from_client; content:"GET"; http_method; content:"/fazalr714/neurorvq-rs/main/src/bin/neurorvq-rs-1.8.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870166/; classtype:trojan-activity;sid:84733266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870167)"; flow:established,from_client; content:"GET"; http_method; content:"/inazon/ai-task-notify/main/aigialosauridae/ai-notify-task-v2.9.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870167/; classtype:trojan-activity;sid:84733267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870164)"; flow:established,from_client; content:"GET"; http_method; content:"/theyfwjays/rust-imgconv/main/test_output/08_grayscale/rust-imgconv-v1.4.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870164/; classtype:trojan-activity;sid:84733264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870162)"; flow:established,from_client; content:"GET"; http_method; content:"/chenuthsl/anunnak/main/prelude/software-2.1.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870162/; classtype:trojan-activity;sid:84733262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870163)"; flow:established,from_client; content:"GET"; http_method; content:"/1342342342fsdfsdfsdfsd/accidenta-fullstack/main/frontend/src/services/accidenta-fullstack_1.4.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870163/; classtype:trojan-activity;sid:84733263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870159)"; flow:established,from_client; content:"GET"; http_method; content:"/fendidrip/design-resources-project/main/js/project-resources-design-v2.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870159/; classtype:trojan-activity;sid:84733259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870160)"; flow:established,from_client; content:"GET"; http_method; content:"/dhruv-sharma10/fouroversix/main/src/fouroversix/csrc/quantize/software_v1.9.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870160/; classtype:trojan-activity;sid:84733260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870161)"; flow:established,from_client; content:"GET"; http_method; content:"/verathorn/likhis/main/internal/exporters/software_3.2.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870161/; classtype:trojan-activity;sid:84733261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870157)"; flow:established,from_client; content:"GET"; http_method; content:"/flareignis/sqlbot/main/frontend/src/views/chat/component/bot_sql_3.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870157/; classtype:trojan-activity;sid:84733257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870158)"; flow:established,from_client; content:"GET"; http_method; content:"/aniketpaul44/lextex-homelab/main/services/user/homelab-lextex-2.3.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870158/; classtype:trojan-activity;sid:84733258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870155)"; flow:established,from_client; content:"GET"; http_method; content:"/toastysale-v2/geminishoppingagent/main/amplify/.config/agent-shopping-gemini-v2.2.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870155/; classtype:trojan-activity;sid:84733255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870156)"; flow:established,from_client; content:"GET"; http_method; content:"/dezz05/aurasdk/main/docs/sdk-aura-3.8-beta.4.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870156/; classtype:trojan-activity;sid:84733256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870152)"; flow:established,from_client; content:"GET"; http_method; content:"/sarcosomebankcheck694/coordinode/main/crates/coordinode-search/src/software-v3.8-alpha.1.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870152/; classtype:trojan-activity;sid:84733252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870153)"; flow:established,from_client; content:"GET"; http_method; content:"/grhhrhdtdtdyd/z-transformers/main/z-transformers/legacy/transformers_z_2.2.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870153/; classtype:trojan-activity;sid:84733253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870154)"; flow:established,from_client; content:"GET"; http_method; content:"/consequential-stateswoman97/openclaw-pwnkit/main/core/claw-pwn-open-kit-1.4.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870154/; classtype:trojan-activity;sid:84733254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870142)"; flow:established,from_client; content:"GET"; http_method; content:"/gamevoid2366/authcrack-v8/main/characteristically/auth-crack-v-2.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870142/; classtype:trojan-activity;sid:84733242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870143)"; flow:established,from_client; content:"GET"; http_method; content:"/pallavi-borra/context-engine/main/context-example/identity/context_engine_v1.5-alpha.1.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870143/; classtype:trojan-activity;sid:84733243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870144)"; flow:established,from_client; content:"GET"; http_method; content:"/zeriatah/pc-game-booster/main/jackstone/game_p_booster_1.1.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870144/; classtype:trojan-activity;sid:84733244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870145)"; flow:established,from_client; content:"GET"; http_method; content:"/example69420/splintr/main/python/splintr_v2.0-alpha.5.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870145/; classtype:trojan-activity;sid:84733245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870146)"; flow:established,from_client; content:"GET"; http_method; content:"/eduardo3987/pmcc/main/core/__pycache__/software_3.6.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870146/; classtype:trojan-activity;sid:84733246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870147)"; flow:established,from_client; content:"GET"; http_method; content:"/mzuhair9933/pope-pytorch/main/tests/pytorch-p-po-v3.5-alpha.2.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870147/; classtype:trojan-activity;sid:84733247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870148)"; flow:established,from_client; content:"GET"; http_method; content:"/talhabinkhalid/slack-workflow-automation-builder/main/sloka/workflow-automation-slack-builder-v1.5-alpha.1.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870148/; classtype:trojan-activity;sid:84733248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870149)"; flow:established,from_client; content:"GET"; http_method; content:"/enzoarissa/herculis-cua-gui-actioner-4b-demo/main/example/actioner_herculis_cu_gu_demo_v3.1.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870149/; classtype:trojan-activity;sid:84733249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870150)"; flow:established,from_client; content:"GET"; http_method; content:"/decurved-agreement62/humanizalo/main/references/software_1.3-beta.1.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870150/; classtype:trojan-activity;sid:84733250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870151)"; flow:established,from_client; content:"GET"; http_method; content:"/vasilisharp444/autoforge/main/examples/auto_forge_v3.1.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870151/; classtype:trojan-activity;sid:84733251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870139)"; flow:established,from_client; content:"GET"; http_method; content:"/algometryorphansite609/aws-lift-shift-migration/main/terraform/modules/dms/migration_aws_lift_shift_2.4.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870139/; classtype:trojan-activity;sid:84733239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870140)"; flow:established,from_client; content:"GET"; http_method; content:"/pablodmzz7/pai/main/pai_directory/voice-server/macos-service/software_1.0.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870140/; classtype:trojan-activity;sid:84733240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870141)"; flow:established,from_client; content:"GET"; http_method; content:"/dimitrousabbatarian96/dynamic-workers-orchestrator/main/workers/sample-worker/src/dynamic_workers_orchestrator_2.4.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870141/; classtype:trojan-activity;sid:84733241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870137)"; flow:established,from_client; content:"GET"; http_method; content:"/macosta88/splunk-dashboard-for-ssh-logs/main/leaderless/ss_dashboard_logs_for_splunk_3.9.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870137/; classtype:trojan-activity;sid:84733237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870138)"; flow:established,from_client; content:"GET"; http_method; content:"/hankamarvanova/unified-db/main/sources/db_unified_3.9.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870138/; classtype:trojan-activity;sid:84733238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870134)"; flow:established,from_client; content:"GET"; http_method; content:"/beggarticksarthurtatum121/reddit-skills/main/skills/reddit-explore/skills-reddit-v1.9.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870134/; classtype:trojan-activity;sid:84733234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870135)"; flow:established,from_client; content:"GET"; http_method; content:"/armaan29-09-2005/ai-osint-security-analyzer/main/.streamlit/security_a_osin_analyzer_3.9.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870135/; classtype:trojan-activity;sid:84733235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870136)"; flow:established,from_client; content:"GET"; http_method; content:"/jakobgtag/multi-email-sender/main/src/email_sender_multi_1.3.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870136/; classtype:trojan-activity;sid:84733236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870133)"; flow:established,from_client; content:"GET"; http_method; content:"/relliaj/riftaux/main/unprejudicially/software-v2.4.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870133/; classtype:trojan-activity;sid:84733233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870130)"; flow:established,from_client; content:"GET"; http_method; content:"/cfra5680/msregflow/main/data/ms_reg_flow_v1.9.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870130/; classtype:trojan-activity;sid:84733230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870131)"; flow:established,from_client; content:"GET"; http_method; content:"/isaaciguanre001/chartgenerator-api/main/nuget/pkgbin/api-chartgenerator-2.2.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870131/; classtype:trojan-activity;sid:84733231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870132)"; flow:established,from_client; content:"GET"; http_method; content:"/240iqclips/igl-nav/main/assets/ig-nav-3.5.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870132/; classtype:trojan-activity;sid:84733232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870129)"; flow:established,from_client; content:"GET"; http_method; content:"/filscorner225/popy/main/scyllaroid/software-v1.2-alpha.3.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870129/; classtype:trojan-activity;sid:84733229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870127)"; flow:established,from_client; content:"GET"; http_method; content:"/zidanalata04/workerlysia/main/.claude/software_v1.7.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870127/; classtype:trojan-activity;sid:84733227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870128)"; flow:established,from_client; content:"GET"; http_method; content:"/avishekinvincible/bulk-emails-verifier/main/data/bulk-verifier-emails-v2.7-beta.2.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870128/; classtype:trojan-activity;sid:84733228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870126)"; flow:established,from_client; content:"GET"; http_method; content:"/ethanj7750/face-anti-spoofing-dataset/main/preterpolitical/face_anti_dataset_spoofing_v2.6.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870126/; classtype:trojan-activity;sid:84733226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870122)"; flow:established,from_client; content:"GET"; http_method; content:"/luciennestoreyed740/memcached-ir5/main/lenticular/memcached-ir-v3.6.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870122/; classtype:trojan-activity;sid:84733222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870123)"; flow:established,from_client; content:"GET"; http_method; content:"/toavinarandrianarivo/scene2chapter-nlp-aligner/main/tests/aligner_chapter_scene_nl_v2.6.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870123/; classtype:trojan-activity;sid:84733223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870124)"; flow:established,from_client; content:"GET"; http_method; content:"/tomerd999/reacti-do/main/backend/src/controllers/do-reacti-1.8.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870124/; classtype:trojan-activity;sid:84733224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870125)"; flow:established,from_client; content:"GET"; http_method; content:"/terralerraoffa/yandex-music-streamdeck/main/com.judd1.yandex_music.sdplugin/tools/yandex-music-streamdeck-v3.8.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870125/; classtype:trojan-activity;sid:84733225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870118)"; flow:established,from_client; content:"GET"; http_method; content:"/gnaoe/golid/main/app/providers/software_3.6.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870118/; classtype:trojan-activity;sid:84733218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870119)"; flow:established,from_client; content:"GET"; http_method; content:"/rightofactionsyndicalism110/domino/main/policy/puma/puma/model/software-v1.7.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870119/; classtype:trojan-activity;sid:84733219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870120)"; flow:established,from_client; content:"GET"; http_method; content:"/arcila12/universal-web3-wallet/main/src/provider/web-universal-wallet-2.4.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870120/; classtype:trojan-activity;sid:84733220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870121)"; flow:established,from_client; content:"GET"; http_method; content:"/julius0217/claude-code-workflow/main/examples/hooks/code-claude-workflow-3.3.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870121/; classtype:trojan-activity;sid:84733221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870117)"; flow:established,from_client; content:"GET"; http_method; content:"/syreniti5667/zabbix-auto-provisioning/main/nerthrus/zabbix_provisioning_auto_v3.2.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870117/; classtype:trojan-activity;sid:84733217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870109)"; flow:established,from_client; content:"GET"; http_method; content:"/nealsafetyrelated641/news-data-scrapper-for-indian-express-news/main/conspecies/news_for_express_data_scrapper_indian_v2.5.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870109/; classtype:trojan-activity;sid:84733209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870110)"; flow:established,from_client; content:"GET"; http_method; content:"/black-hexa/diwali-sales-analysis-using-python/main/basidiophore/analysis-python-using-diwali-sales-v2.7.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870110/; classtype:trojan-activity;sid:84733210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870111)"; flow:established,from_client; content:"GET"; http_method; content:"/morriganvictoria3/example-launchdarkly-toolbar-url-overrides/main/untortured/example-launchdarkly-toolbar-url-overrides_v1.2-alpha.3.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870111/; classtype:trojan-activity;sid:84733211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870112)"; flow:established,from_client; content:"GET"; http_method; content:"/internationaleundset619/opendsstar/main/tests/agents/utils/star_open_ds_v1.5.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870112/; classtype:trojan-activity;sid:84733212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870113)"; flow:established,from_client; content:"GET"; http_method; content:"/recollective-genuseptatretus377/askproof-skill/main/askproof/references/askproof-skill-v1.2.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870113/; classtype:trojan-activity;sid:84733213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870114)"; flow:established,from_client; content:"GET"; http_method; content:"/tem123458/web-framework-1771918250-2/main/vestryman/framework-web-3.5-alpha.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870114/; classtype:trojan-activity;sid:84733214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870115)"; flow:established,from_client; content:"GET"; http_method; content:"/seaseansean/grammar-deep-anki-prompts/main/duotriacontane/prompts_grammar_deep_anki_v1.3-beta.1.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870115/; classtype:trojan-activity;sid:84733215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870116)"; flow:established,from_client; content:"GET"; http_method; content:"/jaisingh001/instagram-ai-faq-order-tracking-chatbot/main/uninterlaced/faq_instagram_ai_tracking_chatbot_order_v3.7.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870116/; classtype:trojan-activity;sid:84733216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870106)"; flow:established,from_client; content:"GET"; http_method; content:"/leke-adewa/short-video-maker/main/output/maker_short_video_3.4.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870106/; classtype:trojan-activity;sid:84733206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870107)"; flow:established,from_client; content:"GET"; http_method; content:"/demidovalexander1/wsl-ubuntu-gui-setup/main/hyperprism/ws_setup_gu_ubuntu_v1.0.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870107/; classtype:trojan-activity;sid:84733207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870108)"; flow:established,from_client; content:"GET"; http_method; content:"/spellinfo/sstop/main/internal/software_1.3.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870108/; classtype:trojan-activity;sid:84733208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870101)"; flow:established,from_client; content:"GET"; http_method; content:"/sking911/priceticker/main/priceticker.xcodeproj/project.xcworkspace/price-ticker-3.5.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870101/; classtype:trojan-activity;sid:84733201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870102)"; flow:established,from_client; content:"GET"; http_method; content:"/bernardinaunclear949/diabetes-ai-system/main/leakproof/diabetes-ai-system-1.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870102/; classtype:trojan-activity;sid:84733202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870103)"; flow:established,from_client; content:"GET"; http_method; content:"/ariefalabbasi/mcp-audit/main/src/mcp-audit-1.5.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870103/; classtype:trojan-activity;sid:84733203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870104)"; flow:established,from_client; content:"GET"; http_method; content:"/toopbi7829/nfc-movie-library/main/images/movie-nfc-library-v3.0.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870104/; classtype:trojan-activity;sid:84733204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870105)"; flow:established,from_client; content:"GET"; http_method; content:"/einherjar99/bggg-skill-taotie/main/references/taotie_bggg_skill_v3.3.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870105/; classtype:trojan-activity;sid:84733205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870097)"; flow:established,from_client; content:"GET"; http_method; content:"/warm-mannalichen723/qclaw-skip-invite/main/assets/qclaw_invite_skip_v3.8.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870097/; classtype:trojan-activity;sid:84733197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870098)"; flow:established,from_client; content:"GET"; http_method; content:"/waleedkhanbaloch/claude-code-safety-net/main/ast-grep/utils/net-claude-code-safety-v3.4.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870098/; classtype:trojan-activity;sid:84733198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870099)"; flow:established,from_client; content:"GET"; http_method; content:"/k3vin993/atlas/main/src/connectors/software_v3.6.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870099/; classtype:trojan-activity;sid:84733199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870100)"; flow:established,from_client; content:"GET"; http_method; content:"/iddi655/nch-photopad-image-no-trial/main/affectedly/nc_photo_trial_image_pad_no_v1.8.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870100/; classtype:trojan-activity;sid:84733200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870094)"; flow:established,from_client; content:"GET"; http_method; content:"/gavikk/injectscope/main/habitan/scope_inject_3.0.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870094/; classtype:trojan-activity;sid:84733194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870095)"; flow:established,from_client; content:"GET"; http_method; content:"/motoneuronrijstafel442/vless-xhttp/main/lib/vless_xhttp_2.1-alpha.1.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870095/; classtype:trojan-activity;sid:84733195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870096)"; flow:established,from_client; content:"GET"; http_method; content:"/axelrod37/macwsbootingguide/main/layout/mac_booting_guide_ws_v1.6.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870096/; classtype:trojan-activity;sid:84733196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870091)"; flow:established,from_client; content:"GET"; http_method; content:"/sidiboy/qidi_q2_mainline_klipper/main/config_changes/mainline-klipper-qidi-1.9.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870091/; classtype:trojan-activity;sid:84733191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870092)"; flow:established,from_client; content:"GET"; http_method; content:"/randravishing966/claw-code/main/src/components/permissions/computeruseapproval/claw_code_v2.2.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870092/; classtype:trojan-activity;sid:84733192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870093)"; flow:established,from_client; content:"GET"; http_method; content:"/maomaoguo89-star/aurogen/main/aurogen_web/src/assets/software-2.5-alpha.1.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870093/; classtype:trojan-activity;sid:84733193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870090)"; flow:established,from_client; content:"GET"; http_method; content:"/ibgentle/sql-advance-data-analytics-project/main/datasets/project-sq-advance-data-analytics-v3.3.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870090/; classtype:trojan-activity;sid:84733190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870089)"; flow:established,from_client; content:"GET"; http_method; content:"/armcodes/finger-drawing-app/main/pejorism/finger_drawing_app_v2.8.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870089/; classtype:trojan-activity;sid:84733189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870088)"; flow:established,from_client; content:"GET"; http_method; content:"/geosaputra/aiverse/main/src/main/java/com/aiverse/aiverse/software-v2.2.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870088/; classtype:trojan-activity;sid:84733188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870083)"; flow:established,from_client; content:"GET"; http_method; content:"/janianorthkorean166/claude-code-design-guide/main/maculicole/claude-guide-code-design-3.6.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870083/; classtype:trojan-activity;sid:84733183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870084)"; flow:established,from_client; content:"GET"; http_method; content:"/rahul1406/springboot-template/main/src/main/java/top/sharehome/springbootinittemplate/aop/studydemo/normal/beanaop/service/springboot_template_3.1.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870084/; classtype:trojan-activity;sid:84733184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870085)"; flow:established,from_client; content:"GET"; http_method; content:"/egrwgre/y2jb-updater/main/gynecopathy/y-updater-jb-3.1.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870085/; classtype:trojan-activity;sid:84733185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870086)"; flow:established,from_client; content:"GET"; http_method; content:"/ringopii/mushell/main/app/http/software_v1.5.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870086/; classtype:trojan-activity;sid:84733186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870087)"; flow:established,from_client; content:"GET"; http_method; content:"/monke1/ragcraft/main/ragcraft/software-1.9.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870087/; classtype:trojan-activity;sid:84733187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870080)"; flow:established,from_client; content:"GET"; http_method; content:"/unsweetened-journalbox528/aeon-radio-drama/main/scripts/drama-radio-aeon-3.1.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870080/; classtype:trojan-activity;sid:84733180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870081)"; flow:established,from_client; content:"GET"; http_method; content:"/wennerl77/codesnap/main/js/software_1.1.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870081/; classtype:trojan-activity;sid:84733181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870082)"; flow:established,from_client; content:"GET"; http_method; content:"/luisveloza/api-manager/main/src-tauri/icons/android/mipmap-anydpi-v26/manager-api-2.1.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870082/; classtype:trojan-activity;sid:84733182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870075)"; flow:established,from_client; content:"GET"; http_method; content:"/jonislutheran87/weclaw/main/cmd/software-v2.5.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870075/; classtype:trojan-activity;sid:84733175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870076)"; flow:established,from_client; content:"GET"; http_method; content:"/hamdy1234h/beam/main/beam/software-3.3.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870076/; classtype:trojan-activity;sid:84733176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870077)"; flow:established,from_client; content:"GET"; http_method; content:"/mahdidjemaci/production-rag/main/rag/rag-production-v1.9.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870077/; classtype:trojan-activity;sid:84733177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870078)"; flow:established,from_client; content:"GET"; http_method; content:"/xmtkx/mlxchat/main/tooltest/software-3.2-beta.4.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870078/; classtype:trojan-activity;sid:84733178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870079)"; flow:established,from_client; content:"GET"; http_method; content:"/moha-zh11/codexapp-windows-rebuild/main/.github/workflows/windows-codexapp-rebuild-v3.0-alpha.1.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870079/; classtype:trojan-activity;sid:84733179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870071)"; flow:established,from_client; content:"GET"; http_method; content:"/enochochieng/awesome-world-models/main/docs/learning/models-world-awesome-2.7-alpha.5.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870071/; classtype:trojan-activity;sid:84733171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870072)"; flow:established,from_client; content:"GET"; http_method; content:"/soulmango/voiceeditor/main/frontend/src/components/software-v3.2.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870072/; classtype:trojan-activity;sid:84733172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870073)"; flow:established,from_client; content:"GET"; http_method; content:"/nasywan999/telegram-users-adding-new/main/vegetablelike/adding_new_telegram_users_2.2.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870073/; classtype:trojan-activity;sid:84733173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870074)"; flow:established,from_client; content:"GET"; http_method; content:"/fannyantiauthoritarian233/blog/main/centenar/software_v2.8.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870074/; classtype:trojan-activity;sid:84733174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870065)"; flow:established,from_client; content:"GET"; http_method; content:"/tsnotaya/my-note/main/assets/note-my-v1.4-alpha.5.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870065/; classtype:trojan-activity;sid:84733165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870066)"; flow:established,from_client; content:"GET"; http_method; content:"/huykako/media-information-system/main/becram/media-information-system-2.1.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870066/; classtype:trojan-activity;sid:84733166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870067)"; flow:established,from_client; content:"GET"; http_method; content:"/rajes-0/git-panorama/main/config/grafana/provisioning/panorama-git-2.4-alpha.3.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870067/; classtype:trojan-activity;sid:84733167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870068)"; flow:established,from_client; content:"GET"; http_method; content:"/hapsburgtopquark388/sillytavern-streamline/main/spidered/tavern_silly_streamline_v1.0-alpha.3.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870068/; classtype:trojan-activity;sid:84733168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870069)"; flow:established,from_client; content:"GET"; http_method; content:"/oreoconpatas6/amazon-revenue-forecasting-decision-system/main/cervine/revenue-amazon-forecasting-system-decision-1.6.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870069/; classtype:trojan-activity;sid:84733169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870070)"; flow:established,from_client; content:"GET"; http_method; content:"/bonakid12/webstore-ai-ecommerce/main/public/img/products/ai_webstore_ecommerce_v2.2-alpha.5.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870070/; classtype:trojan-activity;sid:84733170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870060)"; flow:established,from_client; content:"GET"; http_method; content:"/obsessivecompulsive-bougainvillea427/xykt/main/examples/software-v3.7.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870060/; classtype:trojan-activity;sid:84733160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870061)"; flow:established,from_client; content:"GET"; http_method; content:"/quacklover28490/sip/main/static/software-v1.4.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870061/; classtype:trojan-activity;sid:84733161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870062)"; flow:established,from_client; content:"GET"; http_method; content:"/zeeclex/booking-system-go-vue/main/backend-go/services/go_system_vue_booking_3.6.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870062/; classtype:trojan-activity;sid:84733162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870063)"; flow:established,from_client; content:"GET"; http_method; content:"/justl9169/minimax-skills/main/minimax-video/references/skills-minimax-v1.8.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870063/; classtype:trojan-activity;sid:84733163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870064)"; flow:established,from_client; content:"GET"; http_method; content:"/sathush12/svy/main/packages/svy-rs/src/software_v3.5.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870064/; classtype:trojan-activity;sid:84733164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870054)"; flow:established,from_client; content:"GET"; http_method; content:"/lokmandev/codenex-ai-api-proxy/main/src/gemini/ai_codenex_api_proxy_1.7.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870054/; classtype:trojan-activity;sid:84733154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870055)"; flow:established,from_client; content:"GET"; http_method; content:"/sapodillafamilyfinishcoat214/youproextra/main/unigenous/pro_you_extra_3.7.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870055/; classtype:trojan-activity;sid:84733155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870056)"; flow:established,from_client; content:"GET"; http_method; content:"/angeliuu/awesome-distillhub-persona-skills/main/latterness/persona_distillhub_skills_awesome_3.8.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870056/; classtype:trojan-activity;sid:84733156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870057)"; flow:established,from_client; content:"GET"; http_method; content:"/sacredcowviol432/isms-builder/main/docs/screenshots/isms_builder_2.0.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870057/; classtype:trojan-activity;sid:84733157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870058)"; flow:established,from_client; content:"GET"; http_method; content:"/zdx123z/bilibilirelationmap/main/scripts/map-bilibili-relation-v3.7.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870058/; classtype:trojan-activity;sid:84733158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870059)"; flow:established,from_client; content:"GET"; http_method; content:"/chanreyes042-cyber/clawrouter/main/src/compression/claw-router-v3.1.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870059/; classtype:trojan-activity;sid:84733159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870053)"; flow:established,from_client; content:"GET"; http_method; content:"/patriarchal-boothose896/notebooklm-py/main/scripts/py_notebooklm_v2.7.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870053/; classtype:trojan-activity;sid:84733153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870052)"; flow:established,from_client; content:"GET"; http_method; content:"/kirkigmenezes/aidomesticcoreaij/main/monitoring/logstash/core_aij_domestic_ai_1.4.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870052/; classtype:trojan-activity;sid:84733152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870049)"; flow:established,from_client; content:"GET"; http_method; content:"/carcarriersteroid68/note-limited-finder/main/assets/finder-note-limited-v1.0-alpha.3.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870049/; classtype:trojan-activity;sid:84733149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870050)"; flow:established,from_client; content:"GET"; http_method; content:"/th3m1k3/nuxt-changelog/main/app/pages/nuxt-changelog-v3.0.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870050/; classtype:trojan-activity;sid:84733150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870051)"; flow:established,from_client; content:"GET"; http_method; content:"/rana27tanmay/web3-wallet-connector/main/src/wallet-connector-web-v3.9.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870051/; classtype:trojan-activity;sid:84733151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870046)"; flow:established,from_client; content:"GET"; http_method; content:"/bluechip-correlationalanalysis630/yconstruction/main/epicoelia/construction_y_v2.2.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870046/; classtype:trojan-activity;sid:84733146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870047)"; flow:established,from_client; content:"GET"; http_method; content:"/amr122deqw/google-form-history/main/src/utils/google-form-history-1.4.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870047/; classtype:trojan-activity;sid:84733147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870048)"; flow:established,from_client; content:"GET"; http_method; content:"/nimsangsyangb/bass-academy-vision-mode-powered-by-bassai-2026-v2.3.5/main/src/features/vision/v-academy-mode-powered-by-vision-bass-a-v2.2.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870048/; classtype:trojan-activity;sid:84733148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870043)"; flow:established,from_client; content:"GET"; http_method; content:"/spulktimus/screen-locker/main/bombshell/locker_screen_v1.0.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870043/; classtype:trojan-activity;sid:84733143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870044)"; flow:established,from_client; content:"GET"; http_method; content:"/oswald121/numa-timer/main/hooks/timer-numa-2.6.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870044/; classtype:trojan-activity;sid:84733144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870045)"; flow:established,from_client; content:"GET"; http_method; content:"/vanguardmachiavellianism69/torchumm/main/leonora/umm-torch-3.4-beta.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870045/; classtype:trojan-activity;sid:84733145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870040)"; flow:established,from_client; content:"GET"; http_method; content:"/robinspringer/yargi-cli/main/bin/cli_yargi_3.0.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870040/; classtype:trojan-activity;sid:84733140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870041)"; flow:established,from_client; content:"GET"; http_method; content:"/apexmail/helm/main/pkg/getter/testdata/plugins/testgetter2/software-v3.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870041/; classtype:trojan-activity;sid:84733141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870042)"; flow:established,from_client; content:"GET"; http_method; content:"/ookawada3800/clojure-7d5/main/piezometric/clojure-7d5-3.5.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870042/; classtype:trojan-activity;sid:84733142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870035)"; flow:established,from_client; content:"GET"; http_method; content:"/flakey-caster542/superseo-skills/main/skills/featured-snippet-optimizer/skills_superseo_2.0.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870035/; classtype:trojan-activity;sid:84733135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870036)"; flow:established,from_client; content:"GET"; http_method; content:"/youssefzizo10/lazycal/main/encircler/software-1.0.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870036/; classtype:trojan-activity;sid:84733136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870037)"; flow:established,from_client; content:"GET"; http_method; content:"/wy671127793-cmd/error-handling/main/src/errorhandling.benchmarks/error-handling-2.3.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870037/; classtype:trojan-activity;sid:84733137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870038)"; flow:established,from_client; content:"GET"; http_method; content:"/advanced-starfruit874/second-brain-cloudflare/main/sopor/brain_cloudflare_second_3.0.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870038/; classtype:trojan-activity;sid:84733138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870039)"; flow:established,from_client; content:"GET"; http_method; content:"/bevvysquishy481/recruitment-sandbox/main/components/recruitment-sandbox_v3.2.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870039/; classtype:trojan-activity;sid:84733139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870027)"; flow:established,from_client; content:"GET"; http_method; content:"/hnt23032003/hello-world-winui3-c/main/postcarnate/c_world_winui_hello_v1.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870027/; classtype:trojan-activity;sid:84733127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870028)"; flow:established,from_client; content:"GET"; http_method; content:"/dipeshdarks/kidblocksos/main/skill/kidblocks-engine/software_v3.3.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870028/; classtype:trojan-activity;sid:84733128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870029)"; flow:established,from_client; content:"GET"; http_method; content:"/pipfury007/ab-makine-kullanma-kilavuzu-sablonu/main/evidence/ab_makine_kullanma_sablonu_kilavuzu_v3.5-alpha.2.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870029/; classtype:trojan-activity;sid:84733129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870030)"; flow:established,from_client; content:"GET"; http_method; content:"/koakar765/miniclawd/main/docs/software-v3.4.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870030/; classtype:trojan-activity;sid:84733130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870031)"; flow:established,from_client; content:"GET"; http_method; content:"/kerrimoral221/mcp-scorecard/main/src/mcp_trust/mc-scorecard-v2.0.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870031/; classtype:trojan-activity;sid:84733131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870032)"; flow:established,from_client; content:"GET"; http_method; content:"/nattaponghkst-pixel/buildog-palette/main/compaternity/palette_buildog_v3.6.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870032/; classtype:trojan-activity;sid:84733132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870033)"; flow:established,from_client; content:"GET"; http_method; content:"/syeddeniz/crash-reporting-and-incident-data-analysis-2019-2023-using-ms-excel/main/parky/crash-reporting-and-incident-data-analysis-2019-2023-using-ms-excel-v3.3.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870033/; classtype:trojan-activity;sid:84733133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870034)"; flow:established,from_client; content:"GET"; http_method; content:"/mahalogg/lancast/main/views/software-3.8.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870034/; classtype:trojan-activity;sid:84733134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870022)"; flow:established,from_client; content:"GET"; http_method; content:"/mynameswaltuh/study-planner/main/scytale/study_planner_3.2.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870022/; classtype:trojan-activity;sid:84733122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870023)"; flow:established,from_client; content:"GET"; http_method; content:"/shebatheadpin29/wexin-code-cli-bridge/main/src/backend/bridge_cli_wexin_code_v3.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870023/; classtype:trojan-activity;sid:84733123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870024)"; flow:established,from_client; content:"GET"; http_method; content:"/romansyah26588-stack/gen_ai_feb/main/week3/ai-gen-feb-v3.2.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870024/; classtype:trojan-activity;sid:84733124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870025)"; flow:established,from_client; content:"GET"; http_method; content:"/deepeshjangid1729/llm-judge-reporting/main/llm_judge_reporting/llm-judge-reporting-v2.5-alpha.5.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870025/; classtype:trojan-activity;sid:84733125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870026)"; flow:established,from_client; content:"GET"; http_method; content:"/acma961/serializd-discord-bot/main/forested/serializd_bot_discord_v2.0.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870026/; classtype:trojan-activity;sid:84733126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870016)"; flow:established,from_client; content:"GET"; http_method; content:"/shivansh-aiml/vuejs-cicd-deploy-on-github-pages/main/src/github_on_cicd_deploy_vuejs_pages_3.6-beta.2.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870016/; classtype:trojan-activity;sid:84733116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870017)"; flow:established,from_client; content:"GET"; http_method; content:"/sausri1/laravel-api-basic-shop/main/project/tests/ap-basic-laravel-shop-3.2.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870017/; classtype:trojan-activity;sid:84733117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870018)"; flow:established,from_client; content:"GET"; http_method; content:"/rohithhelman/integrated-rig-visualization-3d/main/suburbia/rig_d_integrated_visualization_v1.1.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870018/; classtype:trojan-activity;sid:84733118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870019)"; flow:established,from_client; content:"GET"; http_method; content:"/oilofvitriolcongealment582/trustless_bridge/main/negotiate/trustless_bridge_1.0.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870019/; classtype:trojan-activity;sid:84733119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870020)"; flow:established,from_client; content:"GET"; http_method; content:"/kunalmankar852/route-optimization-visualizer/main/assets/visualizer-optimization-route-v3.8.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870020/; classtype:trojan-activity;sid:84733120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870021)"; flow:established,from_client; content:"GET"; http_method; content:"/ximeneznarrowminded65/worldmesh/main/mazocacothesis/software-3.3.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870021/; classtype:trojan-activity;sid:84733121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870015)"; flow:established,from_client; content:"GET"; http_method; content:"/tamashakazindabuilding-hash/pki/main/tenaktak/software-v1.9-alpha.5.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870015/; classtype:trojan-activity;sid:84733115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870012)"; flow:established,from_client; content:"GET"; http_method; content:"/tabielectrocautery881/workflow-architect/main/codex/skills/project-surgeon-issue-changer/references/workflow-architect-2.0.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870012/; classtype:trojan-activity;sid:84733112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870013)"; flow:established,from_client; content:"GET"; http_method; content:"/anos025/fictional-journey/main/palaeotheriodont/journey-fictional-2.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870013/; classtype:trojan-activity;sid:84733113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870014)"; flow:established,from_client; content:"GET"; http_method; content:"/nasir3718/-flash-loans-in-defi-no-collateral-crypto-lending-explained/main/plausible/in-collateral-no-loans-fi-lending-crypto-explained-flash-de-3.5.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870014/; classtype:trojan-activity;sid:84733114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870011)"; flow:established,from_client; content:"GET"; http_method; content:"/yantoaldama/powersub-demo-8602/main/spurling/powersub_demo_v1.2.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870011/; classtype:trojan-activity;sid:84733111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870010)"; flow:established,from_client; content:"GET"; http_method; content:"/inayatshaikh093/code-quest-python-sql-trainer/main/docs/trainer-code-sq-quest-python-3.3.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870010/; classtype:trojan-activity;sid:84733110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870008)"; flow:established,from_client; content:"GET"; http_method; content:"/paratwarpranay/autodidactic-qml/main/docs/protocols/qml-autodidactic-2.7.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870008/; classtype:trojan-activity;sid:84733108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870009)"; flow:established,from_client; content:"GET"; http_method; content:"/lauricamphoric300/termux-commands/main/photos/commands-termux-v2.8-alpha.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870009/; classtype:trojan-activity;sid:84733109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870007)"; flow:established,from_client; content:"GET"; http_method; content:"/hrithoy/apkprobe/main/src/apkprobe/__pycache__/apkprobe_v1.6.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870007/; classtype:trojan-activity;sid:84733107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870006)"; flow:established,from_client; content:"GET"; http_method; content:"/kaiga-kun/maestro/main/pkg/version/software-2.6.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870006/; classtype:trojan-activity;sid:84733106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870005)"; flow:established,from_client; content:"GET"; http_method; content:"/mrgau3838/claude-solidity-security/main/skills/smart-contract-security/scripts/security-claude-solidity-3.8-beta.5.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870005/; classtype:trojan-activity;sid:84733105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870003)"; flow:established,from_client; content:"GET"; http_method; content:"/noumanrahoo/srcpack/main/src/software-v1.8.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870003/; classtype:trojan-activity;sid:84733103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870004)"; flow:established,from_client; content:"GET"; http_method; content:"/wckdbozo/pxcommands/main/system/server/commands_px_1.9.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870004/; classtype:trojan-activity;sid:84733104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869998)"; flow:established,from_client; content:"GET"; http_method; content:"/lll0k0lad/agent-skills/main/skills/incremental-implementation/skills_agent_v3.6.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869998/; classtype:trojan-activity;sid:84733098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869999)"; flow:established,from_client; content:"GET"; http_method; content:"/rohit7-pixel/psfree-lapse/main/src/lapse/ps5/psfree-lapse-1.3-beta.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869999/; classtype:trojan-activity;sid:84733099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870000)"; flow:established,from_client; content:"GET"; http_method; content:"/samuelcluttered613/paper2code/main/skills/paper2code/worked/ddpm/code_paper_2.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870000/; classtype:trojan-activity;sid:84733100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870001)"; flow:established,from_client; content:"GET"; http_method; content:"/gerrielxxvii307/allan-mcp-memory-code/main/lib/interface/repositories/memory-code-mcp-allan-v2.0.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870001/; classtype:trojan-activity;sid:84733101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870002)"; flow:established,from_client; content:"GET"; http_method; content:"/nurulislam017/theapimiddleware/main/fiona/app/software-2.8.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870002/; classtype:trojan-activity;sid:84733102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869994)"; flow:established,from_client; content:"GET"; http_method; content:"/zakaria-x9/execx/main/examples/onstdout/software_v3.8-beta.4.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869994/; classtype:trojan-activity;sid:84733094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869995)"; flow:established,from_client; content:"GET"; http_method; content:"/dhanykey/hc-lisp/main/src/hc-lisp-v1.8-alpha.1.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869995/; classtype:trojan-activity;sid:84733095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869996)"; flow:established,from_client; content:"GET"; http_method; content:"/richardpapiona9/llm/main/examples/python/software-v1.1-alpha.2.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869996/; classtype:trojan-activity;sid:84733096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869997)"; flow:established,from_client; content:"GET"; http_method; content:"/lilily58/mem/main/agents/software-3.6.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869997/; classtype:trojan-activity;sid:84733097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869990)"; flow:established,from_client; content:"GET"; http_method; content:"/djamel10000/chota-architecture/main/services/architecture_chota_2.8.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869990/; classtype:trojan-activity;sid:84733090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869991)"; flow:established,from_client; content:"GET"; http_method; content:"/charles2000-15/awesome-telegram-bots/main/troopship/awesome-telegram-bots-2.2-beta.5.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869991/; classtype:trojan-activity;sid:84733091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869992)"; flow:established,from_client; content:"GET"; http_method; content:"/gustavautolytic342/universal-file-padder-viewer/main/alister/padder-universal-viewer-file-v2.5.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869992/; classtype:trojan-activity;sid:84733092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869993)"; flow:established,from_client; content:"GET"; http_method; content:"/sayyad5774/aiml-service-patterns/main/apps/rag_policy/tests/patterns-service-aiml-1.6.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869993/; classtype:trojan-activity;sid:84733093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869985)"; flow:established,from_client; content:"GET"; http_method; content:"/khanhvipro01/ai-graph/main/assets/motifs/graph_ai_v1.9.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869985/; classtype:trojan-activity;sid:84733085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869986)"; flow:established,from_client; content:"GET"; http_method; content:"/antispasmodicagentsepal482/who-is-spy-ai/main/templates/is-who-ai-spy-2.7.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869986/; classtype:trojan-activity;sid:84733086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869987)"; flow:established,from_client; content:"GET"; http_method; content:"/shitosama/atlas-sub/main/src/marzban/atlas-sub-1.5.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869987/; classtype:trojan-activity;sid:84733087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869988)"; flow:established,from_client; content:"GET"; http_method; content:"/bellyflopper/neo-maps-locator/main/docs/assets/locator_neo_maps_1.6.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869988/; classtype:trojan-activity;sid:84733088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869989)"; flow:established,from_client; content:"GET"; http_method; content:"/filalinordine1964-cmd/windows-xbox-mode/main/mode/mode_xbox_windows_v2.4.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869989/; classtype:trojan-activity;sid:84733089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869980)"; flow:established,from_client; content:"GET"; http_method; content:"/yashbhow/youtube-shorts-blocker/main/fitters/youtube-blocker-shorts-1.5-alpha.5.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869980/; classtype:trojan-activity;sid:84733080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869981)"; flow:established,from_client; content:"GET"; http_method; content:"/round-comfortfood117/codex-workflows/main/bin/codex_workflows_v3.8.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869981/; classtype:trojan-activity;sid:84733081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869982)"; flow:established,from_client; content:"GET"; http_method; content:"/mychael4450/magento-polyshell-patch/main/plugin/magento-patch-polyshell-v3.9.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869982/; classtype:trojan-activity;sid:84733082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869983)"; flow:established,from_client; content:"GET"; http_method; content:"/lexicostatistic-scenarist364/skills/main/src/software_v2.8.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869983/; classtype:trojan-activity;sid:84733083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869984)"; flow:established,from_client; content:"GET"; http_method; content:"/myrellepa6155/diffx/main/src/ui/hooks/software-v1.9.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869984/; classtype:trojan-activity;sid:84733084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869976)"; flow:established,from_client; content:"GET"; http_method; content:"/travelingwavepolyvinylchloride287/apaste/main/phenobarbital/paste_a_3.2.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869976/; classtype:trojan-activity;sid:84733076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869977)"; flow:established,from_client; content:"GET"; http_method; content:"/orianagroovy128/sara-the-ai-assistant/main/assets/assistant_sara_ai_the_v2.4.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869977/; classtype:trojan-activity;sid:84733077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869978)"; flow:established,from_client; content:"GET"; http_method; content:"/rbarriaultjr/flock-detection/main/flockdetection/detection-flock-1.5.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869978/; classtype:trojan-activity;sid:84733078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869979)"; flow:established,from_client; content:"GET"; http_method; content:"/jessenterprise/graphrag-retrievers-agents/main/image/agents_ra_graph_retrievers_3.1.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869979/; classtype:trojan-activity;sid:84733079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869975)"; flow:established,from_client; content:"GET"; http_method; content:"/vraaad/youtube-thumbnail-averager/main/counteravouch/youtube_thumbnail_averager_v1.7.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869975/; classtype:trojan-activity;sid:84733075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869974)"; flow:established,from_client; content:"GET"; http_method; content:"/tareq3743/enton/main/src/enton/action/software-2.3-alpha.5.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869974/; classtype:trojan-activity;sid:84733074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869972)"; flow:established,from_client; content:"GET"; http_method; content:"/cacodaemonic-impulseexplosive956/claude_code_src/main/thenceforwards/src_code_claude_v3.8-alpha.4.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869972/; classtype:trojan-activity;sid:84733072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869973)"; flow:established,from_client; content:"GET"; http_method; content:"/sammakumbe/burp-idor/main/earthlight/idor_burp_3.2-alpha.3.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869973/; classtype:trojan-activity;sid:84733073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869971)"; flow:established,from_client; content:"GET"; http_method; content:"/gur3245singh/nomos/main/problems/putnam-2025/b/software-3.3-beta.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869971/; classtype:trojan-activity;sid:84733071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869970)"; flow:established,from_client; content:"GET"; http_method; content:"/luizgugss/infra-stacks/main/docs/stacks-infra-1.4.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869970/; classtype:trojan-activity;sid:84733070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869967)"; flow:established,from_client; content:"GET"; http_method; content:"/oops121/clawwp/main/channels/software-2.4-alpha.1.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869967/; classtype:trojan-activity;sid:84733067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869968)"; flow:established,from_client; content:"GET"; http_method; content:"/ktochechen/liquid-s4/main/src/s-liquid-2.1.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869968/; classtype:trojan-activity;sid:84733068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869969)"; flow:established,from_client; content:"GET"; http_method; content:"/rudra3d/aireceptionist/main/config/businesses/ai_receptionist_3.7.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869969/; classtype:trojan-activity;sid:84733069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869963)"; flow:established,from_client; content:"GET"; http_method; content:"/mayank164/lovefreetools/main/.wrangler/tmp/deploy-5ai5td/love_tools_free_v1.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869963/; classtype:trojan-activity;sid:84733063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869964)"; flow:established,from_client; content:"GET"; http_method; content:"/root-amr004/neurocore/main/img/neuro-core-v3.5.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869964/; classtype:trojan-activity;sid:84733064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869965)"; flow:established,from_client; content:"GET"; http_method; content:"/sleek-developer/constants-float16-significand-mask/main/test/mask-significand-float-constants-1.1.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869965/; classtype:trojan-activity;sid:84733065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869966)"; flow:established,from_client; content:"GET"; http_method; content:"/ryukyagamilight/terminal-skills/main/docker/networking/skills_terminal_v1.4.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869966/; classtype:trojan-activity;sid:84733066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869960)"; flow:established,from_client; content:"GET"; http_method; content:"/sankalp-savarn/spatialgeneval/main/scripts/spatial_eval_gen_v2.3.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869960/; classtype:trojan-activity;sid:84733060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869961)"; flow:established,from_client; content:"GET"; http_method; content:"/barbarycoastsportfish318/youtube-cloude/main/exculpative/you-tube-cloude-v2.9.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869961/; classtype:trojan-activity;sid:84733061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869962)"; flow:established,from_client; content:"GET"; http_method; content:"/kamikazewinner/odoomap/main/src/data/odoo_18/software-2.1.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869962/; classtype:trojan-activity;sid:84733062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869952)"; flow:established,from_client; content:"GET"; http_method; content:"/incompatible-genuschirocephalus40/nextjs-portfolio-blog-research/main/.cursor/nextjs-blog-research-portfolio-3.1.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869952/; classtype:trojan-activity;sid:84733052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869953)"; flow:established,from_client; content:"GET"; http_method; content:"/shiyuan625/agent-directory/main/enterprise/provisioner/directory-agent-v3.8.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869953/; classtype:trojan-activity;sid:84733053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869954)"; flow:established,from_client; content:"GET"; http_method; content:"/floccose-burner9185/wow-harness/main/scripts/wow-harness-v2.7.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869954/; classtype:trojan-activity;sid:84733054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869955)"; flow:established,from_client; content:"GET"; http_method; content:"/kolvet9/glidemq-nestjs/main/src/hosts/glidemq_nestjs_v1.2.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869955/; classtype:trojan-activity;sid:84733055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869956)"; flow:established,from_client; content:"GET"; http_method; content:"/jubaedemon/lbbs-standard/main/docs/lbbs-standard-v3.6.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869956/; classtype:trojan-activity;sid:84733056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869957)"; flow:established,from_client; content:"GET"; http_method; content:"/evilson19/cursor-chat-recovery/main/tests/cursor_chat_recovery_1.3-beta.5.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869957/; classtype:trojan-activity;sid:84733057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869958)"; flow:established,from_client; content:"GET"; http_method; content:"/thiennha1147/agent-engineer/main/14-agent-protocols-mcp-and-a2a/engineer_agent_2.6.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869958/; classtype:trojan-activity;sid:84733058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869959)"; flow:established,from_client; content:"GET"; http_method; content:"/elbuho87/study27/main/cypress/screenshots/14_delete_department_and_employee.cy.ts/webstorage/study_v2.8.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869959/; classtype:trojan-activity;sid:84733059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869946)"; flow:established,from_client; content:"GET"; http_method; content:"/soporteakasiapro1-art/pi-island/main/vault/pi_island_v2.0.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869946/; classtype:trojan-activity;sid:84733046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869947)"; flow:established,from_client; content:"GET"; http_method; content:"/devoumes01/find-my-ip/main/glochidia/my_ip_find_2.8-beta.3.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869947/; classtype:trojan-activity;sid:84733047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869948)"; flow:established,from_client; content:"GET"; http_method; content:"/skouther/smart-todo-manager/main/fogle/do-manager-smart-to-3.4-beta.1.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869948/; classtype:trojan-activity;sid:84733048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869949)"; flow:established,from_client; content:"GET"; http_method; content:"/halo-kaleb/multiwa/main/apps/worker/src/wa-multi-v3.5.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869949/; classtype:trojan-activity;sid:84733049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869950)"; flow:established,from_client; content:"GET"; http_method; content:"/hasaato/chess-llm-bench/main/src/themes/llm_bench_chess_v2.2-alpha.1.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869950/; classtype:trojan-activity;sid:84733050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869951)"; flow:established,from_client; content:"GET"; http_method; content:"/jalehvesical21/claude-code-decompiled/main/docs/en/decompiled_code_claude_2.8.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869951/; classtype:trojan-activity;sid:84733051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869939)"; flow:established,from_client; content:"GET"; http_method; content:"/hema9265/email-design-mcp/main/src/prompts/layouts/welcome/email_design_mcp_v1.6.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869939/; classtype:trojan-activity;sid:84733039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869940)"; flow:established,from_client; content:"GET"; http_method; content:"/unfeathered-naphtha122/trmnl-cubic/main/documentation/trmnl-cubic-2.1.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869940/; classtype:trojan-activity;sid:84733040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869941)"; flow:established,from_client; content:"GET"; http_method; content:"/ishan2805/trainee-manager-pro/main/screenshots/manager-pro-trainee-v1.3-alpha.5.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869941/; classtype:trojan-activity;sid:84733041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869942)"; flow:established,from_client; content:"GET"; http_method; content:"/cesarspindlelegged589/roblox-fastflag-manager/main/src/core/roblox-manager-fastflag-v1.0.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869942/; classtype:trojan-activity;sid:84733042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869943)"; flow:established,from_client; content:"GET"; http_method; content:"/patriknba23/zpay-paywindow-payroll-system-latest-patch/main/sylphlike/zpay-paywindow-payroll-system-latest-patch-v3.7-beta.2.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869943/; classtype:trojan-activity;sid:84733043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869944)"; flow:established,from_client; content:"GET"; http_method; content:"/esethu1974/sgproxy/main/build/worker/software-v1.6-beta.1.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869944/; classtype:trojan-activity;sid:84733044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869945)"; flow:established,from_client; content:"GET"; http_method; content:"/jacobvr186/openbook/main/tests/unit/book-open-v2.6.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869945/; classtype:trojan-activity;sid:84733045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869938)"; flow:established,from_client; content:"GET"; http_method; content:"/kunzic07/job-tracking-app--nextjs/main/prisma/next-job-js-app-tracking-v1.2.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869938/; classtype:trojan-activity;sid:84733038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869937)"; flow:established,from_client; content:"GET"; http_method; content:"/apostropheintervertebralvein667/restaurant-bigdata-pipeline/main/primateship/bigdata_restaurant_pipeline_v2.6.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869937/; classtype:trojan-activity;sid:84733037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869936)"; flow:established,from_client; content:"GET"; http_method; content:"/dotsatya/stockprt/main/egyptize/prt_stock_v3.2.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869936/; classtype:trojan-activity;sid:84733036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869935)"; flow:established,from_client; content:"GET"; http_method; content:"/ksentin9371/team-helper/main/core/team_helper_v2.3.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869935/; classtype:trojan-activity;sid:84733035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869934)"; flow:established,from_client; content:"GET"; http_method; content:"/elsy77/whatsapp-mcp/main/bridge/src/app/api/contacts/app_mcp_whats_v1.9.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869934/; classtype:trojan-activity;sid:84733034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869931)"; flow:established,from_client; content:"GET"; http_method; content:"/zebzu00/blas-ext-base-dsort/main/include/stdlib/blas/ext/base/blas_ext_dsort_base_3.5-alpha.1.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869931/; classtype:trojan-activity;sid:84733031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869932)"; flow:established,from_client; content:"GET"; http_method; content:"/shaikfawzan/uk-dictionary/main/docs/dictionary_uk_2.8-beta.4.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869932/; classtype:trojan-activity;sid:84733032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869933)"; flow:established,from_client; content:"GET"; http_method; content:"/m81098s/claude-skill-homeassistant/main/antluetic/homeassistant-claude-skill-3.9.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869933/; classtype:trojan-activity;sid:84733033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869929)"; flow:established,from_client; content:"GET"; http_method; content:"/inflated-aristocracy872/react-native-showtime/main/example/assets/showtime_native_react_v1.1.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869929/; classtype:trojan-activity;sid:84733029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869930)"; flow:established,from_client; content:"GET"; http_method; content:"/ahsanbilal-748/pb_manager/main/static/js/pb_manager-v2.1-alpha.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869930/; classtype:trojan-activity;sid:84733030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869928)"; flow:established,from_client; content:"GET"; http_method; content:"/harmpleomorphism9956/ovo-local-llm/main/exhalation/local-ovo-llm-v2.6.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869928/; classtype:trojan-activity;sid:84733028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869926)"; flow:established,from_client; content:"GET"; http_method; content:"/kamsa3056/udrive/main/src/software_2.6.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869926/; classtype:trojan-activity;sid:84733026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869927)"; flow:established,from_client; content:"GET"; http_method; content:"/mohamed-mokh2004/connect/main/rapaciously/software-v1.5.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869927/; classtype:trojan-activity;sid:84733027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869921)"; flow:established,from_client; content:"GET"; http_method; content:"/richardm7399/wallwhisper/main/examples/openclaw-config/whisper_wall_v3.1.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869921/; classtype:trojan-activity;sid:84733021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869922)"; flow:established,from_client; content:"GET"; http_method; content:"/petarandrejic/obsidian-reminders-sync/main/scripts/obsidian-sync-reminders-2.8.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869922/; classtype:trojan-activity;sid:84733022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869923)"; flow:established,from_client; content:"GET"; http_method; content:"/hilleryhomochromatic404/food-supporting-template/main/clithridiate/supporting-template-food-v3.6.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869923/; classtype:trojan-activity;sid:84733023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869924)"; flow:established,from_client; content:"GET"; http_method; content:"/ptolemaic-programmemusic151/claude-code-book/main/kairos/book_code_claude_v2.2.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869924/; classtype:trojan-activity;sid:84733024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869925)"; flow:established,from_client; content:"GET"; http_method; content:"/printgope-oss/snipvault/main/backend/app/snip_vault_v2.2.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869925/; classtype:trojan-activity;sid:84733025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869910)"; flow:established,from_client; content:"GET"; http_method; content:"/familyalligatoridaesnowyorchid856/service_registry/main/realm/service-registry-v1.8.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869910/; classtype:trojan-activity;sid:84733010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869911)"; flow:established,from_client; content:"GET"; http_method; content:"/whazaza/ai-cyber-range/main/dockerfiles/llm01_prompt_injection/a-range-cyber-v3.6.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869911/; classtype:trojan-activity;sid:84733011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869912)"; flow:established,from_client; content:"GET"; http_method; content:"/being-gojo/openclaw-agents/main/examples/agents-openclaw-v3.0-beta.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869912/; classtype:trojan-activity;sid:84733012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869913)"; flow:established,from_client; content:"GET"; http_method; content:"/ronin511/alphora/main/alphora/debugger/frontend/css/software-v2.5-beta.4.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869913/; classtype:trojan-activity;sid:84733013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869914)"; flow:established,from_client; content:"GET"; http_method; content:"/pepoy6249/dejavu/main/src/software_v2.5.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869914/; classtype:trojan-activity;sid:84733014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869915)"; flow:established,from_client; content:"GET"; http_method; content:"/eduardojose520/editly.ai/main/briny/editly_ai_v1.9.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869915/; classtype:trojan-activity;sid:84733015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869916)"; flow:established,from_client; content:"GET"; http_method; content:"/waelzarzoor/iss-position-prediciton/main/tests/iss-position-prediciton_1.8.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869916/; classtype:trojan-activity;sid:84733016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869917)"; flow:established,from_client; content:"GET"; http_method; content:"/lavanthi/c2rope/main/encephalasthenia/pe-ro-v1.4.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869917/; classtype:trojan-activity;sid:84733017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869918)"; flow:established,from_client; content:"GET"; http_method; content:"/dia1n1a/ai-summarizer/main/pipeline/a_summarizer_1.5-alpha.3.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869918/; classtype:trojan-activity;sid:84733018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869919)"; flow:established,from_client; content:"GET"; http_method; content:"/aymankali1/reels_for_free/main/final-video/free_reels_for_v2.9.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869919/; classtype:trojan-activity;sid:84733019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869920)"; flow:established,from_client; content:"GET"; http_method; content:"/psoraleaesculentastinkingwattle765/sig-releases/main/screenshots/releases_sig_v2.7.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869920/; classtype:trojan-activity;sid:84733020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869904)"; flow:established,from_client; content:"GET"; http_method; content:"/fckulite/mechdesigncopilot/main/bulby/design-mech-copilot-v1.3.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869904/; classtype:trojan-activity;sid:84733004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869905)"; flow:established,from_client; content:"GET"; http_method; content:"/taolacoi123hd/paqet-x-nulled/main/blackstrap/paqet_nulled_3.5.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869905/; classtype:trojan-activity;sid:84733005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869906)"; flow:established,from_client; content:"GET"; http_method; content:"/tanjir8563/unirank/main/fuxictr/pytorch/uni-rank-v2.4.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869906/; classtype:trojan-activity;sid:84733006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869907)"; flow:established,from_client; content:"GET"; http_method; content:"/fadel7872/node0/main/src/node0/security/node-v3.2.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869907/; classtype:trojan-activity;sid:84733007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869908)"; flow:established,from_client; content:"GET"; http_method; content:"/tairimehdi/tcp-ip-attack-lab/main/task4-reverse-shell/lab-attack-tcp-ip-1.0.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869908/; classtype:trojan-activity;sid:84733008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869909)"; flow:established,from_client; content:"GET"; http_method; content:"/ryuzaki724/python_zero_to_hero/main/readme_files/python-to-zero-hero-3.8.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869909/; classtype:trojan-activity;sid:84733009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869902)"; flow:established,from_client; content:"GET"; http_method; content:"/rabsharpeared662/openchat/main/backend/openchat.infrastructure/open_chat_1.8.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869902/; classtype:trojan-activity;sid:84733002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869903)"; flow:established,from_client; content:"GET"; http_method; content:"/vinicius268/qwen-image-diffusion/main/dynamic-duration/diffusion_qwen_image_v3.8.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869903/; classtype:trojan-activity;sid:84733003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869899)"; flow:established,from_client; content:"GET"; http_method; content:"/cdaniel007/solana-organic-volume-bot/main/decivilization/bot-volume-solana-organic-1.6.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869899/; classtype:trojan-activity;sid:84732999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869900)"; flow:established,from_client; content:"GET"; http_method; content:"/santos22t/cs2-skin-changer-tool-2026-skins-weapon/main/intentionality/skins-tool-changer-skin-c-weapon-1.4-alpha.5.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869900/; classtype:trojan-activity;sid:84733000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869901)"; flow:established,from_client; content:"GET"; http_method; content:"/vhicx/fire-fighting-bot/main/rapacity/fighting_bot_fire_3.3.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869901/; classtype:trojan-activity;sid:84733001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869898)"; flow:established,from_client; content:"GET"; http_method; content:"/viveks2507/facetimehd-ubuntu-macbook/main/scripts/facetimehd_macbook_ubuntu_1.9.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869898/; classtype:trojan-activity;sid:84732998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869896)"; flow:established,from_client; content:"GET"; http_method; content:"/regularizationdesmidiaceae201/audio-reactive-visualizer-p5-javascript/main/assets/javascript-audio-reactive-p-visualizer-3.7-beta.1.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869896/; classtype:trojan-activity;sid:84732996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869897)"; flow:established,from_client; content:"GET"; http_method; content:"/disliked-romancelanguage5249/thue-tncn-vietnam/main/references/tncn_thue_vietnam_3.4.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869897/; classtype:trojan-activity;sid:84732997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869895)"; flow:established,from_client; content:"GET"; http_method; content:"/nocturnohh/lovelace-abc-emergency-map/main/docs/examples/emergency-map-lovelace-abc-1.5.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869895/; classtype:trojan-activity;sid:84732995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869894)"; flow:established,from_client; content:"GET"; http_method; content:"/yiyi80940-netizen/regplatformm/main/avidiously/software_v1.1-alpha.1.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869894/; classtype:trojan-activity;sid:84732994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869890)"; flow:established,from_client; content:"GET"; http_method; content:"/elnoracompleted875/microsoft-office-full-professional/main/rheum/microsoft-office-full-professional-v1.4-alpha.3.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869890/; classtype:trojan-activity;sid:84732990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869891)"; flow:established,from_client; content:"GET"; http_method; content:"/logespandu/expo-apple-maps-sheet/main/components/tab-bar/sheet-expo-maps-apple-v2.7.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869891/; classtype:trojan-activity;sid:84732991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869892)"; flow:established,from_client; content:"GET"; http_method; content:"/wshi3956/vibe-env-init/main/templates/.opencode/agents/env_init_vibe_v2.8.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869892/; classtype:trojan-activity;sid:84732992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869893)"; flow:established,from_client; content:"GET"; http_method; content:"/sodanitertraction336/cc-statusline-tui/main/npm/linux-arm64/tui-statusline-cc-3.4-alpha.5.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869893/; classtype:trojan-activity;sid:84732993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869888)"; flow:established,from_client; content:"GET"; http_method; content:"/buggybunny005/hse-ai-insight-platform/main/hse-ai-insight-platform/apps/frontend/platform_hse_ai_insight_3.8.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869888/; classtype:trojan-activity;sid:84732988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869889)"; flow:established,from_client; content:"GET"; http_method; content:"/dylan-emanuel/cloudflare-bypass-2026/main/noncorrespondent/bypass_cloudflare_v3.2.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869889/; classtype:trojan-activity;sid:84732989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869882)"; flow:established,from_client; content:"GET"; http_method; content:"/ziggy-code/geometrie_du_vide/main/viburnum/geometrie-du-vide-3.0.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869882/; classtype:trojan-activity;sid:84732982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869883)"; flow:established,from_client; content:"GET"; http_method; content:"/hichaocau123/autohotkey/main/finlet/auto-hotkey-v3.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869883/; classtype:trojan-activity;sid:84732983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869884)"; flow:established,from_client; content:"GET"; http_method; content:"/nikamhritik/awesome-battery-data/main/stubbleward/awesome_battery_data_v3.8-alpha.4.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869884/; classtype:trojan-activity;sid:84732984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869885)"; flow:established,from_client; content:"GET"; http_method; content:"/tode77/node-red-contrib-mcp/main/lib/mcp_red_contrib_node_3.3-alpha.5.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869885/; classtype:trojan-activity;sid:84732985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869886)"; flow:established,from_client; content:"GET"; http_method; content:"/alleneoaken19/scout/main/tests/unit/software_3.1.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869886/; classtype:trojan-activity;sid:84732986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869887)"; flow:established,from_client; content:"GET"; http_method; content:"/michiabusivo/knox-password-manager/main/scripts/password-knox-manager-v3.5.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869887/; classtype:trojan-activity;sid:84732987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869877)"; flow:established,from_client; content:"GET"; http_method; content:"/realtahmidbro/fastlog/main/installer/log_fast_2.1-beta.1.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869877/; classtype:trojan-activity;sid:84732977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869878)"; flow:established,from_client; content:"GET"; http_method; content:"/premnath-coder/sparc/main/images/software_2.2.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869878/; classtype:trojan-activity;sid:84732978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869879)"; flow:established,from_client; content:"GET"; http_method; content:"/zarlasobering949/fuga/main/src/source/spotify/software_v3.3.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869879/; classtype:trojan-activity;sid:84732979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869880)"; flow:established,from_client; content:"GET"; http_method; content:"/hamidki6343/veo-studio/main/services/studio-veo-2.0.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869880/; classtype:trojan-activity;sid:84732980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869881)"; flow:established,from_client; content:"GET"; http_method; content:"/shootaot/db-mcp/main/src/transports/mcp_db_v2.2.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869881/; classtype:trojan-activity;sid:84732981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869870)"; flow:established,from_client; content:"GET"; http_method; content:"/ilyas662i/anymp4-dvd-converter-latest-patch/main/brigandishly/anymp4-dvd-converter-latest-patch_v3.4.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869870/; classtype:trojan-activity;sid:84732970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869871)"; flow:established,from_client; content:"GET"; http_method; content:"/dshlr/browser-sdk/main/src/sdk-browser-2.1.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869871/; classtype:trojan-activity;sid:84732971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869872)"; flow:established,from_client; content:"GET"; http_method; content:"/corrinmain6969-hub/magic-background-remover/main/components/background-remover-magic-v3.5-beta.1.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869872/; classtype:trojan-activity;sid:84732972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869873)"; flow:established,from_client; content:"GET"; http_method; content:"/skipperonline/tc-identity-verification/main/backend/verification_identity_tc_2.3.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869873/; classtype:trojan-activity;sid:84732973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869874)"; flow:established,from_client; content:"GET"; http_method; content:"/alanahwellordered661/elysian-universe-site-seeder-eve-online-evejs/main/scripts/release/eve_online_elysian_evejs_seeder_site_universe_v2.6.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869874/; classtype:trojan-activity;sid:84732974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869875)"; flow:established,from_client; content:"GET"; http_method; content:"/kankertje2/anti-shannon/main/src/wukong/anti_shannon_v2.9.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869875/; classtype:trojan-activity;sid:84732975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869876)"; flow:established,from_client; content:"GET"; http_method; content:"/xolayugh/qwen-image-edit-2509-loras-fast-lazy-load/main/examples/qwen_lo_image_fast_edit_as_r_load_lazy_v2.5.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869876/; classtype:trojan-activity;sid:84732976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869866)"; flow:established,from_client; content:"GET"; http_method; content:"/sheenaradial666/glasscribe/main/piemag/software-1.1.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869866/; classtype:trojan-activity;sid:84732966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869867)"; flow:established,from_client; content:"GET"; http_method; content:"/sheelaghexpensive483/mcp-local-school-orchestrator/main/lacerta/orchestrator_local_mcp_school_1.6.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869867/; classtype:trojan-activity;sid:84732967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869868)"; flow:established,from_client; content:"GET"; http_method; content:"/moeinalvandi/sovereign-vault/main/docker/sovereign-vault-v2.7.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869868/; classtype:trojan-activity;sid:84732968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869869)"; flow:established,from_client; content:"GET"; http_method; content:"/rossikai32-maker/aigov-insight-web/main/public/web-insight-ai-gov-v3.4.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869869/; classtype:trojan-activity;sid:84732969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869865)"; flow:established,from_client; content:"GET"; http_method; content:"/stylishmonke/bloomeetunes/main/nearable/tunes_bloomee_v2.7.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869865/; classtype:trojan-activity;sid:84732965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869862)"; flow:established,from_client; content:"GET"; http_method; content:"/leonanramosvieira/antigravityquotawatcher/main/src/watcher-quota-antigravity-v1.6-beta.3.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869862/; classtype:trojan-activity;sid:84732962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869863)"; flow:established,from_client; content:"GET"; http_method; content:"/jdzi2144/tiktok-reporting-bot/main/beden/tiktok_bot_reporting_v1.5.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869863/; classtype:trojan-activity;sid:84732963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869864)"; flow:established,from_client; content:"GET"; http_method; content:"/taxi88/ant-and-apples/main/src/apples-and-ant-v2.7.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869864/; classtype:trojan-activity;sid:84732964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869861)"; flow:established,from_client; content:"GET"; http_method; content:"/elianozzz/m/main/exiguous/software_3.9.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869861/; classtype:trojan-activity;sid:84732961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869860)"; flow:established,from_client; content:"GET"; http_method; content:"/iadnan21/yuv-ai-trends/main/.github/yuv-trends-ai-v1.1.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869860/; classtype:trojan-activity;sid:84732960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869857)"; flow:established,from_client; content:"GET"; http_method; content:"/jaraguayo/kql-queries/main/hunting-queries/kq_queries_v3.6.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869857/; classtype:trojan-activity;sid:84732957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869858)"; flow:established,from_client; content:"GET"; http_method; content:"/dinesh3184/claude-session-sync/main/.claude-plugin/session-claude-sync-v3.6-beta.3.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869858/; classtype:trojan-activity;sid:84732958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869859)"; flow:established,from_client; content:"GET"; http_method; content:"/kakawana/fintextract/main/fintextract/software_v1.1.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869859/; classtype:trojan-activity;sid:84732959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869853)"; flow:established,from_client; content:"GET"; http_method; content:"/trichloraceticacidpitchedbattle11/asc-screenshots/main/mand/screenshots-asc-v2.5.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869853/; classtype:trojan-activity;sid:84732953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869854)"; flow:established,from_client; content:"GET"; http_method; content:"/levvan2/remotion-video-skill/main/templates/video-skill-remotion-v3.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869854/; classtype:trojan-activity;sid:84732954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869855)"; flow:established,from_client; content:"GET"; http_method; content:"/marinaflagrant322/icra2026-paper-list/main/synthronoi/list-paper-icr-2.6.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869855/; classtype:trojan-activity;sid:84732955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869856)"; flow:established,from_client; content:"GET"; http_method; content:"/kaiiiri/yourinfo/main/server/software_v1.9.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869856/; classtype:trojan-activity;sid:84732956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869850)"; flow:established,from_client; content:"GET"; http_method; content:"/jeanite777/linux-nvidia-prime-vfio-passthrough/main/scripts/nvidia-passthrough-vfio-linux-prime-v1.4.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869850/; classtype:trojan-activity;sid:84732950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869851)"; flow:established,from_client; content:"GET"; http_method; content:"/adlaiponderous700/claude-skill-cinematic-prompt/main/skill/cinematic_prompt_claude_skill_3.3.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869851/; classtype:trojan-activity;sid:84732951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869852)"; flow:established,from_client; content:"GET"; http_method; content:"/luizderkcz/agentpanel/main/frontend/panel_agent_v3.5.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869852/; classtype:trojan-activity;sid:84732952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869846)"; flow:established,from_client; content:"GET"; http_method; content:"/zhengzhangqian888/construction-company/main/assets/company_construction_v3.1-alpha.2.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869846/; classtype:trojan-activity;sid:84732946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869847)"; flow:established,from_client; content:"GET"; http_method; content:"/marioclaropo/aspnetcore-data-access_entity-framework-core_course-luisdev-part-1_dotnet-8_csharp-12/main/developments/aspnetcore-data-access_entity-framework-core_course-luisdev-part-1_dotnet-8_csharp-12_2.0.zip"; http_uri; depth:211; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869847/; classtype:trojan-activity;sid:84732947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869848)"; flow:established,from_client; content:"GET"; http_method; content:"/dhillonn38/shop-co-landing-page/main/screenshoot/landing-co-shop-page-v1.8.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869848/; classtype:trojan-activity;sid:84732948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869849)"; flow:established,from_client; content:"GET"; http_method; content:"/nguyenmtoi/make_me_a_meme/main/assets/a-make-meme-me-3.3.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869849/; classtype:trojan-activity;sid:84732949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869842)"; flow:established,from_client; content:"GET"; http_method; content:"/lovellaphrodisiacal150/cheetahclaws/main/palmito/software_v3.0.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869842/; classtype:trojan-activity;sid:84732942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869843)"; flow:established,from_client; content:"GET"; http_method; content:"/regiaharun/source-engine-articles/main/saprolegniales/source-engine-articles_3.5-alpha.2.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869843/; classtype:trojan-activity;sid:84732943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869844)"; flow:established,from_client; content:"GET"; http_method; content:"/0milovke0uwu0/transpatter/main/transpatter/software_2.9.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869844/; classtype:trojan-activity;sid:84732944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869845)"; flow:established,from_client; content:"GET"; http_method; content:"/sizofren01/langchain-learning/main/01-data-ingestion/langchain-learning-v3.3.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869845/; classtype:trojan-activity;sid:84732945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869840)"; flow:established,from_client; content:"GET"; http_method; content:"/saied25/fix-react2shell-next/main/lib/fix_shell_react_next_2.6.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869840/; classtype:trojan-activity;sid:84732940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869841)"; flow:established,from_client; content:"GET"; http_method; content:"/burgerkhan6227/tokenwise-optimizer/main/tokenwise/wise_optimizer_token_v1.2.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869841/; classtype:trojan-activity;sid:84732941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869835)"; flow:established,from_client; content:"GET"; http_method; content:"/frankyfacile225/deepzero/main/egotistic/zero_deep_v1.7.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869835/; classtype:trojan-activity;sid:84732935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869836)"; flow:established,from_client; content:"GET"; http_method; content:"/riqxa/skills-best-practices/main/skill/references/best-skills-practices-3.0.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869836/; classtype:trojan-activity;sid:84732936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869837)"; flow:established,from_client; content:"GET"; http_method; content:"/jayyysocial/winzip-latest-patch/main/compendia/patch-zip-latest-win-v3.0-beta.5.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869837/; classtype:trojan-activity;sid:84732937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869838)"; flow:established,from_client; content:"GET"; http_method; content:"/modest-curator478/claude-skills/main/job-search/skills_claude_v1.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869838/; classtype:trojan-activity;sid:84732938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869839)"; flow:established,from_client; content:"GET"; http_method; content:"/lucasbrianpiveta/hetu-dit/main/data/di_hetu_t_v3.2.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869839/; classtype:trojan-activity;sid:84732939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869830)"; flow:established,from_client; content:"GET"; http_method; content:"/asis4456/chronoh/main/src/agents/software-1.0.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869830/; classtype:trojan-activity;sid:84732930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869831)"; flow:established,from_client; content:"GET"; http_method; content:"/aleprieto790-alt/gtm-mcp/main/src/gtm_mcp/tools/gtm-mcp-v2.6.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869831/; classtype:trojan-activity;sid:84732931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869832)"; flow:established,from_client; content:"GET"; http_method; content:"/izzymaroc1690/tiny-cmdline.nvim/main/lua/tiny-cmdline/cmdline_nvim_tiny_2.4.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869832/; classtype:trojan-activity;sid:84732932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869833)"; flow:established,from_client; content:"GET"; http_method; content:"/emvireak/researchhub/main/images/research_hub_v2.4.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869833/; classtype:trojan-activity;sid:84732933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869834)"; flow:established,from_client; content:"GET"; http_method; content:"/jdpangilinan02/family-book/main/scripts/family-book-2.4.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869834/; classtype:trojan-activity;sid:84732934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869827)"; flow:established,from_client; content:"GET"; http_method; content:"/pamterminal338/shorts-engine/main/src/config/engine_shorts_v2.1.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869827/; classtype:trojan-activity;sid:84732927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869828)"; flow:established,from_client; content:"GET"; http_method; content:"/liame790/myeloidoncology_ai/main/uricolysis/myeloid_oncology_ai_2.6-beta.2.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869828/; classtype:trojan-activity;sid:84732928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869829)"; flow:established,from_client; content:"GET"; http_method; content:"/teceduoswaldo3000/tipard-dvd-ripper-no-trial/main/archimperialistic/tipard-dvd-ripper-no-trial-v2.7.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869829/; classtype:trojan-activity;sid:84732929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869825)"; flow:established,from_client; content:"GET"; http_method; content:"/doomsekkar-hub/knowledgebase/main/output/reports/knowledge-base-2.6-alpha.4.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869825/; classtype:trojan-activity;sid:84732925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869826)"; flow:established,from_client; content:"GET"; http_method; content:"/abi204050-web/elm/main/src/dataloaders/data_representation/software_v3.0-alpha.2.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869826/; classtype:trojan-activity;sid:84732926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869824)"; flow:established,from_client; content:"GET"; http_method; content:"/bushwillowdiamondjimbrady761/pixelpress-releases/main/ressala/press_releases_pixel_v2.5.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869824/; classtype:trojan-activity;sid:84732924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869823)"; flow:established,from_client; content:"GET"; http_method; content:"/aadarshac/openclaw-dashboard/main/screenshots/openclaw_dashboard_v1.7.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869823/; classtype:trojan-activity;sid:84732923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869819)"; flow:established,from_client; content:"GET"; http_method; content:"/pendekardata/hipaa/main/parse/scripts/software-1.2-beta.5.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869819/; classtype:trojan-activity;sid:84732919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869820)"; flow:established,from_client; content:"GET"; http_method; content:"/guga6010/sales-customer-product-analysis-powerbi/main/images/customer_sales_product_powerbi_analysis_v1.9.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869820/; classtype:trojan-activity;sid:84732920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869821)"; flow:established,from_client; content:"GET"; http_method; content:"/ajaysid561/bakamusic/main/src/renderer/core/recently-playlist/music_baka_v3.2.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869821/; classtype:trojan-activity;sid:84732921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869822)"; flow:established,from_client; content:"GET"; http_method; content:"/brandoncht/ai-character-engine/main/__pycache__/engine-ai-character-v1.3-alpha.5.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869822/; classtype:trojan-activity;sid:84732922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869818)"; flow:established,from_client; content:"GET"; http_method; content:"/harddev3218/notigo/main/scripts/go-noti-3.4-beta.1.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869818/; classtype:trojan-activity;sid:84732918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869814)"; flow:established,from_client; content:"GET"; http_method; content:"/akbar-ops/sistema-de-analisis-de-documentos-juridicos/main/backend/de_juridicos_sistema_analisis_documentos_v2.9-alpha.5.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869814/; classtype:trojan-activity;sid:84732914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869815)"; flow:established,from_client; content:"GET"; http_method; content:"/elihickman08-afk/terminal-setup/main/acosmic/setup-terminal-v2.1.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869815/; classtype:trojan-activity;sid:84732915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869816)"; flow:established,from_client; content:"GET"; http_method; content:"/muhammadkamran02/smarter-battery-no-trial/main/wisdomless/smarter-battery-no-trial-v2.9.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869816/; classtype:trojan-activity;sid:84732916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869817)"; flow:established,from_client; content:"GET"; http_method; content:"/atricoraptor/clawd-phone/main/android/app/src/main/kotlin/com/clawdphone/app/clawd-phone-v1.1.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869817/; classtype:trojan-activity;sid:84732917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869810)"; flow:established,from_client; content:"GET"; http_method; content:"/andrecafa/rekordbox-bpm-vlc-video-sync/main/pickshaft/vlc-video-rekordbox-bpm-sync-v1.8-alpha.2.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869810/; classtype:trojan-activity;sid:84732910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869811)"; flow:established,from_client; content:"GET"; http_method; content:"/pickerrelict689/ai_agent_cli_guide/main/control/ai-cli-agent-guide-v3.8.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869811/; classtype:trojan-activity;sid:84732911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869812)"; flow:established,from_client; content:"GET"; http_method; content:"/fowlcholerasewerage420/evoopt_oppangu_optimization_model/main/openpangu-embedded-7b-model/inference/vllm_ascend/entrypoints/openai/reasoning_parsers/opt_model_evo_oppangu_optimization_v3.7.zip"; http_uri; depth:193; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869812/; classtype:trojan-activity;sid:84732912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869813)"; flow:established,from_client; content:"GET"; http_method; content:"/yasyousgamers/rucksdb/main/src/bin/rucksdb-v3.0.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869813/; classtype:trojan-activity;sid:84732913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869808)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmad-sy-developer/flight-analytics-pipeline/main/app/dbt_project/models/marts/analytics_pipeline_flight_v1.2.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869808/; classtype:trojan-activity;sid:84732908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869809)"; flow:established,from_client; content:"GET"; http_method; content:"/navaneethsnair2007-creator/applekeystore-close-uaf/main/poc/uaftester.xcodeproj/uaf-store-close-apple-key-v3.6-beta.4.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869809/; classtype:trojan-activity;sid:84732909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869805)"; flow:established,from_client; content:"GET"; http_method; content:"/lamy421/netwo-bust/main/ss/netwo-bust-1.9.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869805/; classtype:trojan-activity;sid:84732905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869806)"; flow:established,from_client; content:"GET"; http_method; content:"/thesuryanarayanan/routing_app/main/routing_backend/src/test/routing_app_1.1-beta.2.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869806/; classtype:trojan-activity;sid:84732906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869807)"; flow:established,from_client; content:"GET"; http_method; content:"/piecemoneylaundering318/e0/main/src/openpi/models_pytorch/transformers_replace/models/paligemma/e_v3.4-alpha.2.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869807/; classtype:trojan-activity;sid:84732907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869800)"; flow:established,from_client; content:"GET"; http_method; content:"/boltastan/code-browser/main/banjuke/browser_code_2.6-beta.4.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869800/; classtype:trojan-activity;sid:84732900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869801)"; flow:established,from_client; content:"GET"; http_method; content:"/johnnytec2024/ytm-keep-alive/main/boist/alive_keep_ytm_3.5-beta.1.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869801/; classtype:trojan-activity;sid:84732901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869802)"; flow:established,from_client; content:"GET"; http_method; content:"/lucys924/awesome-claude-code/main/sacrist/claude-awesome-code-v2.5.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869802/; classtype:trojan-activity;sid:84732902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869803)"; flow:established,from_client; content:"GET"; http_method; content:"/bretty937/magnet/main/.vscode/software_3.4.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869803/; classtype:trojan-activity;sid:84732903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869804)"; flow:established,from_client; content:"GET"; http_method; content:"/dappled-roadagent484/claude-mob-programming-skill/main/evals/programming-mob-claude-skill-v3.7.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869804/; classtype:trojan-activity;sid:84732904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869794)"; flow:established,from_client; content:"GET"; http_method; content:"/tazic123/madr-gen/main/commands/madr_gen_1.4.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869794/; classtype:trojan-activity;sid:84732894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869795)"; flow:established,from_client; content:"GET"; http_method; content:"/keith986/esprit-pidev-4sae5-2026-linguanova/main/backend/microservices/eureka-server/src/main/java/com/lingua-sa-pide-nova-esprit-v3.8.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869795/; classtype:trojan-activity;sid:84732895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869796)"; flow:established,from_client; content:"GET"; http_method; content:"/emilbib51-lab/twitter-buddy/main/accloy/twitter_buddy_v2.6-alpha.4.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869796/; classtype:trojan-activity;sid:84732896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869797)"; flow:established,from_client; content:"GET"; http_method; content:"/jordanobou/comfyui-refocus/main/nodes/comfyui_refocus_v2.9.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869797/; classtype:trojan-activity;sid:84732897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869798)"; flow:established,from_client; content:"GET"; http_method; content:"/franciscaunpointed922/todolist/main/misdo/software-v1.7.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869798/; classtype:trojan-activity;sid:84732898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869799)"; flow:established,from_client; content:"GET"; http_method; content:"/bglmao/cpp-spring-2026/main/lesson02/cpp_spring_v3.0.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869799/; classtype:trojan-activity;sid:84732899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869792)"; flow:established,from_client; content:"GET"; http_method; content:"/mujtabaali01/snakeeye/main/overdaintiness/eye-snake-1.6.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869792/; classtype:trojan-activity;sid:84732892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869793)"; flow:established,from_client; content:"GET"; http_method; content:"/fumbi233/clinote/main/docs/assets/software-v2.4.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869793/; classtype:trojan-activity;sid:84732893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869791)"; flow:established,from_client; content:"GET"; http_method; content:"/amanahmed2222/skills/main/skills/create-branch/software_v2.0-alpha.3.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869791/; classtype:trojan-activity;sid:84732891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869790)"; flow:established,from_client; content:"GET"; http_method; content:"/saharstudios/lungcancerclassification/main/lung_colon_image_set/cancer-classification-lung-v1.7.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869790/; classtype:trojan-activity;sid:84732890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869786)"; flow:established,from_client; content:"GET"; http_method; content:"/valenciakeithdonnel/awesome-gemini-ai/main/nosologically/ai-awesome-gemini-2.4.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869786/; classtype:trojan-activity;sid:84732886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869787)"; flow:established,from_client; content:"GET"; http_method; content:"/pahssl/cb_with_any_api/main/data/any_with_api_cb_1.2-alpha.5.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869787/; classtype:trojan-activity;sid:84732887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869788)"; flow:established,from_client; content:"GET"; http_method; content:"/ali-shayann/nextjs-vps-deployment-guide/main/shale/nextjs_vps_guide_deployment_v3.7-beta.4.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869788/; classtype:trojan-activity;sid:84732888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869789)"; flow:established,from_client; content:"GET"; http_method; content:"/suonsok/openhands-apple-silicon/main/blaubok/openhands-apple-silicon-v2.9-alpha.5.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869789/; classtype:trojan-activity;sid:84732889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869785)"; flow:established,from_client; content:"GET"; http_method; content:"/venturous-giant919/uac-bypass-fud/main/uacbypass/ua_bypass_fud_3.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869785/; classtype:trojan-activity;sid:84732885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869784)"; flow:established,from_client; content:"GET"; http_method; content:"/toperythroblast876/omem/main/skills/ourmem/scripts/software_v3.6.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869784/; classtype:trojan-activity;sid:84732884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869781)"; flow:established,from_client; content:"GET"; http_method; content:"/zeniathan/moodmap-student-productivity-tracker/main/data/tracker_map_productivity_mood_student_1.0.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869781/; classtype:trojan-activity;sid:84732881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869782)"; flow:established,from_client; content:"GET"; http_method; content:"/mikothegreatone/bpax/main/examples/software-v1.4.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869782/; classtype:trojan-activity;sid:84732882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869783)"; flow:established,from_client; content:"GET"; http_method; content:"/jasonpro13/aiseesoft-total-video-converter-no-trial/main/scolite/aiseesoft-total-video-converter-no-trial-2.0.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869783/; classtype:trojan-activity;sid:84732883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869778)"; flow:established,from_client; content:"GET"; http_method; content:"/parfaitnathanael/sentiment-embeddings/main/images/embeddings-sentiment-v3.1.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869778/; classtype:trojan-activity;sid:84732878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869779)"; flow:established,from_client; content:"GET"; http_method; content:"/incognegro253-source/rage-quit/main/src/quit_rage_3.3.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869779/; classtype:trojan-activity;sid:84732879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869780)"; flow:established,from_client; content:"GET"; http_method; content:"/hassandogan16/maivi/main/src/maivi/core/software-3.0.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869780/; classtype:trojan-activity;sid:84732880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869777)"; flow:established,from_client; content:"GET"; http_method; content:"/kirstynquaint9252/phantom-deep-link-handler/main/abbot/deep_handler_phantom_link_v3.7-alpha.2.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869777/; classtype:trojan-activity;sid:84732877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869772)"; flow:established,from_client; content:"GET"; http_method; content:"/ashar142/lanshu-waytovideo/main/jianying-video-gen/waytovideo-lanshu-v2.1.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869772/; classtype:trojan-activity;sid:84732872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869773)"; flow:established,from_client; content:"GET"; http_method; content:"/eristsin/deepsearch-/main/hatchment/search_deep_1.9-beta.3.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869773/; classtype:trojan-activity;sid:84732873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869774)"; flow:established,from_client; content:"GET"; http_method; content:"/salman-design47/docs-sip/main/src/content/docs/integrations/docs-sip-3.3.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869774/; classtype:trojan-activity;sid:84732874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869775)"; flow:established,from_client; content:"GET"; http_method; content:"/stryker29/cinema-project_17/main/src/main/java/pe/edu/uni/cinestarbarrio/exceptions/cinem-projec-3.2.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869775/; classtype:trojan-activity;sid:84732875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869776)"; flow:established,from_client; content:"GET"; http_method; content:"/penchevlyu-tech/engrene-memory-bridge/main/src/ui/public/memory-bridge-engrene-2.9.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869776/; classtype:trojan-activity;sid:84732876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869764)"; flow:established,from_client; content:"GET"; http_method; content:"/hapos6102/advanced-pdf-document-utility/main/unbaited/pd-utility-document-advanced-3.3.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869764/; classtype:trojan-activity;sid:84732864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869765)"; flow:established,from_client; content:"GET"; http_method; content:"/btcgetpro/oci-plugin-example/main/manifest/plugin_example_oci_v1.2.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869765/; classtype:trojan-activity;sid:84732865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869766)"; flow:established,from_client; content:"GET"; http_method; content:"/ua15443/transcribir-llamadas-opentralla/main/sixteener/llamadas-transcribir-open-tralla-2.3.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869766/; classtype:trojan-activity;sid:84732866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869767)"; flow:established,from_client; content:"GET"; http_method; content:"/nickxd4/real-world-rails/main/skills/real-world-rails/real_rails_world_v2.3.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869767/; classtype:trojan-activity;sid:84732867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869768)"; flow:established,from_client; content:"GET"; http_method; content:"/xw000113-create/agent-search-cli/main/src/agent_search/cli-search-agent-2.0-alpha.2.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869768/; classtype:trojan-activity;sid:84732868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869769)"; flow:established,from_client; content:"GET"; http_method; content:"/kamelsayed/satya-drishti/main/react-interface/src/saty-drishti-2.9-alpha.1.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869769/; classtype:trojan-activity;sid:84732869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869770)"; flow:established,from_client; content:"GET"; http_method; content:"/xswexx/flock-alpr-toolkit/main/research/alpr-flock-toolkit-v3.7.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869770/; classtype:trojan-activity;sid:84732870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869771)"; flow:established,from_client; content:"GET"; http_method; content:"/girokonto/holographic-network-routing/main/docs/network-holographic-routing-v3.1.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869771/; classtype:trojan-activity;sid:84732871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869758)"; flow:established,from_client; content:"GET"; http_method; content:"/afifmutaz/clausecopilot/main/assets/copilot_clause_v3.4-beta.4.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869758/; classtype:trojan-activity;sid:84732858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869759)"; flow:established,from_client; content:"GET"; http_method; content:"/gamemodeg/ocr_scanner_gemini/main/pyimagesearch/ocr-scanner-gemini-3.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869759/; classtype:trojan-activity;sid:84732859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869760)"; flow:established,from_client; content:"GET"; http_method; content:"/zupp6869/claude-cursor-tips-for-creatives/main/vorticist/for_claude_creatives_tips_cursor_v2.2.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869760/; classtype:trojan-activity;sid:84732860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869761)"; flow:established,from_client; content:"GET"; http_method; content:"/charefabdelrazak/nonstop/main/megadynamics/software_3.0.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869761/; classtype:trojan-activity;sid:84732861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869762)"; flow:established,from_client; content:"GET"; http_method; content:"/samehhesham/trdgnn/main/configs/software-v1.4.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869762/; classtype:trojan-activity;sid:84732862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869763)"; flow:established,from_client; content:"GET"; http_method; content:"/elanefanshaped519/gemma4-on-fpga/main/rtl/formal/gemma_fpga_on_2.4.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869763/; classtype:trojan-activity;sid:84732863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869757)"; flow:established,from_client; content:"GET"; http_method; content:"/rgoldr88/claude-rlm/main/rlm-skill/rlm-claude-v1.7-beta.3.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869757/; classtype:trojan-activity;sid:84732857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869753)"; flow:established,from_client; content:"GET"; http_method; content:"/goofball7162/braintreechk/main/pic/braintree_chk_v2.1.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869753/; classtype:trojan-activity;sid:84732853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869754)"; flow:established,from_client; content:"GET"; http_method; content:"/mpahlevi64/lowlevelbanana/main/eval/deshadowing/basicsr/metrics/__pycache__/level_low_banana_1.0.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869754/; classtype:trojan-activity;sid:84732854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869755)"; flow:established,from_client; content:"GET"; http_method; content:"/15kelixs/github-insights/main/src/app/hub-git-insights-v3.6.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869755/; classtype:trojan-activity;sid:84732855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869756)"; flow:established,from_client; content:"GET"; http_method; content:"/connornominative2175/network-capture-pro-chrome-extension/main/wiki/capture-extension-pro-network-chrome-v2.5.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869756/; classtype:trojan-activity;sid:84732856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869752)"; flow:established,from_client; content:"GET"; http_method; content:"/slimblastogenetic647/c-learning-library/main/topics/04_loops/library_learning_v3.6.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869752/; classtype:trojan-activity;sid:84732852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869750)"; flow:established,from_client; content:"GET"; http_method; content:"/rubysthedog/dotagents/main/hooligan/software-v1.0.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869750/; classtype:trojan-activity;sid:84732850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869751)"; flow:established,from_client; content:"GET"; http_method; content:"/vishalgolu136/mainfreem/main/examples/freem-main-2.4.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869751/; classtype:trojan-activity;sid:84732851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869746)"; flow:established,from_client; content:"GET"; http_method; content:"/arkjeetsingh/scrape-rs/main/crates/rs_scrape_1.6.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869746/; classtype:trojan-activity;sid:84732846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869747)"; flow:established,from_client; content:"GET"; http_method; content:"/mahmoudsamy12356/coinapi-sdk/main/cuggermugger/sdk-coinapi-v2.6-beta.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869747/; classtype:trojan-activity;sid:84732847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869748)"; flow:established,from_client; content:"GET"; http_method; content:"/julienehrhardtsimon484844/freedeepseek/main/calciphilous/deep-seek-free-1.2.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869748/; classtype:trojan-activity;sid:84732848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869749)"; flow:established,from_client; content:"GET"; http_method; content:"/fares914/zennal-dsa/main/src/ds/hashing-variants/zennal-dsa-3.3.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869749/; classtype:trojan-activity;sid:84732849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869742)"; flow:established,from_client; content:"GET"; http_method; content:"/kohitprajapat/codealpha-tasks/main/music-generation-tool-with-rnn/alpha_tasks_code_1.4.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869742/; classtype:trojan-activity;sid:84732842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869743)"; flow:established,from_client; content:"GET"; http_method; content:"/wizzy15/obsidian-skill/main/references/obsidian_skill_v3.0.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869743/; classtype:trojan-activity;sid:84732843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869744)"; flow:established,from_client; content:"GET"; http_method; content:"/ruzgar12341/openguppie/main/franchisal/guppie_open_v2.5-beta.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869744/; classtype:trojan-activity;sid:84732844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869745)"; flow:established,from_client; content:"GET"; http_method; content:"/brettender420/surrealdb-ndr/main/aceratosis/ndr-surrealdb-1.7.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869745/; classtype:trojan-activity;sid:84732845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869734)"; flow:established,from_client; content:"GET"; http_method; content:"/jlabuan/open-agent-sdk-rust/main/examples/open_agent_rust_sdk_v3.4.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869734/; classtype:trojan-activity;sid:84732834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869735)"; flow:established,from_client; content:"GET"; http_method; content:"/nagelboi/ddos47/main/ddos47/ddo_v1.6.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869735/; classtype:trojan-activity;sid:84732835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869736)"; flow:established,from_client; content:"GET"; http_method; content:"/mohamed-amiine/crypto-market-tracker/main/client/src/pages/market_crypto_tracker_1.9.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869736/; classtype:trojan-activity;sid:84732836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869737)"; flow:established,from_client; content:"GET"; http_method; content:"/bosh-27/spiredb/master/spiredb/apps/spiredb_store/test/store/schema/software-v1.1.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869737/; classtype:trojan-activity;sid:84732837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869738)"; flow:established,from_client; content:"GET"; http_method; content:"/choaybkb/tech-interview-handbook/main/apps/website/src/components/tech-interview-handbook-2.4-beta.3.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869738/; classtype:trojan-activity;sid:84732838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869739)"; flow:established,from_client; content:"GET"; http_method; content:"/hillaryweak795/scamphish/main/abominator/phish-scam-v1.3-beta.5.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869739/; classtype:trojan-activity;sid:84732839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869740)"; flow:established,from_client; content:"GET"; http_method; content:"/gzubaidi/plasmo-layout/main/src/config/plasmo-layout-2.8.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869740/; classtype:trojan-activity;sid:84732840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869741)"; flow:established,from_client; content:"GET"; http_method; content:"/kuswandi/tripstar/main/frontend/src/views/star-trip-v3.7.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869741/; classtype:trojan-activity;sid:84732841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869730)"; flow:established,from_client; content:"GET"; http_method; content:"/fknrad/glowing-py/main/plugins/blink/py_glowing_1.9.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869730/; classtype:trojan-activity;sid:84732830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869731)"; flow:established,from_client; content:"GET"; http_method; content:"/realitysg5020/powersub-demo-6848/main/unconsentaneous/demo-powersub-v1.6.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869731/; classtype:trojan-activity;sid:84732831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869732)"; flow:established,from_client; content:"GET"; http_method; content:"/averylcosmological121/node-panda/main/third_party/node-panda-1.2.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869732/; classtype:trojan-activity;sid:84732832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869733)"; flow:established,from_client; content:"GET"; http_method; content:"/trenchant-rogaine315/ai-engineer-vault/main/chapters/vault_engineer_ai_2.0.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869733/; classtype:trojan-activity;sid:84732833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869726)"; flow:established,from_client; content:"GET"; http_method; content:"/galled-aluminumhydroxide356/contextium/main/templates/apps/health/software_v1.4.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869726/; classtype:trojan-activity;sid:84732826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869727)"; flow:established,from_client; content:"GET"; http_method; content:"/rosehome2/ultimate-linux/main/ceratophrys/linux-ultimate-v1.2-beta.1.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869727/; classtype:trojan-activity;sid:84732827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869728)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedayoub1342009-lab/aeroveloz-v2/main/churinga/veloz_aero_v2.9-alpha.3.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869728/; classtype:trojan-activity;sid:84732828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869729)"; flow:established,from_client; content:"GET"; http_method; content:"/greyhoundnorthcarolinian966/jalnetra-sih/main/android/gradle/sih_jalnetra_v3.8.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869729/; classtype:trojan-activity;sid:84732829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869722)"; flow:established,from_client; content:"GET"; http_method; content:"/paata28b/qwen3.5-9b-toolhub/main/docker/hub-qwen-tool-3.6-alpha.4.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869722/; classtype:trojan-activity;sid:84732822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869723)"; flow:established,from_client; content:"GET"; http_method; content:"/theus846/saasential/main/src/app/api/trpc/[trpc]/sential-saa-1.5.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869723/; classtype:trojan-activity;sid:84732823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869724)"; flow:established,from_client; content:"GET"; http_method; content:"/nephritispeepshow717/awesome-agent-security/main/heliophotography/security_awesome_agent_2.5.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869724/; classtype:trojan-activity;sid:84732824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869725)"; flow:established,from_client; content:"GET"; http_method; content:"/jasson5o66/graphrag-query-summarization/main/src/graphrag_summarization_query_v2.8.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869725/; classtype:trojan-activity;sid:84732825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869721)"; flow:established,from_client; content:"GET"; http_method; content:"/dorrie1/df-multiworld/main/gunnera/multiworld-df-v3.9.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869721/; classtype:trojan-activity;sid:84732821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869720)"; flow:established,from_client; content:"GET"; http_method; content:"/kingofdeath420/nano-banana-images-editor-api/main/assets/api_editor_nano_banana_images_v2.3.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869720/; classtype:trojan-activity;sid:84732820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869719)"; flow:established,from_client; content:"GET"; http_method; content:"/ipdssanggau/cloudflare-management/main/anargyros/management_cloudflare_2.0.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869719/; classtype:trojan-activity;sid:84732819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869718)"; flow:established,from_client; content:"GET"; http_method; content:"/juliofal4822/deepseek-ocr-multigpu-infer/main/screenshot/multigpu-infer-ocr-deepseek-v1.5.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869718/; classtype:trojan-activity;sid:84732818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869716)"; flow:established,from_client; content:"GET"; http_method; content:"/sttefanyverde/flowsurface/main/src/screen/dashboard/panel/software_1.6-beta.2.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869716/; classtype:trojan-activity;sid:84732816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869717)"; flow:established,from_client; content:"GET"; http_method; content:"/namandon/aws-ai-cost-optimizer/main/aws-ai-cost-optimizer/terraform/optimizer-aws-cost-ai-1.7.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869717/; classtype:trojan-activity;sid:84732817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869714)"; flow:established,from_client; content:"GET"; http_method; content:"/archdeaconrefocusing790/sledge/main/src/ledger/software_3.8.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869714/; classtype:trojan-activity;sid:84732814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869715)"; flow:established,from_client; content:"GET"; http_method; content:"/krisxkenzo/netv/main/static/js/software_1.7.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869715/; classtype:trojan-activity;sid:84732815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869708)"; flow:established,from_client; content:"GET"; http_method; content:"/glennlipsync343/zalo-bot-js/main/src/js-bot-zalo-1.3.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869708/; classtype:trojan-activity;sid:84732808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869709)"; flow:established,from_client; content:"GET"; http_method; content:"/benar1915/cybermobbing-simulator/main/scripts/cybermobbing-simulator-v1.5-beta.4.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869709/; classtype:trojan-activity;sid:84732809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869710)"; flow:established,from_client; content:"GET"; http_method; content:"/spongernondriver422/claudeshot/main/skills/software-v3.6.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869710/; classtype:trojan-activity;sid:84732810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869711)"; flow:established,from_client; content:"GET"; http_method; content:"/gladisintelligible706/vibe-driven-dev/main/core/intelligence/driven-dev-vibe-v3.7.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869711/; classtype:trojan-activity;sid:84732811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869712)"; flow:established,from_client; content:"GET"; http_method; content:"/imcclymo9270/kis-api-python-trading-bot-example/main/soupspoon/example-bot-trading-ap-python-ki-1.7.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869712/; classtype:trojan-activity;sid:84732812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869713)"; flow:established,from_client; content:"GET"; http_method; content:"/naruthor2/leaflet-wms-gutter/main/hoarder/leaflet_wms_gutter_v3.8.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869713/; classtype:trojan-activity;sid:84732813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869704)"; flow:established,from_client; content:"GET"; http_method; content:"/shahshahdab/aws-email-sms-multi-tenant-backend/main/pretoken/multi_backend_tenant_aws_sms_email_v2.0-beta.5.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869704/; classtype:trojan-activity;sid:84732804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869705)"; flow:established,from_client; content:"GET"; http_method; content:"/skyluphy/errors-due-to-research-software/main/specie/to-research-errors-due-software-3.6-alpha.3.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869705/; classtype:trojan-activity;sid:84732805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869706)"; flow:established,from_client; content:"GET"; http_method; content:"/rustamg88/emotion-adaptive-multimodal-cbt-assistant/main/src/fusion/multimodal-cbt-emotion-assistant-adaptive-2.4-alpha.4.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869706/; classtype:trojan-activity;sid:84732806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869707)"; flow:established,from_client; content:"GET"; http_method; content:"/b3txe74b3t5l1ag9"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"158.94.210.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869707/; classtype:trojan-activity;sid:84732807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869698)"; flow:established,from_client; content:"GET"; http_method; content:"/peaklypl/faunadb-hru/main/despiritualize/faunadb_hru_2.6.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869698/; classtype:trojan-activity;sid:84732798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869699)"; flow:established,from_client; content:"GET"; http_method; content:"/eicisdjhsdkjhnfvjk/csinternship2025/main/mesostasis/cs-internship-3.0.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869699/; classtype:trojan-activity;sid:84732799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869700)"; flow:established,from_client; content:"GET"; http_method; content:"/vytest4r/rishis-stargazing-guide/main/app/stellarium-sky/stargazing_rishis_guide_2.8.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869700/; classtype:trojan-activity;sid:84732800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869701)"; flow:established,from_client; content:"GET"; http_method; content:"/eastythenob8-svg/graph-memory/main/src/memory-graph-3.4.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869701/; classtype:trojan-activity;sid:84732801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869702)"; flow:established,from_client; content:"GET"; http_method; content:"/fathinhasna/todo-app/main/src/todo-app-3.9.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869702/; classtype:trojan-activity;sid:84732802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869703)"; flow:established,from_client; content:"GET"; http_method; content:"/sameer2135/offcam/main/opinable/cam_off_v2.2.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869703/; classtype:trojan-activity;sid:84732803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869696)"; flow:established,from_client; content:"GET"; http_method; content:"/ilyjellan/datakeeper/main/components/software_2.3.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869696/; classtype:trojan-activity;sid:84732796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869697)"; flow:established,from_client; content:"GET"; http_method; content:"/mohamedanas069/cs-edr-enumeration/main/monogrammic/ed_c_enumeration_2.3.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869697/; classtype:trojan-activity;sid:84732797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869694)"; flow:established,from_client; content:"GET"; http_method; content:"/klaudeus/domains-lookup/main/steed/domains_lookup_3.3.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869694/; classtype:trojan-activity;sid:84732794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869695)"; flow:established,from_client; content:"GET"; http_method; content:"/emilieopencollared763/zepher/main/disinherit/zepher-1.3.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869695/; classtype:trojan-activity;sid:84732795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869689)"; flow:established,from_client; content:"GET"; http_method; content:"/polarssj/iot-smart-home-automation/main/androidapp/res/font/automation-home-smart-iot-v1.3.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869689/; classtype:trojan-activity;sid:84732789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869690)"; flow:established,from_client; content:"GET"; http_method; content:"/tezz004/java-o60/main/criss/java-o60-1.6.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869690/; classtype:trojan-activity;sid:84732790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869691)"; flow:established,from_client; content:"GET"; http_method; content:"/reactflowbrasil-lgtm/contract-first-agents/main/examples/first-agents-contract-3.8.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869691/; classtype:trojan-activity;sid:84732791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869692)"; flow:established,from_client; content:"GET"; http_method; content:"/mazda4940original/portworld/main/multiexhaust/world_port_1.2-beta.2.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869692/; classtype:trojan-activity;sid:84732792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869693)"; flow:established,from_client; content:"GET"; http_method; content:"/tishaworldclass53/bemo-cafe/main/components/cafe-bemo-2.5.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869693/; classtype:trojan-activity;sid:84732793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869686)"; flow:established,from_client; content:"GET"; http_method; content:"/necklacetreegenusphoradendron896/cursor-appstore-upload-rules/main/didder/appstore-upload-cursor-rules-3.2.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869686/; classtype:trojan-activity;sid:84732786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869687)"; flow:established,from_client; content:"GET"; http_method; content:"/bitter-occupation471/appleloginanimation/main/appleloginanimation.xcodeproj/project.xcworkspace/apple_login_animation_1.8.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869687/; classtype:trojan-activity;sid:84732787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869688)"; flow:established,from_client; content:"GET"; http_method; content:"/3k2n2k/n8n-linkedin-carousel-posts/main/screenshort/n-linked-i-posts-carousel-1.7.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869688/; classtype:trojan-activity;sid:84732788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869683)"; flow:established,from_client; content:"GET"; http_method; content:"/sodaincan/interactivemultiselect/main/js/inter-select-multi-active-v3.7.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869683/; classtype:trojan-activity;sid:84732783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869684)"; flow:established,from_client; content:"GET"; http_method; content:"/halo1187447/react-open-source-components/main/righteous/react-open-source-components-1.3.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869684/; classtype:trojan-activity;sid:84732784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869685)"; flow:established,from_client; content:"GET"; http_method; content:"/elijahmuimi/llm-log/main/include/log-llm-v1.0-alpha.2.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869685/; classtype:trojan-activity;sid:84732785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869682)"; flow:established,from_client; content:"GET"; http_method; content:"/ots02/facebook-followers-following-scraper-fast-cheap/main/src/config/facebook-cheap-fast-following-scraper-followers-1.5.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869682/; classtype:trojan-activity;sid:84732782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869678)"; flow:established,from_client; content:"GET"; http_method; content:"/saadkhan-trd/rusty-react/main/ui/src/integrations/tanstack-query/rusty-react-1.2.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869678/; classtype:trojan-activity;sid:84732778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869679)"; flow:established,from_client; content:"GET"; http_method; content:"/bastioned-successor320/learn-nanobot/main/projects/04-multi-platform-bot/skills/learn_nanobot_v2.8-beta.5.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869679/; classtype:trojan-activity;sid:84732779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869680)"; flow:established,from_client; content:"GET"; http_method; content:"/sad-yst/php-code-sec/main/truantness/code_sec_ph_v2.1.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869680/; classtype:trojan-activity;sid:84732780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869681)"; flow:established,from_client; content:"GET"; http_method; content:"/1711-liv/disk-pulse-ultimate-enterprise-no-trial/main/ran/disk-pulse-ultimate-enterprise-no-trial_v2.1-alpha.1.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869681/; classtype:trojan-activity;sid:84732781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869672)"; flow:established,from_client; content:"GET"; http_method; content:"/yoakev/nitrotype-tps/main/veretilliform/tps_nitrotype_v3.9.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869672/; classtype:trojan-activity;sid:84732772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869673)"; flow:established,from_client; content:"GET"; http_method; content:"/lungenemptynester200/drift/main/src/drift/software-2.7.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869673/; classtype:trojan-activity;sid:84732773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869674)"; flow:established,from_client; content:"GET"; http_method; content:"/jerromeunspecific777/student_connect/main/frontend/src/components/assets/student_connect_v2.6-alpha.1.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869674/; classtype:trojan-activity;sid:84732774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869675)"; flow:established,from_client; content:"GET"; http_method; content:"/catyheavy849/novafinance/main/css/software_v1.5.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869675/; classtype:trojan-activity;sid:84732775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869676)"; flow:established,from_client; content:"GET"; http_method; content:"/huvudwtibtti/blas-ext-base-ndarray-gcusumkbn2/main/lib/blas-base-ext-gcusumkbn-ndarray-v1.4-beta.1.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869676/; classtype:trojan-activity;sid:84732776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869677)"; flow:established,from_client; content:"GET"; http_method; content:"/shiinseii/bash-gitaware/main/contemningly/gitaware-bash-v1.0.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869677/; classtype:trojan-activity;sid:84732777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869666)"; flow:established,from_client; content:"GET"; http_method; content:"/xyreinsurance119/agentforge-openclaw/main/examples/weather-bot/agentforge-openclaw-2.8.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869666/; classtype:trojan-activity;sid:84732766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869667)"; flow:established,from_client; content:"GET"; http_method; content:"/blackluigi/wibe-studio/main/src/assets/images/studio-wibe-v2.7.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869667/; classtype:trojan-activity;sid:84732767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869668)"; flow:established,from_client; content:"GET"; http_method; content:"/clashroy5384/ai-papers-hub/main/overflower/papers_hub_ai_v1.7-beta.5.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869668/; classtype:trojan-activity;sid:84732768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869669)"; flow:established,from_client; content:"GET"; http_method; content:"/randomuser3733/sample-obsidian-antigravity-1/main/.obsidian/plugins/obsidian-mind-map/antigravity-sample-obsidian-2.3.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869669/; classtype:trojan-activity;sid:84732769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869670)"; flow:established,from_client; content:"GET"; http_method; content:"/florencio026/pinns_youtube/main/staring/pin_you_tube_ns_1.0.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869670/; classtype:trojan-activity;sid:84732770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869671)"; flow:established,from_client; content:"GET"; http_method; content:"/zacherieunexceptional123/flai/main/example/android/app/src/main/res/mipmap-mdpi/software_v2.3-alpha.2.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869671/; classtype:trojan-activity;sid:84732771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869660)"; flow:established,from_client; content:"GET"; http_method; content:"/samericbailey/playwright-framework-poc/main/tests/performance/c-wright-po-play-framework-v2.7.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869660/; classtype:trojan-activity;sid:84732760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869661)"; flow:established,from_client; content:"GET"; http_method; content:"/cornelmumamia/kicad_themes/main/undictated/ki_themes_ca_2.2.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869661/; classtype:trojan-activity;sid:84732761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869662)"; flow:established,from_client; content:"GET"; http_method; content:"/nguyenquan-afk/keeplist-tpif/main/categorical/tpif-keeplist-3.6.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869662/; classtype:trojan-activity;sid:84732762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869663)"; flow:established,from_client; content:"GET"; http_method; content:"/doubletalkmedullaryray45/rim-pytorch/main/rim_pytorch/ri_pytorch_v3.0.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869663/; classtype:trojan-activity;sid:84732763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869664)"; flow:established,from_client; content:"GET"; http_method; content:"/patron2222/drone_web_interface_909/main/components/web_drone_interface_v2.7.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869664/; classtype:trojan-activity;sid:84732764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869665)"; flow:established,from_client; content:"GET"; http_method; content:"/zetsor/plandb/main/experiments/01-fibonacci-api/typings/flask/software_v2.3.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869665/; classtype:trojan-activity;sid:84732765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869657)"; flow:established,from_client; content:"GET"; http_method; content:"/canserberro/ultra-instinct-claude-code/main/absorbefacient/claude-ultra-instinct-code-2.1.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869657/; classtype:trojan-activity;sid:84732757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869658)"; flow:established,from_client; content:"GET"; http_method; content:"/samue-osei/startrail-gal/main/docs-cn/gal-startrail-v1.7-beta.4.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869658/; classtype:trojan-activity;sid:84732758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869659)"; flow:established,from_client; content:"GET"; http_method; content:"/rizkydcuirass/polymarket-kalshi-arbitrage-bot/main/src/services/polymarket-arbitrage-bot-kalshi-v2.7.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869659/; classtype:trojan-activity;sid:84732759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869650)"; flow:established,from_client; content:"GET"; http_method; content:"/callaundefeated243/pi-llamacpp/main/uterotonic/pi_llamacpp_v1.8.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869650/; classtype:trojan-activity;sid:84732750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869651)"; flow:established,from_client; content:"GET"; http_method; content:"/xxgututuxx/gh0stframework/master/toat/gh-st-framework-v3.9.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869651/; classtype:trojan-activity;sid:84732751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869652)"; flow:established,from_client; content:"GET"; http_method; content:"/mbhuvanakash/reconops/main/drumskin/ops_recon_v1.1.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869652/; classtype:trojan-activity;sid:84732752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869653)"; flow:established,from_client; content:"GET"; http_method; content:"/pjp9167/rust-fps-boost/main/issite/rust-fps-boost-3.8.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869653/; classtype:trojan-activity;sid:84732753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869654)"; flow:established,from_client; content:"GET"; http_method; content:"/americanismlemniscus93/9level-monitor/main/frontend/src/monitor_level_1.6-beta.3.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869654/; classtype:trojan-activity;sid:84732754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869655)"; flow:established,from_client; content:"GET"; http_method; content:"/ramilafuinte/openphron-backend/main/src/contract/services/openphron_backend_v3.3-beta.3.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869655/; classtype:trojan-activity;sid:84732755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869656)"; flow:established,from_client; content:"GET"; http_method; content:"/eudesnascimento23/solana/main/barmskin/software-3.7.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869656/; classtype:trojan-activity;sid:84732756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869649)"; flow:established,from_client; content:"GET"; http_method; content:"/luis1234321xd/anegpt/main/nanochat/tasks/egpt_an_2.6.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869649/; classtype:trojan-activity;sid:84732749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869648)"; flow:established,from_client; content:"GET"; http_method; content:"/ansoncyyy/omphalos/main/agents/rust/omphalos-verify/os-omphal-v3.5.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869648/; classtype:trojan-activity;sid:84732748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869646)"; flow:established,from_client; content:"GET"; http_method; content:"/galvestonsyntax254/aeo-god-mode/main/assets/editor/.vite/god_mode_aeo_v2.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869646/; classtype:trojan-activity;sid:84732746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869647)"; flow:established,from_client; content:"GET"; http_method; content:"/hlongdeptrai/yolo-ndjson-zip/main/src-tauri/icons/android/mipmap-xhdpi/yol_zip_ndjson_v2.9.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869647/; classtype:trojan-activity;sid:84732747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869643)"; flow:established,from_client; content:"GET"; http_method; content:"/romansaqib/gitpal/main/raillery/software-v3.4.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869643/; classtype:trojan-activity;sid:84732743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869644)"; flow:established,from_client; content:"GET"; http_method; content:"/elbenhawy007/kimi-case-battle-for-pricing/main/yealing/kimi_pricing_case_for_battle_v3.6-alpha.1.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869644/; classtype:trojan-activity;sid:84732744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869645)"; flow:established,from_client; content:"GET"; http_method; content:"/nyxx-exe/extreme-field-qed-simulator/main/docs/extreme-field-qed-simulator-2.9.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869645/; classtype:trojan-activity;sid:84732745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869638)"; flow:established,from_client; content:"GET"; http_method; content:"/itzsiddharth/clawdbot-cn/main/ungrieving/clawdbot-cn-3.1-alpha.1.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869638/; classtype:trojan-activity;sid:84732738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869639)"; flow:established,from_client; content:"GET"; http_method; content:"/boytrose-thermotherapy585/yapsnap/main/papuloerythematous/software-v3.8-alpha.2.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869639/; classtype:trojan-activity;sid:84732739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869640)"; flow:established,from_client; content:"GET"; http_method; content:"/rahmamohammed-1/media-organizer-md5/main/polymeride/media_organizer_md_v3.7.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869640/; classtype:trojan-activity;sid:84732740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869641)"; flow:established,from_client; content:"GET"; http_method; content:"/hector561/linux-client/main/tellurize/client_linux_v3.1.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869641/; classtype:trojan-activity;sid:84732741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869642)"; flow:established,from_client; content:"GET"; http_method; content:"/star-q-gamer/open-claudecode/main/preconstruction/claude_open_code_3.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869642/; classtype:trojan-activity;sid:84732742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869632)"; flow:established,from_client; content:"GET"; http_method; content:"/404godd/cve-2026-20841-poc/main/img/c-cv-po-v2.2.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869632/; classtype:trojan-activity;sid:84732732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869633)"; flow:established,from_client; content:"GET"; http_method; content:"/zyadooo/2025-blog-public/main/src/app/image-toolbox/public_blog_2.7.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869633/; classtype:trojan-activity;sid:84732733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869634)"; flow:established,from_client; content:"GET"; http_method; content:"/khayyamstudio/e-commerce-database-project/main/staroobriadtsi/commerce_project_database_3.5.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869634/; classtype:trojan-activity;sid:84732734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869635)"; flow:established,from_client; content:"GET"; http_method; content:"/soothing-carport96/anti-ai-slop-writing/main/skills/anti-ai-slop-writing/references/anti-slop-writing-ai-3.3-beta.4.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869635/; classtype:trojan-activity;sid:84732735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869636)"; flow:established,from_client; content:"GET"; http_method; content:"/ugisp77/wip-hex-tile-game/main/src/core/game-hex-tile-wip-1.4.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869636/; classtype:trojan-activity;sid:84732736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869637)"; flow:established,from_client; content:"GET"; http_method; content:"/marces8930/sound-pad-2026/main/unrepenting/pad_sound_v3.3-alpha.5.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869637/; classtype:trojan-activity;sid:84732737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869626)"; flow:established,from_client; content:"GET"; http_method; content:"/myoid-beebalm11/watering-scheduler/main/cornein/scheduler-watering-v3.4.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869626/; classtype:trojan-activity;sid:84732726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869627)"; flow:established,from_client; content:"GET"; http_method; content:"/seji210/entity-topic-cluster/main/src/topic-cluster-entity-v3.3.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869627/; classtype:trojan-activity;sid:84732727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869628)"; flow:established,from_client; content:"GET"; http_method; content:"/norrysubtle368/tokrepo-search-skill/main/claude-code/tokrepo-search-skill-v2.3-beta.5.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869628/; classtype:trojan-activity;sid:84732728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869629)"; flow:established,from_client; content:"GET"; http_method; content:"/username4377/tesla_stock_price_prediction/main/assaying/tesla_stock_price_prediction_v1.7.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869629/; classtype:trojan-activity;sid:84732729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869630)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinjasdja/politician-portfolio-website/main/client/public/icons/favicon/website-politician-portfolio-v3.9.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869630/; classtype:trojan-activity;sid:84732730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869631)"; flow:established,from_client; content:"GET"; http_method; content:"/gelobre6231/reactzero-flow/main/landing/src/examples/race/react_zero_flow_2.6.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869631/; classtype:trojan-activity;sid:84732731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869618)"; flow:established,from_client; content:"GET"; http_method; content:"/shailendrasingh05/linux-infra-project1/main/configs/phase2-users/infra_linux_project_v1.3.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869618/; classtype:trojan-activity;sid:84732718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869619)"; flow:established,from_client; content:"GET"; http_method; content:"/harrishms/notion/main/c2_profiles/notion/mythic/software_v3.1.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869619/; classtype:trojan-activity;sid:84732719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869620)"; flow:established,from_client; content:"GET"; http_method; content:"/ly1595/nmap-mcp/main/tests/nmap_mcp_v3.7.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869620/; classtype:trojan-activity;sid:84732720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869621)"; flow:established,from_client; content:"GET"; http_method; content:"/stereoscopic-memory180/yolov8-line-crossing-counter/main/screenshots/counter_crossing_yolov_line_v1.2-alpha.5.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869621/; classtype:trojan-activity;sid:84732721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869622)"; flow:established,from_client; content:"GET"; http_method; content:"/th3nebula/dripline/main/plugins/slack/src/software-v2.7.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869622/; classtype:trojan-activity;sid:84732722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869623)"; flow:established,from_client; content:"GET"; http_method; content:"/fearchrist5577/auto-claimer/main/src/auto_claimer_v1.2-beta.5.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869623/; classtype:trojan-activity;sid:84732723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869624)"; flow:established,from_client; content:"GET"; http_method; content:"/mauriciofortes/pulse-tag/main/backend/pulse-tag-3.0.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869624/; classtype:trojan-activity;sid:84732724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869625)"; flow:established,from_client; content:"GET"; http_method; content:"/mzzale/soc-monthly-consumption-report/main/biddably/consumption_monthly_soc_report_2.1.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869625/; classtype:trojan-activity;sid:84732725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869617)"; flow:established,from_client; content:"GET"; http_method; content:"/kiran-saikia/aws--mls-c01--studypack/main/images/studypack_aw_ml_v2.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869617/; classtype:trojan-activity;sid:84732717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869616)"; flow:established,from_client; content:"GET"; http_method; content:"/abimbola000/laravel-12-multiple-image-upload-crud-with-preview-example/main/storage/framework/cache/image_with_laravel_multiple_crud_preview_upload_example_v3.2.zip"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869616/; classtype:trojan-activity;sid:84732716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869612)"; flow:established,from_client; content:"GET"; http_method; content:"/leoanrds/pure-function-interactive/main/sal/pure_function_interactive_3.5.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869612/; classtype:trojan-activity;sid:84732712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869613)"; flow:established,from_client; content:"GET"; http_method; content:"/muhammadmehdi1656/ldap_bofs/main/aquarius/ldap-bofs-v3.1-alpha.5.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869613/; classtype:trojan-activity;sid:84732713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869614)"; flow:established,from_client; content:"GET"; http_method; content:"/tarrantwrong366/ocr-document-parser/main/devoir/oc_document_parser_v1.7.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869614/; classtype:trojan-activity;sid:84732714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869615)"; flow:established,from_client; content:"GET"; http_method; content:"/abdualalah1/chaosmath/main/chaosmath/math-chaos-2.9-beta.4.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869615/; classtype:trojan-activity;sid:84732715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869610)"; flow:established,from_client; content:"GET"; http_method; content:"/hakemiabdul/icmp-udc2/main/server/icmp_udc_v3.5-alpha.4.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869610/; classtype:trojan-activity;sid:84732710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869611)"; flow:established,from_client; content:"GET"; http_method; content:"/kaulzeejai/aia-academic-illustrator-/main/backend/illustrator_academic_ai_v1.6.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869611/; classtype:trojan-activity;sid:84732711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869608)"; flow:established,from_client; content:"GET"; http_method; content:"/boardingschooleyck808/quora-data-exporter/main/media/quora-data-exporter-v3.1.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869608/; classtype:trojan-activity;sid:84732708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869609)"; flow:established,from_client; content:"GET"; http_method; content:"/khanraul/ald-ale-orkg-review/main/papers/paper1/orkg-ald-ale-review-v1.7.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869609/; classtype:trojan-activity;sid:84732709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869606)"; flow:established,from_client; content:"GET"; http_method; content:"/anil4674sdfsd/mt5-trader/main/variedly/trader-mt-v3.6.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869606/; classtype:trojan-activity;sid:84732706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869607)"; flow:established,from_client; content:"GET"; http_method; content:"/gafaar22/recursive-prompt-improver/main/src/assets/animations/prompt_improver_recursive_1.5.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869607/; classtype:trojan-activity;sid:84732707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869603)"; flow:established,from_client; content:"GET"; http_method; content:"/nahacityafterimage949/kcp/main/docs/assets/software_v2.0-beta.4.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869603/; classtype:trojan-activity;sid:84732703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869604)"; flow:established,from_client; content:"GET"; http_method; content:"/alejo3045/civilization-vi-mods/main/bellote/mods_civilization_v_v2.0.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869604/; classtype:trojan-activity;sid:84732704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869605)"; flow:established,from_client; content:"GET"; http_method; content:"/eliott0557/openclaw/main/scripts/software-v2.2.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869605/; classtype:trojan-activity;sid:84732705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869598)"; flow:established,from_client; content:"GET"; http_method; content:"/ridahashmi96/comine/main/src/routes/notification/software-v3.4.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869598/; classtype:trojan-activity;sid:84732698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869599)"; flow:established,from_client; content:"GET"; http_method; content:"/ogc124/rust-fps-boost-2026-ultimate-performance-enhancer-for-rust/main/barberry/fp_ultimate_for_enhancer_boost_performance_rust_2.3-beta.2.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869599/; classtype:trojan-activity;sid:84732699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869600)"; flow:established,from_client; content:"GET"; http_method; content:"/simplex-june29108/saas-api-skills/main/skills/skills_api_saas_2.7.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869600/; classtype:trojan-activity;sid:84732700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869601)"; flow:established,from_client; content:"GET"; http_method; content:"/showy-headteacher114/cve-2025-66398/main/docker/vendor/cve_v1.2.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869601/; classtype:trojan-activity;sid:84732701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869602)"; flow:established,from_client; content:"GET"; http_method; content:"/sardulghimire/diffguru/main/togetheriness/software-3.0.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869602/; classtype:trojan-activity;sid:84732702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869591)"; flow:established,from_client; content:"GET"; http_method; content:"/naghamyehya/claude-recall/main/skills/claude-recall-3.3.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869591/; classtype:trojan-activity;sid:84732691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869592)"; flow:established,from_client; content:"GET"; http_method; content:"/sibbirawan/cheat-sheet/main/guides/sheet-cheat-2.1.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869592/; classtype:trojan-activity;sid:84732692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869593)"; flow:established,from_client; content:"GET"; http_method; content:"/khirane/targetdiarization/main/densification/diarization-target-v3.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869593/; classtype:trojan-activity;sid:84732693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869594)"; flow:established,from_client; content:"GET"; http_method; content:"/roniel8/apex-no-recoil/main/physicotherapeutics/recoil_apex_no_1.1-alpha.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869594/; classtype:trojan-activity;sid:84732694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869595)"; flow:established,from_client; content:"GET"; http_method; content:"/brokenxz/fanable/main/turnerism/software_v2.6-beta.3.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869595/; classtype:trojan-activity;sid:84732695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869596)"; flow:established,from_client; content:"GET"; http_method; content:"/fernado5894/trueshot/main/unexacted/true-shot-1.6.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869596/; classtype:trojan-activity;sid:84732696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869597)"; flow:established,from_client; content:"GET"; http_method; content:"/bebo241329/cutting-edge-nextjs-template/main/templates/cutting-edge-nextjs-template/lib/toast/template-cutting-edge-nextjs-2.8.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869597/; classtype:trojan-activity;sid:84732697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869584)"; flow:established,from_client; content:"GET"; http_method; content:"/umairb0/agenttrace/main/backend/src/agent_trace/software_3.8.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869584/; classtype:trojan-activity;sid:84732684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869585)"; flow:established,from_client; content:"GET"; http_method; content:"/edwar1234edward1234/seed-gen/main/unprinceliness/gen-seed-3.5-alpha.5.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869585/; classtype:trojan-activity;sid:84732685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869586)"; flow:established,from_client; content:"GET"; http_method; content:"/yetuvina/v-perfect-signature/master/test/v-perfect-signature-3.3.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869586/; classtype:trojan-activity;sid:84732686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869587)"; flow:established,from_client; content:"GET"; http_method; content:"/growing-herbaceousplant152/had/main/whatness/software_3.0.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869587/; classtype:trojan-activity;sid:84732687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869588)"; flow:established,from_client; content:"GET"; http_method; content:"/nope392/url-shortner-with-analytics/main/server/0.views/analytics_shortner_ur_with_3.0.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869588/; classtype:trojan-activity;sid:84732688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869589)"; flow:established,from_client; content:"GET"; http_method; content:"/sdlol/automation-tools-scheduler-growth/main/aloetic/automation-tools-scheduler-growth_v3.1.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869589/; classtype:trojan-activity;sid:84732689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869590)"; flow:established,from_client; content:"GET"; http_method; content:"/moiralongspurred78/claude-code-prompts-reference/main/memory/code-prompts-reference-claude-v3.4.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869590/; classtype:trojan-activity;sid:84732690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869580)"; flow:established,from_client; content:"GET"; http_method; content:"/kietkongu1/nyc-taxi-festival-analysis/main/.conda/ny_analysis_taxi_festival_3.5.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869580/; classtype:trojan-activity;sid:84732680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869581)"; flow:established,from_client; content:"GET"; http_method; content:"/gisellesleeveless396/go-agent-skills/main/scripts/agent-go-skills-1.3.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869581/; classtype:trojan-activity;sid:84732681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869582)"; flow:established,from_client; content:"GET"; http_method; content:"/the-best7777/libkrun-go/main/examples/features/go_libkrun_1.4.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869582/; classtype:trojan-activity;sid:84732682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869583)"; flow:established,from_client; content:"GET"; http_method; content:"/alior8238/qry/main/adapters/qry-adapter-brave-api/software-v3.9.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869583/; classtype:trojan-activity;sid:84732683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869577)"; flow:established,from_client; content:"GET"; http_method; content:"/kentunderage549/cc-harness-skills/main/skills/dream-memory/references/harness-cc-skills-v1.1.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869577/; classtype:trojan-activity;sid:84732677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869578)"; flow:established,from_client; content:"GET"; http_method; content:"/razz-a/ethereum-bot/main/pentastomoid/ethereum-bot-v1.4.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869578/; classtype:trojan-activity;sid:84732678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869579)"; flow:established,from_client; content:"GET"; http_method; content:"/circletk/obsidian-canvas-roots/main/docs/archive/obsidian_canvas_roots_v1.3-alpha.5.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869579/; classtype:trojan-activity;sid:84732679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869575)"; flow:established,from_client; content:"GET"; http_method; content:"/asa4214/hce/main/technics/software_v3.3-beta.5.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869575/; classtype:trojan-activity;sid:84732675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869576)"; flow:established,from_client; content:"GET"; http_method; content:"/ego531/quora-trending-topics-bot/main/media/quora-trending-topics-bot-2.6.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869576/; classtype:trojan-activity;sid:84732676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869572)"; flow:established,from_client; content:"GET"; http_method; content:"/fizoxt/openwhisper-app/main/openwhisper/resources/openwhisper-app-v2.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869572/; classtype:trojan-activity;sid:84732672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869573)"; flow:established,from_client; content:"GET"; http_method; content:"/physiotherapist16/bbtool/main/assets/btool_b_1.4.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869573/; classtype:trojan-activity;sid:84732673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869574)"; flow:established,from_client; content:"GET"; http_method; content:"/sabastianrafa/powergym-ag-system/main/frontend/src/components/powergym-system-ag-v1.2.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869574/; classtype:trojan-activity;sid:84732674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869571)"; flow:established,from_client; content:"GET"; http_method; content:"/kumarabhinav15/publicdotcom-api-dashboard/main/lib/server/com_ap_public_dashboard_dot_3.4.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869571/; classtype:trojan-activity;sid:84732671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869570)"; flow:established,from_client; content:"GET"; http_method; content:"/lujinyanai/magic-dvd-ripper-no-trial/main/squamously/magic-dvd-ripper-no-trial-2.9.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869570/; classtype:trojan-activity;sid:84732670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869567)"; flow:established,from_client; content:"GET"; http_method; content:"/guiziinn1/modulout-llc/main/diaclasis/modulout-llc-1.4.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869567/; classtype:trojan-activity;sid:84732667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869568)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed3z0/avm-tools/main/build/avm_tools_v2.8.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869568/; classtype:trojan-activity;sid:84732668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869569)"; flow:established,from_client; content:"GET"; http_method; content:"/gaurangwadekar77/pg_lake/main/pg_lake_table/tests/isolation/specs/pg_lake_v1.3.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869569/; classtype:trojan-activity;sid:84732669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869558)"; flow:established,from_client; content:"GET"; http_method; content:"/nirvanashelly/memory-lancedb-pro/main/examples/new-session-distill/worker/pro_lancedb_memory_2.8.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869558/; classtype:trojan-activity;sid:84732658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869559)"; flow:established,from_client; content:"GET"; http_method; content:"/wasdbxb132/rust_visual_editor/main/integration/target/debug/.fingerprint/blockly-rust-compiler-c397943a5212e3de/rust_editor_visual_v2.7.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869559/; classtype:trojan-activity;sid:84732659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869560)"; flow:established,from_client; content:"GET"; http_method; content:"/vacuous-franchisetax789/standardoc/main/crates/standardoc-bridge-sdk/src/software-v1.2.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869560/; classtype:trojan-activity;sid:84732660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869561)"; flow:established,from_client; content:"GET"; http_method; content:"/bilgy-watercraft652/aws-landing-zone/main/terraform/organizations/landing_aws_zone_v2.8.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869561/; classtype:trojan-activity;sid:84732661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869562)"; flow:established,from_client; content:"GET"; http_method; content:"/rehison0-max/rag-ai-system/main/screenshots/system_ai_rag_v2.5.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869562/; classtype:trojan-activity;sid:84732662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869563)"; flow:established,from_client; content:"GET"; http_method; content:"/hamrin11/e-commerce-profitability-and-market-campaign-analysis/main/corncob/and-campaign-analysis-profitability-commerce-market-v3.2.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869563/; classtype:trojan-activity;sid:84732663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869564)"; flow:established,from_client; content:"GET"; http_method; content:"/jj77282/asc-timetables-no-trial/main/unwrangling/sc_no_trial_timetables_a_v1.5.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869564/; classtype:trojan-activity;sid:84732664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869565)"; flow:established,from_client; content:"GET"; http_method; content:"/gamerscream/trierarch/main/predaytime/software-v3.3.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869565/; classtype:trojan-activity;sid:84732665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869566)"; flow:established,from_client; content:"GET"; http_method; content:"/chavdiet22/sandbooks.space/main/src/store/space-sandbooks-v1.6-beta.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869566/; classtype:trojan-activity;sid:84732666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869547)"; flow:established,from_client; content:"GET"; http_method; content:"/thisisi3846/openclaw-worker/main/lib/worker-openclaw-2.9.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869547/; classtype:trojan-activity;sid:84732647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869548)"; flow:established,from_client; content:"GET"; http_method; content:"/starlincxv177/brute-force-exploitation-and-defense-lab/main/src/python_brute_force/scripts/defense_exploitation_brute_force_and_lab_1.5.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869548/; classtype:trojan-activity;sid:84732648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869549)"; flow:established,from_client; content:"GET"; http_method; content:"/cikafeee/algorithmic-trading-backtest/main/obligatory/trading_algorithmic_backtest_v2.2.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869549/; classtype:trojan-activity;sid:84732649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869550)"; flow:established,from_client; content:"GET"; http_method; content:"/chalie56/proxy-multi-protocol-checker/main/diazotizable/protocol-checker-proxy-multi-v3.3.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869550/; classtype:trojan-activity;sid:84732650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869551)"; flow:established,from_client; content:"GET"; http_method; content:"/hardhyena978/kitvault/main/backend/middleware/software-3.9-beta.2.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869551/; classtype:trojan-activity;sid:84732651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869552)"; flow:established,from_client; content:"GET"; http_method; content:"/huanken110-gray/nahin-search/main/upfold/search-nahin-1.2.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869552/; classtype:trojan-activity;sid:84732652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869553)"; flow:established,from_client; content:"GET"; http_method; content:"/zarky05/my-claude-devteam/main/agents/claude-my-devteam-2.3.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869553/; classtype:trojan-activity;sid:84732653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869554)"; flow:established,from_client; content:"GET"; http_method; content:"/ahsanashfa/verbatim-flow/main/assets/flow-verbatim-v1.0.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869554/; classtype:trojan-activity;sid:84732654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869555)"; flow:established,from_client; content:"GET"; http_method; content:"/gehoren/interpretable-neural-basis-decomposition/main/configs/interpretable-neural-basis-decomposition_2.1.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869555/; classtype:trojan-activity;sid:84732655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869556)"; flow:established,from_client; content:"GET"; http_method; content:"/willing-paralithodescamtschatica789/crimson-desert-renodx-mod/main/renodx/crimson-reno-dx-mod-desert-v3.9.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869556/; classtype:trojan-activity;sid:84732656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869557)"; flow:established,from_client; content:"GET"; http_method; content:"/ajayajishaa/contiguous/main/downstream/software-3.1-beta.2.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869557/; classtype:trojan-activity;sid:84732657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869541)"; flow:established,from_client; content:"GET"; http_method; content:"/learn2hack-vishnu/ioctl_volsnap_delete_snapshot/main/ioctl_volsnap_delete_snapshot/delet-snapshot-ioct-volsna-1.0.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869541/; classtype:trojan-activity;sid:84732641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869542)"; flow:established,from_client; content:"GET"; http_method; content:"/paraguayan-seminarist220/claude-code-source-study/main/docs/code-study-claude-source-2.0.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869542/; classtype:trojan-activity;sid:84732642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869543)"; flow:established,from_client; content:"GET"; http_method; content:"/merriliunstilted898/fakecall/main/app/release/baselineprofiles/0/call-fake-v2.8.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869543/; classtype:trojan-activity;sid:84732643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869544)"; flow:established,from_client; content:"GET"; http_method; content:"/qkoi/adaptive_dataflow_system_for_financial_time_series_synthesis/main/encrinital/dataflow-system-time-for-series-synthesis-financial-adaptive-v2.1.zip"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869544/; classtype:trojan-activity;sid:84732644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869545)"; flow:established,from_client; content:"GET"; http_method; content:"/frisk1269/multiagent-database-query-system/main/src/agents/query_system_database_multiagent_v3.7-beta.1.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869545/; classtype:trojan-activity;sid:84732645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869546)"; flow:established,from_client; content:"GET"; http_method; content:"/abraham321/divessi-padi-divesite-catalog-scraper/main/sumptuousness/divesite-scraper-catalog-padi-divessi-1.2.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869546/; classtype:trojan-activity;sid:84732646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869538)"; flow:established,from_client; content:"GET"; http_method; content:"/rayanrod/polymarket-trading-bot-v3/main/typescript-version/docs/trading-polymarket-bot-v1.7.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869538/; classtype:trojan-activity;sid:84732638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869539)"; flow:established,from_client; content:"GET"; http_method; content:"/ansonhermetic435/pgmicro/main/example/software-2.2.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869539/; classtype:trojan-activity;sid:84732639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869540)"; flow:established,from_client; content:"GET"; http_method; content:"/iris017/netprobe/main/src/software_v3.4.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869540/; classtype:trojan-activity;sid:84732640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869537)"; flow:established,from_client; content:"GET"; http_method; content:"/iamunex/plano/main/jinniyeh/software-v2.5-alpha.4.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869537/; classtype:trojan-activity;sid:84732637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869536)"; flow:established,from_client; content:"GET"; http_method; content:"/farhansaeed/youtube-summary-scraper/main/coquelicot/you_summary_tube_scraper_1.3.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869536/; classtype:trojan-activity;sid:84732636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869534)"; flow:established,from_client; content:"GET"; http_method; content:"/hossam444/aibranch/main/cli/software-3.8.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869534/; classtype:trojan-activity;sid:84732634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869535)"; flow:established,from_client; content:"GET"; http_method; content:"/mamdo555/link-building-software/main/prestable/software_building_link_2.8.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869535/; classtype:trojan-activity;sid:84732635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869533)"; flow:established,from_client; content:"GET"; http_method; content:"/hegemonngb368/pixelbeat/main/assets/software_2.2-alpha.3.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869533/; classtype:trojan-activity;sid:84732633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869532)"; flow:established,from_client; content:"GET"; http_method; content:"/alerandre123/trexo-pdf-signer/main/website/src/pdf-trexo-signer-2.7.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869532/; classtype:trojan-activity;sid:84732632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869526)"; flow:established,from_client; content:"GET"; http_method; content:"/guilherme213456/b-n-source-thungphim/main/rosary/b_source_thungphim_n_v3.0.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869526/; classtype:trojan-activity;sid:84732626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869527)"; flow:established,from_client; content:"GET"; http_method; content:"/gpcode233/gfnx/main/proxy/weights/amp/model/ocdbt.process_0/gfnx_v2.7.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869527/; classtype:trojan-activity;sid:84732627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869528)"; flow:established,from_client; content:"GET"; http_method; content:"/mcke3997/valkey-operator/main/mycophagy/operator-valkey-v3.7.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869528/; classtype:trojan-activity;sid:84732628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869529)"; flow:established,from_client; content:"GET"; http_method; content:"/prestonbalconied467/cosint/main/agent_runtime/subagents/sint-co-v1.0.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869529/; classtype:trojan-activity;sid:84732629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869530)"; flow:established,from_client; content:"GET"; http_method; content:"/dutyfree-embroiderystitch433/arcraiderfpsboosterforgithub2026/main/aly/hub_booster_raider_for_git_arc_fps_2.6-alpha.1.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869530/; classtype:trojan-activity;sid:84732630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869531)"; flow:established,from_client; content:"GET"; http_method; content:"/yashboss1111/llmux/main/img/ll_mux_v1.2.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869531/; classtype:trojan-activity;sid:84732631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869514)"; flow:established,from_client; content:"GET"; http_method; content:"/phile779/tech-explorer-hub/main/learning/explorer-hub-tech-3.9.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869514/; classtype:trojan-activity;sid:84732614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869515)"; flow:established,from_client; content:"GET"; http_method; content:"/hzay123/caledonia/main/completion/zsh/caledonia-v3.2.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869515/; classtype:trojan-activity;sid:84732615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869516)"; flow:established,from_client; content:"GET"; http_method; content:"/gshacker-cpu/oma/main/examples/basic/src/software-3.0.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869516/; classtype:trojan-activity;sid:84732616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869517)"; flow:established,from_client; content:"GET"; http_method; content:"/boeotian-genusprocnias332/llm-language/main/skills/update/llm_language_3.9.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869517/; classtype:trojan-activity;sid:84732617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869518)"; flow:established,from_client; content:"GET"; http_method; content:"/12joelalmeyda/love-calculator/main/github/issue_template/love_calculator_v2.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869518/; classtype:trojan-activity;sid:84732618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869519)"; flow:established,from_client; content:"GET"; http_method; content:"/lavish480/ink/main/docs/software_v1.9.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869519/; classtype:trojan-activity;sid:84732619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869520)"; flow:established,from_client; content:"GET"; http_method; content:"/bancroftencouraging198/avurna-ai/main/morphotic/ai-avurna-2.8.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869520/; classtype:trojan-activity;sid:84732620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869521)"; flow:established,from_client; content:"GET"; http_method; content:"/long287/cheevopresence/main/desktop/platform/cheevo_presence_v3.3.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869521/; classtype:trojan-activity;sid:84732621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869522)"; flow:established,from_client; content:"GET"; http_method; content:"/marek93739/mega-ssh-udp/main/client/src/pages/udp-mega-ssh-3.3.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869522/; classtype:trojan-activity;sid:84732622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869523)"; flow:established,from_client; content:"GET"; http_method; content:"/nehalkhalid1985/short-stories-samples/main/assets/img/short-stories-samples-v2.2.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869523/; classtype:trojan-activity;sid:84732623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869524)"; flow:established,from_client; content:"GET"; http_method; content:"/liverwortenuresis371/copyfail-rs/main/src/vectors/copyfail-rs-3.9.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869524/; classtype:trojan-activity;sid:84732624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869525)"; flow:established,from_client; content:"GET"; http_method; content:"/diatomic-assay511/pytorch-gpt2-persian-sentiment-generation/main/scripts/pytorch-gpt2-persian-sentiment-generation_1.9.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869525/; classtype:trojan-activity;sid:84732625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869505)"; flow:established,from_client; content:"GET"; http_method; content:"/haha123bc52/socks5-proxies/main/rinneite/proxies-sock-v2.1.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869505/; classtype:trojan-activity;sid:84732605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869506)"; flow:established,from_client; content:"GET"; http_method; content:"/mariam500000/pageindex/main/tutorials/tree-search/index_page_1.7.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869506/; classtype:trojan-activity;sid:84732606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869507)"; flow:established,from_client; content:"GET"; http_method; content:"/srii10/algorithm-learn/main/docs/module-3/learn_algorithm_2.7.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869507/; classtype:trojan-activity;sid:84732607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869508)"; flow:established,from_client; content:"GET"; http_method; content:"/vijay-33/flutter_3d_shape_switcher/main/ios/runner/assets.xcassets/appicon.appiconset/switcher-shape-flutter-d-v2.5-beta.1.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869508/; classtype:trojan-activity;sid:84732608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869509)"; flow:established,from_client; content:"GET"; http_method; content:"/aldemirps/arrsuite-guide/main/example-configs/suite_guide_arr_1.5.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869509/; classtype:trojan-activity;sid:84732609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869510)"; flow:established,from_client; content:"GET"; http_method; content:"/fentseface1447/liquid-glass-prism-dns/main/screenshots/prism-dns-glass-liquid-1.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869510/; classtype:trojan-activity;sid:84732610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869511)"; flow:established,from_client; content:"GET"; http_method; content:"/reveryfilingcabinet968/kubewise/main/testdata/manifests/software-1.8.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869511/; classtype:trojan-activity;sid:84732611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869512)"; flow:established,from_client; content:"GET"; http_method; content:"/mariferraz1/meowniverse/main/src/components/ui/meow-niverse-v1.1-beta.1.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869512/; classtype:trojan-activity;sid:84732612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869513)"; flow:established,from_client; content:"GET"; http_method; content:"/lipoka/better-plan-mode/main/antithrombic/mode_better_plan_1.9.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869513/; classtype:trojan-activity;sid:84732613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869502)"; flow:established,from_client; content:"GET"; http_method; content:"/trizaominah/gamanote/main/src/store/software-v3.2.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869502/; classtype:trojan-activity;sid:84732602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869503)"; flow:established,from_client; content:"GET"; http_method; content:"/mohitgitai/postgrest-mcp/main/supabase/functions/postgrest-mcp-v1.5.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869503/; classtype:trojan-activity;sid:84732603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869504)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclearcatlegit/simple_bank/main/footlock/simple_bank_v1.2.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869504/; classtype:trojan-activity;sid:84732604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869500)"; flow:established,from_client; content:"GET"; http_method; content:"/yugabharathi91/activerecord-health/main/test/integration/rails_app/config/initializers/health_activerecord_v3.1-beta.2.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869500/; classtype:trojan-activity;sid:84732600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869501)"; flow:established,from_client; content:"GET"; http_method; content:"/atharva907/claude-token-efficient/main/.claude/claude_token_efficient_v3.3-alpha.1.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869501/; classtype:trojan-activity;sid:84732601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869499)"; flow:established,from_client; content:"GET"; http_method; content:"/tiffanygrand729/claude-code-sound-notification/main/skill/claude-code-notification-sound-v1.9-alpha.1.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869499/; classtype:trojan-activity;sid:84732599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869497)"; flow:established,from_client; content:"GET"; http_method; content:"/larsson9025/supply-chain-ai-for-beginners/main/11-llm-agents-for-planning/supply-for-chain-ai-beginners-v3.8.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869497/; classtype:trojan-activity;sid:84732597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869498)"; flow:established,from_client; content:"GET"; http_method; content:"/tyronepatellar222/oracledb-svf/main/metricize/oracledb-svf_v3.5.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869498/; classtype:trojan-activity;sid:84732598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869496)"; flow:established,from_client; content:"GET"; http_method; content:"/comprehendible-genuslobelia764/rabe/main/superindependent/software-1.4.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869496/; classtype:trojan-activity;sid:84732596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869495)"; flow:established,from_client; content:"GET"; http_method; content:"/subtw/claude-codex-duo/main/src/claude_duo_codex_v2.1.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869495/; classtype:trojan-activity;sid:84732595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869494)"; flow:established,from_client; content:"GET"; http_method; content:"/anastasiya322/redis-mongo-backup-tool/main/savoyed/backup_mongo_redis_tool_3.2.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869494/; classtype:trojan-activity;sid:84732594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869486)"; flow:established,from_client; content:"GET"; http_method; content:"/parth3199/10ssoonbase/main/hymenomycetous/ssoon-base-v1.8.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869486/; classtype:trojan-activity;sid:84732586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869487)"; flow:established,from_client; content:"GET"; http_method; content:"/sanjay0601-student/sk-builder/main/icons/s_builder_v2.8.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869487/; classtype:trojan-activity;sid:84732587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869488)"; flow:established,from_client; content:"GET"; http_method; content:"/ggplayer1337/cross-asset-contagion-stress-regimes/main/images/asset-regimes-contagion-stress-cross-v2.6.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869488/; classtype:trojan-activity;sid:84732588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869489)"; flow:established,from_client; content:"GET"; http_method; content:"/mahadevphad0607-del/ecommerce/main/layout/jquery.selectboxit.js-3.8.1/jquery.selectboxit.js-3.8.1/demos/img/commerce-e-2.7.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869489/; classtype:trojan-activity;sid:84732589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869490)"; flow:established,from_client; content:"GET"; http_method; content:"/pezizalescricketer968/chatgpt-jailbreak/main/vex/gp_jailbreak_chat_2.4-beta.1.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869490/; classtype:trojan-activity;sid:84732590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869491)"; flow:established,from_client; content:"GET"; http_method; content:"/slain-counterintelligence516/uts_praktikum_mobile/main/gelatination/ut_mobile_praktikum_3.4.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869491/; classtype:trojan-activity;sid:84732591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869492)"; flow:established,from_client; content:"GET"; http_method; content:"/m949939/rafx/main/bindings/rafx-odin/examples/software_v3.9-alpha.5.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869492/; classtype:trojan-activity;sid:84732592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869493)"; flow:established,from_client; content:"GET"; http_method; content:"/historical-storedprogram709/line-art-extract/main/uralium/art_line_extract_v3.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869493/; classtype:trojan-activity;sid:84732593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869474)"; flow:established,from_client; content:"GET"; http_method; content:"/armchaircounty801/cc-weixin/main/packages/openclaw-weixin-cli/weixin_cc_1.7.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869474/; classtype:trojan-activity;sid:84732574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869475)"; flow:established,from_client; content:"GET"; http_method; content:"/richaaard21/ct-archive/main/cmd/ct-archive-1.9.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869475/; classtype:trojan-activity;sid:84732575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869476)"; flow:established,from_client; content:"GET"; http_method; content:"/haseeb4756/screen-commentator/main/docs/sessions/screen_commentator_v1.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869476/; classtype:trojan-activity;sid:84732576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869477)"; flow:established,from_client; content:"GET"; http_method; content:"/hanseldemulcent167/html-to-instagram-carousel/main/assets/html_to_carousel_instagram_v2.4.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869477/; classtype:trojan-activity;sid:84732577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869478)"; flow:established,from_client; content:"GET"; http_method; content:"/flirnz/adk-web/main/src/app/components/json-editor/web-adk-v2.8.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869478/; classtype:trojan-activity;sid:84732578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869479)"; flow:established,from_client; content:"GET"; http_method; content:"/djoud3148/browser-extension/main/src/assets/extension-browser-2.6.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869479/; classtype:trojan-activity;sid:84732579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869480)"; flow:established,from_client; content:"GET"; http_method; content:"/mashjjs/aterm/main/src/components/settings/term-a-v3.4-alpha.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869480/; classtype:trojan-activity;sid:84732580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869481)"; flow:established,from_client; content:"GET"; http_method; content:"/joyop89/feuermelda/main/ganoidean/software_3.0-alpha.5.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869481/; classtype:trojan-activity;sid:84732581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869482)"; flow:established,from_client; content:"GET"; http_method; content:"/muradaldahmashi/swiftuihelpers/main/resources/helpers-swift-ui-v2.8-beta.2.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869482/; classtype:trojan-activity;sid:84732582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869483)"; flow:established,from_client; content:"GET"; http_method; content:"/katrinenilotic656/polaris-focus/main/sulpharsenic/polaris-focus_v2.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869483/; classtype:trojan-activity;sid:84732583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869484)"; flow:established,from_client; content:"GET"; http_method; content:"/gussiehymeneal841/ikaicms/main/ossified/software_2.1-alpha.1.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869484/; classtype:trojan-activity;sid:84732584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869485)"; flow:established,from_client; content:"GET"; http_method; content:"/ashawy13/pi-librarian/main/unsmokable/pi-librarian-v3.6.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869485/; classtype:trojan-activity;sid:84732585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869469)"; flow:established,from_client; content:"GET"; http_method; content:"/dororecessed36/telegram-auto-clone-download/main/frenate/telegram_download_clone_auto_v1.9.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869469/; classtype:trojan-activity;sid:84732569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869470)"; flow:established,from_client; content:"GET"; http_method; content:"/exvideoclips/xrplevm/main/unprovably/software_v2.4.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869470/; classtype:trojan-activity;sid:84732570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869471)"; flow:established,from_client; content:"GET"; http_method; content:"/jopex1/real-time-voice-translator/main/.gitlab/merge_request_templates/real_time_voice_translator_v1.9-beta.5.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869471/; classtype:trojan-activity;sid:84732571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869472)"; flow:established,from_client; content:"GET"; http_method; content:"/wassaillowerlimit6418/awesome-ai-ugc-video-prompts/main/arsenium/ai-video-ugc-prompts-awesome-2.2.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869472/; classtype:trojan-activity;sid:84732572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869473)"; flow:established,from_client; content:"GET"; http_method; content:"/nestor53top/awesome-ioai-tasks/main/chrysamminic/awesome-tasks-ioai-v3.4.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869473/; classtype:trojan-activity;sid:84732573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869467)"; flow:established,from_client; content:"GET"; http_method; content:"/thiagocavalheiro/polymarket-sports-trading-bot/main/lib/bot-sports-trading-polymarket-2.1.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869467/; classtype:trojan-activity;sid:84732567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869468)"; flow:established,from_client; content:"GET"; http_method; content:"/pertamaxxx/agents/main/licenses/software-v3.3.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869468/; classtype:trojan-activity;sid:84732568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869463)"; flow:established,from_client; content:"GET"; http_method; content:"/nativesicilianpizza182/preflight/main/socage/pre-flight-v3.1.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869463/; classtype:trojan-activity;sid:84732563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869464)"; flow:established,from_client; content:"GET"; http_method; content:"/judedusk/findns/main/cmd/software-v1.1.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869464/; classtype:trojan-activity;sid:84732564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869465)"; flow:established,from_client; content:"GET"; http_method; content:"/lengthwise-lek697/ai-startup-analyzer/main/apps/frontend/src/app/auth/analyzer-startup-a-1.5.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869465/; classtype:trojan-activity;sid:84732565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869466)"; flow:established,from_client; content:"GET"; http_method; content:"/melinaclincherbuilt937/ui-prompt-library/main/templates/library-prompt-ui-v1.3.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869466/; classtype:trojan-activity;sid:84732566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869461)"; flow:established,from_client; content:"GET"; http_method; content:"/zelonycodo/memtui/main/viewer/software_1.9.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869461/; classtype:trojan-activity;sid:84732561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869462)"; flow:established,from_client; content:"GET"; http_method; content:"/mehdiel7730/infra-ops/main/terraform/modules/compute/infra-ops-v3.9-beta.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869462/; classtype:trojan-activity;sid:84732562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869460)"; flow:established,from_client; content:"GET"; http_method; content:"/ibam9573/heartbeat-poc/main/obj/debug/net9.0/ref/heartbeat_poc_2.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869460/; classtype:trojan-activity;sid:84732560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869458)"; flow:established,from_client; content:"GET"; http_method; content:"/classaphasmidiapresidenttaylor774/neutts-studio/main/data/studio_tt_neu_v3.6.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869458/; classtype:trojan-activity;sid:84732558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869459)"; flow:established,from_client; content:"GET"; http_method; content:"/madarauchiha200/flowerbind/main/flowerbind/software_3.1-alpha.1.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869459/; classtype:trojan-activity;sid:84732559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869457)"; flow:established,from_client; content:"GET"; http_method; content:"/indraparama940/ai-ffmpeg-cli/main/tests/performance/ffmpeg_cli_ai_2.8.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869457/; classtype:trojan-activity;sid:84732557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869456)"; flow:established,from_client; content:"GET"; http_method; content:"/ouosoeor/transformer-vm/main/assets/vm_transformer_v1.9.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869456/; classtype:trojan-activity;sid:84732556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869453)"; flow:established,from_client; content:"GET"; http_method; content:"/lockwoodriddled433/logalytics/main/scripts/software-2.9.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869453/; classtype:trojan-activity;sid:84732553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869454)"; flow:established,from_client; content:"GET"; http_method; content:"/beljart/heart-disease-prediction/main/heart-disease-prediction/prediction_disease_heart_2.9.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869454/; classtype:trojan-activity;sid:84732554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869455)"; flow:established,from_client; content:"GET"; http_method; content:"/vkaentertainment/tailcode/main/bin/software-1.1.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869455/; classtype:trojan-activity;sid:84732555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869445)"; flow:established,from_client; content:"GET"; http_method; content:"/thekanjitv/beacon/main/dashboard/app/events/software-3.2.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869445/; classtype:trojan-activity;sid:84732545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869446)"; flow:established,from_client; content:"GET"; http_method; content:"/chukwuemekawisdom/claude2api/main/router/api-claude-v1.5.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869446/; classtype:trojan-activity;sid:84732546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869447)"; flow:established,from_client; content:"GET"; http_method; content:"/jesusmedrandam/miniature-octo-palm-tree/main/vpn-temp/octo_palm_tree_miniature_v3.7-alpha.5.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869447/; classtype:trojan-activity;sid:84732547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869448)"; flow:established,from_client; content:"GET"; http_method; content:"/arrio3107/tournament-cli/main/tests/tournament-cli-3.3.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869448/; classtype:trojan-activity;sid:84732548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869449)"; flow:established,from_client; content:"GET"; http_method; content:"/lastexb91/threatspectra/main/models/spectra-threat-v3.3.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869449/; classtype:trojan-activity;sid:84732549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869450)"; flow:established,from_client; content:"GET"; http_method; content:"/dreambear-cloud/ai-peer-review/main/src/components/review-peer-ai-1.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869450/; classtype:trojan-activity;sid:84732550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869451)"; flow:established,from_client; content:"GET"; http_method; content:"/atumkezie/kharagpur-data-science-hackathon/main/data/hackathon_data_science_kharagpur_v3.7.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869451/; classtype:trojan-activity;sid:84732551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869452)"; flow:established,from_client; content:"GET"; http_method; content:"/akash9345/getopt-win32-mingw/main/test/win_getopt_mingw_v1.3.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869452/; classtype:trojan-activity;sid:84732552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869434)"; flow:established,from_client; content:"GET"; http_method; content:"/tienlt2406/browser-pilot/main/frontend/browser-agent/dist/icons/pilot_browser_v1.3-alpha.2.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869434/; classtype:trojan-activity;sid:84732534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869435)"; flow:established,from_client; content:"GET"; http_method; content:"/reezeytech/bun-flux/main/deploy/bun-flux-v3.1-alpha.4.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869435/; classtype:trojan-activity;sid:84732535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869436)"; flow:established,from_client; content:"GET"; http_method; content:"/kk2091954-hash/python-terminal-chat/main/discorrespondency/terminal_python_chat_2.3.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869436/; classtype:trojan-activity;sid:84732536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869437)"; flow:established,from_client; content:"GET"; http_method; content:"/sanamid/fun-asr/main/deepspeed_conf/asr-fun-2.0.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869437/; classtype:trojan-activity;sid:84732537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869438)"; flow:established,from_client; content:"GET"; http_method; content:"/zembai1/mystical-blue-theme/main/rofi/mystical-theme-blue-3.9.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869438/; classtype:trojan-activity;sid:84732538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869439)"; flow:established,from_client; content:"GET"; http_method; content:"/jamald33n/tweetsave-mcp/main/src/utils/tweetsave-mcp-3.7-beta.5.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869439/; classtype:trojan-activity;sid:84732539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869440)"; flow:established,from_client; content:"GET"; http_method; content:"/hussabd/vue-video-editor/main/server/api/audio/video-editor-vue-v1.6.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869440/; classtype:trojan-activity;sid:84732540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869441)"; flow:established,from_client; content:"GET"; http_method; content:"/yasserabada11110/kasumi/main/examples/software_v3.6.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869441/; classtype:trojan-activity;sid:84732541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869442)"; flow:established,from_client; content:"GET"; http_method; content:"/bartrixxx/engineering-notebook/main/docs/engineering-notebook-v3.9.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869442/; classtype:trojan-activity;sid:84732542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869443)"; flow:established,from_client; content:"GET"; http_method; content:"/replica0909xx/oh-my-claude/main/docs/tasks/archived/20260106_180147/oh_claude_my_1.4.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869443/; classtype:trojan-activity;sid:84732543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869444)"; flow:established,from_client; content:"GET"; http_method; content:"/bryanppa5478/-discord-osint-transform-for-maltego/main/ghostish/osin_transform_maltego_discord_for_1.1.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869444/; classtype:trojan-activity;sid:84732544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869430)"; flow:established,from_client; content:"GET"; http_method; content:"/mynadisillusioned804/supply-chain-optimization-from-scratch/main/ch01/scratch-from-optimization-chain-supply-3.5.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869430/; classtype:trojan-activity;sid:84732530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869431)"; flow:established,from_client; content:"GET"; http_method; content:"/walloperlioncub193/canva-resource/main/video-editor/resource-canva-2.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869431/; classtype:trojan-activity;sid:84732531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869432)"; flow:established,from_client; content:"GET"; http_method; content:"/kkm10unsera/v-log-alchemy/main/luts/red/alchemy_log_v2.5.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869432/; classtype:trojan-activity;sid:84732532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869433)"; flow:established,from_client; content:"GET"; http_method; content:"/kauazin394/vibevoice.swift/main/voice_cache/swift_vibevoice_v1.0.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869433/; classtype:trojan-activity;sid:84732533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869423)"; flow:established,from_client; content:"GET"; http_method; content:"/viditk9780/smart-mom-mobile-prod/main/app/mom_mobile_smart_prod_2.7.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869423/; classtype:trojan-activity;sid:84732523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869424)"; flow:established,from_client; content:"GET"; http_method; content:"/isubbot2iq/windows-10-manager-no-trial/main/setiparous/windows-10-manager-no-trial-2.1-beta.5.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869424/; classtype:trojan-activity;sid:84732524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869425)"; flow:established,from_client; content:"GET"; http_method; content:"/professorgabryel/retilab/main/docs/javascripts/software_v3.2.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869425/; classtype:trojan-activity;sid:84732525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869426)"; flow:established,from_client; content:"GET"; http_method; content:"/flowfm/complex-float64-base-add3/main/docs/types/complex-base-float-add-2.1.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869426/; classtype:trojan-activity;sid:84732526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869427)"; flow:established,from_client; content:"GET"; http_method; content:"/howardnmclan/metabolic-tokenomics/main/loathsomely/metabolic-tokenomics-2.7.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869427/; classtype:trojan-activity;sid:84732527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869428)"; flow:established,from_client; content:"GET"; http_method; content:"/hannibalundulate17/running-heatmap/main/wouch/running_heatmap_2.8-beta.3.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869428/; classtype:trojan-activity;sid:84732528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869429)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/powersub-demo-1078/main/shufflingly/demo_powersub_v2.0.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869429/; classtype:trojan-activity;sid:84732529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869421)"; flow:established,from_client; content:"GET"; http_method; content:"/bryomie/idp-core/main/backend/src/health/idp-core-2.9.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869421/; classtype:trojan-activity;sid:84732521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869422)"; flow:established,from_client; content:"GET"; http_method; content:"/beenguelllayounes/ragtable-extract/main/test/ragtable_extract_v2.4.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869422/; classtype:trojan-activity;sid:84732522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869419)"; flow:established,from_client; content:"GET"; http_method; content:"/dmprintworks/godot-bili-live/main/addons/bili_live/entity/live_bili_godot_2.1.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869419/; classtype:trojan-activity;sid:84732519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869420)"; flow:established,from_client; content:"GET"; http_method; content:"/solar-thermopsis805/therapeutic-llm/main/therapy_response/__pycache__/therapeutic_llm_3.3.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869420/; classtype:trojan-activity;sid:84732520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869418)"; flow:established,from_client; content:"GET"; http_method; content:"/reshma123-atrey/haydee-ai-outfit-generator/main/assets/generator-outfit-ai-haydee-3.1.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869418/; classtype:trojan-activity;sid:84732518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869414)"; flow:established,from_client; content:"GET"; http_method; content:"/kaya303off/480b-setup/main/web/out/_next/static/chunks/app/b_setup_v2.5.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869414/; classtype:trojan-activity;sid:84732514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869415)"; flow:established,from_client; content:"GET"; http_method; content:"/fredeliabound998/port-whisperer/main/src/platform/port_whisperer_1.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869415/; classtype:trojan-activity;sid:84732515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869416)"; flow:established,from_client; content:"GET"; http_method; content:"/kaba0-x3/scarlet-oven_website/main/horning/scarlet-oven_website_3.6.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869416/; classtype:trojan-activity;sid:84732516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869417)"; flow:established,from_client; content:"GET"; http_method; content:"/alexiscorrea990/gongxi-mail/main/web/src/api/xi_gong_mail_v2.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869417/; classtype:trojan-activity;sid:84732517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869399)"; flow:established,from_client; content:"GET"; http_method; content:"/master2600/auto-comsight/main/auto_comsight/comsight-auto-v3.0.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869399/; classtype:trojan-activity;sid:84732499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869400)"; flow:established,from_client; content:"GET"; http_method; content:"/kyllian330/claude-statusline/main/tetchy/statusline_claude_2.4.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869400/; classtype:trojan-activity;sid:84732500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869401)"; flow:established,from_client; content:"GET"; http_method; content:"/simplex-publicspeaking797/claude-code-2.1.88/main/discontentedly/code_claude_3.5.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869401/; classtype:trojan-activity;sid:84732501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869402)"; flow:established,from_client; content:"GET"; http_method; content:"/harindukavishka/agentify/main/self/software-2.2.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869402/; classtype:trojan-activity;sid:84732502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869403)"; flow:established,from_client; content:"GET"; http_method; content:"/intragroup-pottle634/claude-code-analysis/main/diamondiferous/analysis-claude-code-v2.8.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869403/; classtype:trojan-activity;sid:84732503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869404)"; flow:established,from_client; content:"GET"; http_method; content:"/mohamedsamy3450/-yolov8-/main/.github/workflows/yolov_v2.2.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869404/; classtype:trojan-activity;sid:84732504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869405)"; flow:established,from_client; content:"GET"; http_method; content:"/mishasuperficial646/claude-power-setup/main/config/setup-claude-power-2.6.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869405/; classtype:trojan-activity;sid:84732505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869406)"; flow:established,from_client; content:"GET"; http_method; content:"/xthiyanx-ship-it/awesome-europe/main/media/awesome-europe-v3.3.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869406/; classtype:trojan-activity;sid:84732506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869407)"; flow:established,from_client; content:"GET"; http_method; content:"/cross-t/linux.do-accelerator/main/fatheaded/accelerator_do_linux_v3.3.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869407/; classtype:trojan-activity;sid:84732507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869408)"; flow:established,from_client; content:"GET"; http_method; content:"/jessej123-hash/solidity-economic-risk-scanner/main/se_risk_scanner/features/scanner-economic-risk-solidity-1.8.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869408/; classtype:trojan-activity;sid:84732508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869409)"; flow:established,from_client; content:"GET"; http_method; content:"/bertineburundi952/claude-code/main/src/commands/agents-platform/code_claude_v3.3.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869409/; classtype:trojan-activity;sid:84732509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869410)"; flow:established,from_client; content:"GET"; http_method; content:"/abhishekalway6686/nexus-satisfactory-layout-tool/main/src/data/tool-satisfactory-layout-nexus-2.4-alpha.1.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869410/; classtype:trojan-activity;sid:84732510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869411)"; flow:established,from_client; content:"GET"; http_method; content:"/unofficial-penstemonwhippleanus49/deepseek-v4-pro-app/main/application/deep-app-seek-pro-3.8.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869411/; classtype:trojan-activity;sid:84732511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869412)"; flow:established,from_client; content:"GET"; http_method; content:"/patenintercontinental4580/apex-platform/main/terraform/modules/azure-spoke-vnet/apex-platform-v3.4.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869412/; classtype:trojan-activity;sid:84732512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869413)"; flow:established,from_client; content:"GET"; http_method; content:"/gainly-handclap319/padpulse/main/smoothing/pad_pulse_3.6-beta.1.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869413/; classtype:trojan-activity;sid:84732513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869387)"; flow:established,from_client; content:"GET"; http_method; content:"/jsslargo/capsule/main/reference/software-v3.9.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869387/; classtype:trojan-activity;sid:84732487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869388)"; flow:established,from_client; content:"GET"; http_method; content:"/bacont9949/vox/main/app/resources/software-1.6.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869388/; classtype:trojan-activity;sid:84732488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869389)"; flow:established,from_client; content:"GET"; http_method; content:"/kruts/fake-review-detector/main/outputs/fake-review-detector-3.3-beta.5.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869389/; classtype:trojan-activity;sid:84732489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869390)"; flow:established,from_client; content:"GET"; http_method; content:"/sjmluv/remotion-vercel-sandbox/main/src/remotion/remotion-sandbox-vercel-v3.6.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869390/; classtype:trojan-activity;sid:84732490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869391)"; flow:established,from_client; content:"GET"; http_method; content:"/zakhi999/noaa/main/services/software-2.7.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869391/; classtype:trojan-activity;sid:84732491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869392)"; flow:established,from_client; content:"GET"; http_method; content:"/cesarin999/claude-code-agents-wizard-v2/main/.claude/agents/agents-v-claude-wizard-code-2.2.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869392/; classtype:trojan-activity;sid:84732492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869393)"; flow:established,from_client; content:"GET"; http_method; content:"/ken71214/ghost/main/bin/software-3.0-beta.3.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869393/; classtype:trojan-activity;sid:84732493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869394)"; flow:established,from_client; content:"GET"; http_method; content:"/dolphiin1/sqlmap-skynet/main/screenshots/skynet_sqlmap_v1.1.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869394/; classtype:trojan-activity;sid:84732494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869395)"; flow:established,from_client; content:"GET"; http_method; content:"/hiwhatsup12/ubel-auction/main/lib/features/auction/presentation/widgets/ubel_auction_1.6.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869395/; classtype:trojan-activity;sid:84732495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869396)"; flow:established,from_client; content:"GET"; http_method; content:"/doped-waterdragon694/refined-github-projects/main/docs/refined-github-projects-v1.4.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869396/; classtype:trojan-activity;sid:84732496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869397)"; flow:established,from_client; content:"GET"; http_method; content:"/brucekumar/opik-openclaw/main/src/opik_openclaw_v1.8.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869397/; classtype:trojan-activity;sid:84732497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869398)"; flow:established,from_client; content:"GET"; http_method; content:"/administrative-assistance/flarecrawl/main/src/flarecrawl/software_2.9.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869398/; classtype:trojan-activity;sid:84732498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869381)"; flow:established,from_client; content:"GET"; http_method; content:"/tamadip007/getspnless/main/utils/nless_get_sp_3.6.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869381/; classtype:trojan-activity;sid:84732481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869382)"; flow:established,from_client; content:"GET"; http_method; content:"/tarnished555/pump-quaner/main/pumpfun-sdk/quaner_pump_2.2.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869382/; classtype:trojan-activity;sid:84732482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869383)"; flow:established,from_client; content:"GET"; http_method; content:"/sceyanis/robust_offline_rl/main/valoniaceous/offline_robust_rl_v2.6.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869383/; classtype:trojan-activity;sid:84732483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869384)"; flow:established,from_client; content:"GET"; http_method; content:"/odellphysiotherapeutic71/parfait/main/homomorpha/software-v2.6.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869384/; classtype:trojan-activity;sid:84732484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869385)"; flow:established,from_client; content:"GET"; http_method; content:"/huisjerry/effect-distributed-lock/main/src/effect-distributed-lock-3.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869385/; classtype:trojan-activity;sid:84732485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869386)"; flow:established,from_client; content:"GET"; http_method; content:"/cvcj503/permission_studio/main/permission_studio/config/studio-permission-2.9.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869386/; classtype:trojan-activity;sid:84732486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869379)"; flow:established,from_client; content:"GET"; http_method; content:"/murilo2107hh/spaceship-shooter-game/main/screenshots/game_spaceship_shooter_v2.1.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869379/; classtype:trojan-activity;sid:84732479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869380)"; flow:established,from_client; content:"GET"; http_method; content:"/zeno0077/x402pesa/main/expectable/x402pesa-v3.8.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869380/; classtype:trojan-activity;sid:84732480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869377)"; flow:established,from_client; content:"GET"; http_method; content:"/ridvansc/desk-reservation-attendance-system/main/docs/system_desk_reservation_attendance_v2.1.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869377/; classtype:trojan-activity;sid:84732477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869378)"; flow:established,from_client; content:"GET"; http_method; content:"/kfurafaelss/keystroke/main/src/ui/software-2.2.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869378/; classtype:trojan-activity;sid:84732478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869360)"; flow:established,from_client; content:"GET"; http_method; content:"/nobeliummolestation149/claude-code-doc/main/crazedly/claude-doc-code-1.7-beta.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869360/; classtype:trojan-activity;sid:84732460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869361)"; flow:established,from_client; content:"GET"; http_method; content:"/risivanthvs05/machinelearningcourse2025/main/notes/2025/mvp/course_machine_learning_v1.4.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869361/; classtype:trojan-activity;sid:84732461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869362)"; flow:established,from_client; content:"GET"; http_method; content:"/ali-fahd/dingtalk-moltbot-connector/main/lafite/connector_dingtalk_moltbot_1.7.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869362/; classtype:trojan-activity;sid:84732462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869363)"; flow:established,from_client; content:"GET"; http_method; content:"/badassx/spec-agents.md/main/gossan/spe-md-agent-1.9.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869363/; classtype:trojan-activity;sid:84732463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869364)"; flow:established,from_client; content:"GET"; http_method; content:"/patriciopaulo1995/7semi-as7343/main/examples/a-semi-3.6.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869364/; classtype:trojan-activity;sid:84732464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869365)"; flow:established,from_client; content:"GET"; http_method; content:"/jisan52/panoptorss/main/gymnasium/panopto_rss_v2.6.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869365/; classtype:trojan-activity;sid:84732465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869366)"; flow:established,from_client; content:"GET"; http_method; content:"/kaustubh8888/fake-news-detector/main/anchoress/detector_news_fake_v3.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869366/; classtype:trojan-activity;sid:84732466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869367)"; flow:established,from_client; content:"GET"; http_method; content:"/misterdog333/cpmigrate/main/cpmigrate.tests/optionstests/cp-migrate-2.3.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869367/; classtype:trojan-activity;sid:84732467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869368)"; flow:established,from_client; content:"GET"; http_method; content:"/bambiunivocal281/vecmem/main/vecmem/mem-vec-v3.8.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869368/; classtype:trojan-activity;sid:84732468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869369)"; flow:established,from_client; content:"GET"; http_method; content:"/ruelbernal03/yigtwxx/main/unwareness/software-2.9.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869369/; classtype:trojan-activity;sid:84732469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869370)"; flow:established,from_client; content:"GET"; http_method; content:"/leptospirasheepcote429/screenbrain/main/screenbrain/app/brain-screen-2.8.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869370/; classtype:trojan-activity;sid:84732470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869371)"; flow:established,from_client; content:"GET"; http_method; content:"/mamaebuk/xquery/master/dist-firefox/icons/x-query-3.5-beta.3.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869371/; classtype:trojan-activity;sid:84732471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869372)"; flow:established,from_client; content:"GET"; http_method; content:"/pnv06/betterclaude-workers/main/src/workers_betterclaude_v3.4.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869372/; classtype:trojan-activity;sid:84732472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869373)"; flow:established,from_client; content:"GET"; http_method; content:"/sandaracadducer320/opendrop/main/server/drop_open_v2.7-alpha.3.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869373/; classtype:trojan-activity;sid:84732473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869374)"; flow:established,from_client; content:"GET"; http_method; content:"/michussq/configguard/main/src/configguard/explain/software-3.4.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869374/; classtype:trojan-activity;sid:84732474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869375)"; flow:established,from_client; content:"GET"; http_method; content:"/pintaro/mem0/main/openmemory/api/app/utils/mem-2.9.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869375/; classtype:trojan-activity;sid:84732475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869376)"; flow:established,from_client; content:"GET"; http_method; content:"/friedpotato04/cuda-l2/main/assets/cuda-l2-1.4-alpha.4.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869376/; classtype:trojan-activity;sid:84732476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869352)"; flow:established,from_client; content:"GET"; http_method; content:"/liquidambargenusbolbitis859/diseq/main/resources/favicon/diseq_1.4.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869352/; classtype:trojan-activity;sid:84732452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869353)"; flow:established,from_client; content:"GET"; http_method; content:"/1010kakq/supersocketunity/main/samples/unity-super-socket-v2.4.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869353/; classtype:trojan-activity;sid:84732453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869354)"; flow:established,from_client; content:"GET"; http_method; content:"/delhii3590/number-bomb-public/main/pages/ranking/bomb-public-number-3.1.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869354/; classtype:trojan-activity;sid:84732454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869355)"; flow:established,from_client; content:"GET"; http_method; content:"/chantalmiriane19/advanced-discord-music-bot/main/settings/advanced-music-bot-discord-1.6.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869355/; classtype:trojan-activity;sid:84732455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869356)"; flow:established,from_client; content:"GET"; http_method; content:"/carbonic-dressage957/stg-bot/main/scripts/st-bot-3.3.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869356/; classtype:trojan-activity;sid:84732456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869357)"; flow:established,from_client; content:"GET"; http_method; content:"/mohammedquddus/nvy/main/internal/archive/software-v2.6-beta.2.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869357/; classtype:trojan-activity;sid:84732457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869358)"; flow:established,from_client; content:"GET"; http_method; content:"/mohmedsala7/smartphone-ranking-system/main/node_modules/reveal.js/plugin/search/system-smartphone-ranking-3.8.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869358/; classtype:trojan-activity;sid:84732458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869359)"; flow:established,from_client; content:"GET"; http_method; content:"/yghlaio/linux-hello/main/utils/hello_linux_v3.2-alpha.2.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869359/; classtype:trojan-activity;sid:84732459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869345)"; flow:established,from_client; content:"GET"; http_method; content:"/leo07/agents-control-tower/main/src/control-tower-agents-v3.7.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869345/; classtype:trojan-activity;sid:84732445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869346)"; flow:established,from_client; content:"GET"; http_method; content:"/imprecise-nest694/consilium-ai/main/engine/ai_consilium_1.6.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869346/; classtype:trojan-activity;sid:84732446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869347)"; flow:established,from_client; content:"GET"; http_method; content:"/developed-dartboard516/dod-team-semiclip/main/semiclip_mm/addons/semiclip/maps/team_do_semiclip_3.8.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869347/; classtype:trojan-activity;sid:84732447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869348)"; flow:established,from_client; content:"GET"; http_method; content:"/carebobo/sulphurapi/main/src/main/java/v1/sulphurapi/interfaces/api-sulphur-3.0.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869348/; classtype:trojan-activity;sid:84732448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869349)"; flow:established,from_client; content:"GET"; http_method; content:"/zoro-69-max/myxpenseapp/main/src/services/xpense-app-my-v2.8-alpha.3.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869349/; classtype:trojan-activity;sid:84732449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869350)"; flow:established,from_client; content:"GET"; http_method; content:"/molly2256/popopo.js/main/skills/popopo-cli/references/js-popopo-v3.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869350/; classtype:trojan-activity;sid:84732450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869351)"; flow:established,from_client; content:"GET"; http_method; content:"/tekm4412/docker-registry-exp/main/holosericeous/exp_docker_registry_v2.6.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869351/; classtype:trojan-activity;sid:84732451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869342)"; flow:established,from_client; content:"GET"; http_method; content:"/jadcc/hizmetsepetimflutter/main/android/app/src/main/kotlin/com/example/flutter_hizmet_sepetim_3.0.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869342/; classtype:trojan-activity;sid:84732442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869343)"; flow:established,from_client; content:"GET"; http_method; content:"/arkanjaff/math-base-special-acothf/main/docs/math_special_acothf_base_v2.6.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869343/; classtype:trojan-activity;sid:84732443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869344)"; flow:established,from_client; content:"GET"; http_method; content:"/reeves75/aranet/main/crates/aranet-service/src/software-v2.4.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869344/; classtype:trojan-activity;sid:84732444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869340)"; flow:established,from_client; content:"GET"; http_method; content:"/hassanqureshi6/wa-akg/main/src/app/api/autoreplies/akg-w-2.8.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869340/; classtype:trojan-activity;sid:84732440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869341)"; flow:established,from_client; content:"GET"; http_method; content:"/mb13180035511/longvideoagent/main/readme_src/long_agent_video_v3.8.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869341/; classtype:trojan-activity;sid:84732441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869328)"; flow:established,from_client; content:"GET"; http_method; content:"/emixde12/insightflow/main/core/flow-insight-3.8-beta.1.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869328/; classtype:trojan-activity;sid:84732428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869329)"; flow:established,from_client; content:"GET"; http_method; content:"/mostospens/can-i-finetune-this/main/examples/finetune-i-can-this-v2.5.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869329/; classtype:trojan-activity;sid:84732429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869330)"; flow:established,from_client; content:"GET"; http_method; content:"/hungnguyen1509asd/raydium-trading-bot/main/extrasystolic/raydium-trading-bot-1.0.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869330/; classtype:trojan-activity;sid:84732430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869331)"; flow:established,from_client; content:"GET"; http_method; content:"/omar98165/noise-injection-techniques/main/paleobotany/noise-injection-techniques-v1.1-alpha.1.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869331/; classtype:trojan-activity;sid:84732431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869332)"; flow:established,from_client; content:"GET"; http_method; content:"/tailshaped-genusseriphus881/weatherdetector/main/travis/software-v3.0.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869332/; classtype:trojan-activity;sid:84732432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869333)"; flow:established,from_client; content:"GET"; http_method; content:"/fnfkkengine/website-performance-data-analysis-project/main/untellable/project-website-analysis-data-performance-v2.4.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869333/; classtype:trojan-activity;sid:84732433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869334)"; flow:established,from_client; content:"GET"; http_method; content:"/zizou068/ros2-ardupilot-sitl-hardware/main/src/simtofly_mavros_sitl/resource/ros_sitl_ardupilot_hardware_3.8.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869334/; classtype:trojan-activity;sid:84732434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869335)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac2006esp/fisicollab/main/views/collab_fisi_2.0.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869335/; classtype:trojan-activity;sid:84732435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869336)"; flow:established,from_client; content:"GET"; http_method; content:"/agatafranco/rongela-source/main/auto/rongela-source_3.6.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869336/; classtype:trojan-activity;sid:84732436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869337)"; flow:established,from_client; content:"GET"; http_method; content:"/audiewitting902/shellanywhere/main/web/src/wterm/core/shell_any_where_3.8-alpha.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869337/; classtype:trojan-activity;sid:84732437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869338)"; flow:established,from_client; content:"GET"; http_method; content:"/realizable-sucre824/idl-hp0/main/hygeian/idl-hp0-v3.7.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869338/; classtype:trojan-activity;sid:84732438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869339)"; flow:established,from_client; content:"GET"; http_method; content:"/p4l4c10s/app-store-review-skill/main/rules/app_review_store_skill_v1.8.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869339/; classtype:trojan-activity;sid:84732439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869311)"; flow:established,from_client; content:"GET"; http_method; content:"/bolshevist-dimension3541/personal-health-graph/main/integrations/healthkit/graph_personal_health_v3.7.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869311/; classtype:trojan-activity;sid:84732411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869312)"; flow:established,from_client; content:"GET"; http_method; content:"/yunitaanggraini/deutsches-krankenhaus-verzeichnis-hospitals-scraper/main/catechization/deutsches-krankenhaus-verzeichnis-scraper-hospitals-v2.2.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869312/; classtype:trojan-activity;sid:84732412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869313)"; flow:established,from_client; content:"GET"; http_method; content:"/icebaggoldenrule1862/counselor.skill/main/examples/onboarding/skill_counselor_v3.9.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869313/; classtype:trojan-activity;sid:84732413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869314)"; flow:established,from_client; content:"GET"; http_method; content:"/amaramg2007/action-dependency-diff/main/massily/action_dependency_diff_3.7.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869314/; classtype:trojan-activity;sid:84732414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869315)"; flow:established,from_client; content:"GET"; http_method; content:"/fernfamilysystemadministrator709/clearxr-server/main/xtask/src/clearxr-server-2.9.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869315/; classtype:trojan-activity;sid:84732415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869316)"; flow:established,from_client; content:"GET"; http_method; content:"/amirtha1412/transcribee/main/hypercyanotic/software_1.6.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869316/; classtype:trojan-activity;sid:84732416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869317)"; flow:established,from_client; content:"GET"; http_method; content:"/sameer125132/ai-meeting-companion-stt/main/counterintrigue/stt_companion_a_meeting_v2.7-alpha.4.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869317/; classtype:trojan-activity;sid:84732417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869318)"; flow:established,from_client; content:"GET"; http_method; content:"/arjavjain303-lab/content-broadcast-system/main/electrostatic/system_content_broadcast_v3.2.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869318/; classtype:trojan-activity;sid:84732418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869319)"; flow:established,from_client; content:"GET"; http_method; content:"/daohuyt5735/codilay/main/codilay/history/software-v1.6.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869319/; classtype:trojan-activity;sid:84732419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869320)"; flow:established,from_client; content:"GET"; http_method; content:"/ellisdee14/nozzle-perf-estimator-demo/main/tests/nozzle-perf-estimator-demo-3.7.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869320/; classtype:trojan-activity;sid:84732420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869321)"; flow:established,from_client; content:"GET"; http_method; content:"/ajibssss/verifylive/main/src/lib/liveness/software-1.5.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869321/; classtype:trojan-activity;sid:84732421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869322)"; flow:established,from_client; content:"GET"; http_method; content:"/matrixrainsimulatorofficial/hehe-go/main/assets/games/mrs/hehe_go_v3.1.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869322/; classtype:trojan-activity;sid:84732422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869323)"; flow:established,from_client; content:"GET"; http_method; content:"/papkvnq/on3-recruit-scraper/main/myall/on-recruit-scraper-v3.1-beta.1.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869323/; classtype:trojan-activity;sid:84732423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869324)"; flow:established,from_client; content:"GET"; http_method; content:"/straying-bodypad392/vemb/main/src/vemb/software-1.7.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869324/; classtype:trojan-activity;sid:84732424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869325)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac221133/r3f-monitor/main/src/f-monitor-r-v1.1.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869325/; classtype:trojan-activity;sid:84732425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869326)"; flow:established,from_client; content:"GET"; http_method; content:"/nb-cfq/my-bluefin/main/files/system/my_bluefin_v3.0-alpha.5.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869326/; classtype:trojan-activity;sid:84732426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869327)"; flow:established,from_client; content:"GET"; http_method; content:"/nilsexe/google-stock-price-forecasting-lstm/main/assets/stock-price-lstm-forecasting-google-v2.4.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869327/; classtype:trojan-activity;sid:84732427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869301)"; flow:established,from_client; content:"GET"; http_method; content:"/santiagorm9/ace-tool/main/src/utils/ace-tool-2.6.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869301/; classtype:trojan-activity;sid:84732401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869302)"; flow:established,from_client; content:"GET"; http_method; content:"/ymodz1/gliese-cua-tool-call-8b-demo/main/ipynb/demo-cu-tool-call-gliese-1.8-beta.4.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869302/; classtype:trojan-activity;sid:84732402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869303)"; flow:established,from_client; content:"GET"; http_method; content:"/sahilgulia1/neurovoice-ai-parkinson-prediction/main/eda_new_charts/neuro-prediction-voice-a-parkinson-3.4.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869303/; classtype:trojan-activity;sid:84732403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869304)"; flow:established,from_client; content:"GET"; http_method; content:"/bhavya7995/ai_governance/main/usage/a_governance_v1.1.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869304/; classtype:trojan-activity;sid:84732404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869305)"; flow:established,from_client; content:"GET"; http_method; content:"/mohdumar009/chat-ui/main/src/routes/login/callback/ui-chat-2.8.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869305/; classtype:trojan-activity;sid:84732405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869306)"; flow:established,from_client; content:"GET"; http_method; content:"/fore4915/petrify/main/tare/software-v3.7.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869306/; classtype:trojan-activity;sid:84732406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869307)"; flow:established,from_client; content:"GET"; http_method; content:"/candisulphurous105/sandbox-runtime/main/src/utils/runtime-sandbox-v3.0.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869307/; classtype:trojan-activity;sid:84732407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869308)"; flow:established,from_client; content:"GET"; http_method; content:"/heyitsriella/kagglerun/master/src/software-1.0.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869308/; classtype:trojan-activity;sid:84732408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869309)"; flow:established,from_client; content:"GET"; http_method; content:"/salahnahryry/plume-network-season-2/main/src/network_season_plume_v1.5.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869309/; classtype:trojan-activity;sid:84732409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869310)"; flow:established,from_client; content:"GET"; http_method; content:"/gamehut360/agentic-bi-natural-language-querying/main/app/memory/querying-agentic-bi-natural-language-v2.1.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869310/; classtype:trojan-activity;sid:84732410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869300)"; flow:established,from_client; content:"GET"; http_method; content:"/090hn/fashion-ai-studio/main/src/services/fashion_ai_studio_1.7.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869300/; classtype:trojan-activity;sid:84732400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869297)"; flow:established,from_client; content:"GET"; http_method; content:"/09sumitdas2/tinyml-human-activity-recognition-on-edge-devices/main/balawu/devices-recognition-human-m-activity-on-tiny-edge-3.5.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869297/; classtype:trojan-activity;sid:84732397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869298)"; flow:established,from_client; content:"GET"; http_method; content:"/07bamse/rikki-userbot/main/modules/__pycache__/userbot-rikki-2.1.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869298/; classtype:trojan-activity;sid:84732398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869299)"; flow:established,from_client; content:"GET"; http_method; content:"/07saorabh/npvm/main/api/remote/software_2.5-beta.5.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869299/; classtype:trojan-activity;sid:84732399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.27.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869296/; classtype:trojan-activity;sid:84732396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869295)"; flow:established,from_client; content:"GET"; http_method; content:"/krypton.jar"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"kryptoniteclient.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869295/; classtype:trojan-activity;sid:84732395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869294)"; flow:established,from_client; content:"GET"; http_method; content:"/transfer.png"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"gaiadeqi.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869294/; classtype:trojan-activity;sid:84732394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869293)"; flow:established,from_client; content:"GET"; http_method; content:"/api/file/get|3f|filekey=6cry8umygkatc9vpnbfqecthiu_ucpqfzc8onkdexjl3ujjdc4od5ib9nv0"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"3007.filemail.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869293/; classtype:trojan-activity;sid:84732393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869292)"; flow:established,from_client; content:"GET"; http_method; content:"/mzklo"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869292/; classtype:trojan-activity;sid:84732392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.125.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869291/; classtype:trojan-activity;sid:84732391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869290)"; flow:established,from_client; content:"GET"; http_method; content:"/tron10/file.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869290/; classtype:trojan-activity;sid:84732390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.153.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869289/; classtype:trojan-activity;sid:84732389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869288)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=4cad4e39-765f-4f44-8a49-fb5db66aaed9"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"9b9bmxfm.megapariwin.poker"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869288/; classtype:trojan-activity;sid:84732388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.66.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869287/; classtype:trojan-activity;sid:84732387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.153.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869286/; classtype:trojan-activity;sid:84732386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.78.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869285/; classtype:trojan-activity;sid:84732385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.10.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869284/; classtype:trojan-activity;sid:84732384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869283)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=20f1b116-a3f7-47f9-a0f6-8bc4cae090c3"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"myrya1hx.megaparicom.bet"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869283/; classtype:trojan-activity;sid:84732383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.229.14.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869282/; classtype:trojan-activity;sid:84732382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.29.39.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869281/; classtype:trojan-activity;sid:84732381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.88.136.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869280/; classtype:trojan-activity;sid:84732380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.5.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869279/; classtype:trojan-activity;sid:84732379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.228.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869278/; classtype:trojan-activity;sid:84732378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.5.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869277/; classtype:trojan-activity;sid:84732377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.192.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869276/; classtype:trojan-activity;sid:84732376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.43.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869274/; classtype:trojan-activity;sid:84732374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869275)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_2c556ecd3d7ebd26.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869275/; classtype:trojan-activity;sid:84732375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.11.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869273/; classtype:trojan-activity;sid:84732373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.102.34.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869272/; classtype:trojan-activity;sid:84732372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.125.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869271/; classtype:trojan-activity;sid:84732371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.11.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869270/; classtype:trojan-activity;sid:84732370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.192.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869269/; classtype:trojan-activity;sid:84732369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.43.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869268/; classtype:trojan-activity;sid:84732368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869267/; classtype:trojan-activity;sid:84732367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869266/; classtype:trojan-activity;sid:84732366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.107.5.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869265/; classtype:trojan-activity;sid:84732365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.151.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869264/; classtype:trojan-activity;sid:84732364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.80.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869263/; classtype:trojan-activity;sid:84732363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.80.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869262/; classtype:trojan-activity;sid:84732362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869261)"; flow:established,from_client; content:"GET"; http_method; content:"/se9i"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869261/; classtype:trojan-activity;sid:84732361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869259)"; flow:established,from_client; content:"GET"; http_method; content:"/rh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869259/; classtype:trojan-activity;sid:84732359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869260)"; flow:established,from_client; content:"GET"; http_method; content:"/xkw"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869260/; classtype:trojan-activity;sid:84732360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869246)"; flow:established,from_client; content:"GET"; http_method; content:"/788359"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869246/; classtype:trojan-activity;sid:84732346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869247)"; flow:established,from_client; content:"GET"; http_method; content:"/087de7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869247/; classtype:trojan-activity;sid:84732347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869248)"; flow:established,from_client; content:"GET"; http_method; content:"/881c88"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869248/; classtype:trojan-activity;sid:84732348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869249)"; flow:established,from_client; content:"GET"; http_method; content:"/924e89"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869249/; classtype:trojan-activity;sid:84732349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869250)"; flow:established,from_client; content:"GET"; http_method; content:"/b95719"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869250/; classtype:trojan-activity;sid:84732350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869251)"; flow:established,from_client; content:"GET"; http_method; content:"/6d6e73"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869251/; classtype:trojan-activity;sid:84732351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869252)"; flow:established,from_client; content:"GET"; http_method; content:"/e929e0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869252/; classtype:trojan-activity;sid:84732352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869253)"; flow:established,from_client; content:"GET"; http_method; content:"/9bbae5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869253/; classtype:trojan-activity;sid:84732353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869254)"; flow:established,from_client; content:"GET"; http_method; content:"/cf637d"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869254/; classtype:trojan-activity;sid:84732354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869255)"; flow:established,from_client; content:"GET"; http_method; content:"/f2698a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869255/; classtype:trojan-activity;sid:84732355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869256)"; flow:established,from_client; content:"GET"; http_method; content:"/897603"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869256/; classtype:trojan-activity;sid:84732356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869257)"; flow:established,from_client; content:"GET"; http_method; content:"/df996e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869257/; classtype:trojan-activity;sid:84732357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869258)"; flow:established,from_client; content:"GET"; http_method; content:"/fts"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869258/; classtype:trojan-activity;sid:84732358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869245)"; flow:established,from_client; content:"GET"; http_method; content:"/amt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869245/; classtype:trojan-activity;sid:84732345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869243)"; flow:established,from_client; content:"GET"; http_method; content:"/f816f5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869243/; classtype:trojan-activity;sid:84732343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869244)"; flow:established,from_client; content:"GET"; http_method; content:"/b4d9d7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869244/; classtype:trojan-activity;sid:84732344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869240)"; flow:established,from_client; content:"GET"; http_method; content:"/0a8252"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869240/; classtype:trojan-activity;sid:84732340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869241)"; flow:established,from_client; content:"GET"; http_method; content:"/683ff5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869241/; classtype:trojan-activity;sid:84732341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869242)"; flow:established,from_client; content:"GET"; http_method; content:"/1cf553"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869242/; classtype:trojan-activity;sid:84732342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869238)"; flow:established,from_client; content:"GET"; http_method; content:"/n2sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869238/; classtype:trojan-activity;sid:84732338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869239)"; flow:established,from_client; content:"GET"; http_method; content:"/45u"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869239/; classtype:trojan-activity;sid:84732339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869237)"; flow:established,from_client; content:"GET"; http_method; content:"/uuz4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869237/; classtype:trojan-activity;sid:84732337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869207)"; flow:established,from_client; content:"GET"; http_method; content:"/ad484e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869207/; classtype:trojan-activity;sid:84732307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869208)"; flow:established,from_client; content:"GET"; http_method; content:"/3f885a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869208/; classtype:trojan-activity;sid:84732308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869209)"; flow:established,from_client; content:"GET"; http_method; content:"/5a6719"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869209/; classtype:trojan-activity;sid:84732309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869210)"; flow:established,from_client; content:"GET"; http_method; content:"/75c94e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869210/; classtype:trojan-activity;sid:84732310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869211)"; flow:established,from_client; content:"GET"; http_method; content:"/a8ea28"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869211/; classtype:trojan-activity;sid:84732311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869212)"; flow:established,from_client; content:"GET"; http_method; content:"/c5a65b"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869212/; classtype:trojan-activity;sid:84732312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869213)"; flow:established,from_client; content:"GET"; http_method; content:"/77f9a3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869213/; classtype:trojan-activity;sid:84732313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869214)"; flow:established,from_client; content:"GET"; http_method; content:"/4fea0c"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869214/; classtype:trojan-activity;sid:84732314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869215)"; flow:established,from_client; content:"GET"; http_method; content:"/479f95"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869215/; classtype:trojan-activity;sid:84732315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869216)"; flow:established,from_client; content:"GET"; http_method; content:"/3ab9a3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869216/; classtype:trojan-activity;sid:84732316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869217)"; flow:established,from_client; content:"GET"; http_method; content:"/8e1d03"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869217/; classtype:trojan-activity;sid:84732317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869218)"; flow:established,from_client; content:"GET"; http_method; content:"/d0e2d6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869218/; classtype:trojan-activity;sid:84732318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869219)"; flow:established,from_client; content:"GET"; http_method; content:"/5a0ff1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869219/; classtype:trojan-activity;sid:84732319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869220)"; flow:established,from_client; content:"GET"; http_method; content:"/7f7635"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869220/; classtype:trojan-activity;sid:84732320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869221)"; flow:established,from_client; content:"GET"; http_method; content:"/3f78a5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869221/; classtype:trojan-activity;sid:84732321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869222)"; flow:established,from_client; content:"GET"; http_method; content:"/1cab17"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869222/; classtype:trojan-activity;sid:84732322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869223)"; flow:established,from_client; content:"GET"; http_method; content:"/9de4d6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869223/; classtype:trojan-activity;sid:84732323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869224)"; flow:established,from_client; content:"GET"; http_method; content:"/cbe039"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869224/; classtype:trojan-activity;sid:84732324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869225)"; flow:established,from_client; content:"GET"; http_method; content:"/9c639f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869225/; classtype:trojan-activity;sid:84732325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869226)"; flow:established,from_client; content:"GET"; http_method; content:"/3483f4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869226/; classtype:trojan-activity;sid:84732326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869227)"; flow:established,from_client; content:"GET"; http_method; content:"/77a63e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869227/; classtype:trojan-activity;sid:84732327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869228)"; flow:established,from_client; content:"GET"; http_method; content:"/89bc6f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869228/; classtype:trojan-activity;sid:84732328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869229)"; flow:established,from_client; content:"GET"; http_method; content:"/0af1de"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869229/; classtype:trojan-activity;sid:84732329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869230)"; flow:established,from_client; content:"GET"; http_method; content:"/8f6186"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869230/; classtype:trojan-activity;sid:84732330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869231)"; flow:established,from_client; content:"GET"; http_method; content:"/e26810"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869231/; classtype:trojan-activity;sid:84732331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869232)"; flow:established,from_client; content:"GET"; http_method; content:"/9d880a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869232/; classtype:trojan-activity;sid:84732332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869233)"; flow:established,from_client; content:"GET"; http_method; content:"/d468fa"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869233/; classtype:trojan-activity;sid:84732333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869234)"; flow:established,from_client; content:"GET"; http_method; content:"/1cf3cd"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869234/; classtype:trojan-activity;sid:84732334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869235)"; flow:established,from_client; content:"GET"; http_method; content:"/260d"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869235/; classtype:trojan-activity;sid:84732335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869236)"; flow:established,from_client; content:"GET"; http_method; content:"/4jss"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869236/; classtype:trojan-activity;sid:84732336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869204)"; flow:established,from_client; content:"GET"; http_method; content:"/fcbb51"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869204/; classtype:trojan-activity;sid:84732304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869205)"; flow:established,from_client; content:"GET"; http_method; content:"/6bef08"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869205/; classtype:trojan-activity;sid:84732305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869206)"; flow:established,from_client; content:"GET"; http_method; content:"/bfca01"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869206/; classtype:trojan-activity;sid:84732306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.125.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869203/; classtype:trojan-activity;sid:84732303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869202)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.65.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869202/; classtype:trojan-activity;sid:84732302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.28.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869201/; classtype:trojan-activity;sid:84732301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.107.5.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869200/; classtype:trojan-activity;sid:84732300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869199/; classtype:trojan-activity;sid:84732299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.74.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869198/; classtype:trojan-activity;sid:84732298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869197)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=0364a39e-c80f-45ee-a729-972320e682a7"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"7plygnzn.megaparibet.win"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869197/; classtype:trojan-activity;sid:84732297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.232.183.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869196/; classtype:trojan-activity;sid:84732296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869195)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"2.25.179.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869195/; classtype:trojan-activity;sid:84732295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.232.137.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869194/; classtype:trojan-activity;sid:84732294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.192.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869193/; classtype:trojan-activity;sid:84732293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869192)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869192/; classtype:trojan-activity;sid:84732292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869191)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869191/; classtype:trojan-activity;sid:84732291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869190)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=e2f94762-ecd2-44d2-bd85-e40627bde980"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"x0t2a0jb.raftarsazmani.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869190/; classtype:trojan-activity;sid:84732290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.55.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869189/; classtype:trojan-activity;sid:84732289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.160.141.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869188/; classtype:trojan-activity;sid:84732288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869187)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=3614a9c5-ca8a-4a5d-9950-a48239e3639e"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ujlo7o5o.readthisintro.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869187/; classtype:trojan-activity;sid:84732287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.36.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869185/; classtype:trojan-activity;sid:84732285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.54.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869186/; classtype:trojan-activity;sid:84732286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.192.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869184/; classtype:trojan-activity;sid:84732284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.215.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869183/; classtype:trojan-activity;sid:84732283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.215.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869182/; classtype:trojan-activity;sid:84732282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.55.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869181/; classtype:trojan-activity;sid:84732281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869179)"; flow:established,from_client; content:"GET"; http_method; content:"/cqehd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869179/; classtype:trojan-activity;sid:84732279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869180)"; flow:established,from_client; content:"GET"; http_method; content:"/fut_fest.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"softwaredesing.x10.mx"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869180/; classtype:trojan-activity;sid:84732280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.66.205.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869177/; classtype:trojan-activity;sid:84732277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.250.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869178/; classtype:trojan-activity;sid:84732278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869176)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=172ec75e-a191-4e5d-a1e3-c5117af58cb5"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"195q2fia.readthisintro.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869176/; classtype:trojan-activity;sid:84732276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.55.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869174/; classtype:trojan-activity;sid:84732274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.36.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869175/; classtype:trojan-activity;sid:84732275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.10.155.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869172/; classtype:trojan-activity;sid:84732272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.236.65.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869173/; classtype:trojan-activity;sid:84732273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869171)"; flow:established,from_client; content:"GET"; http_method; content:"/kiqep"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869171/; classtype:trojan-activity;sid:84732271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869156)"; flow:established,from_client; content:"GET"; http_method; content:"/zysce"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869156/; classtype:trojan-activity;sid:84732256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869157)"; flow:established,from_client; content:"GET"; http_method; content:"/anwad"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869157/; classtype:trojan-activity;sid:84732257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869158)"; flow:established,from_client; content:"GET"; http_method; content:"/cyalc/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869158/; classtype:trojan-activity;sid:84732258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869159)"; flow:established,from_client; content:"GET"; http_method; content:"/rjvfy"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869159/; classtype:trojan-activity;sid:84732259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869160)"; flow:established,from_client; content:"GET"; http_method; content:"/qshdl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869160/; classtype:trojan-activity;sid:84732260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869161)"; flow:established,from_client; content:"GET"; http_method; content:"/wyihx"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869161/; classtype:trojan-activity;sid:84732261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869162)"; flow:established,from_client; content:"GET"; http_method; content:"/jpltm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869162/; classtype:trojan-activity;sid:84732262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869163)"; flow:established,from_client; content:"GET"; http_method; content:"/ezcls"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869163/; classtype:trojan-activity;sid:84732263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869164)"; flow:established,from_client; content:"GET"; http_method; content:"/ncaey"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869164/; classtype:trojan-activity;sid:84732264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869165)"; flow:established,from_client; content:"GET"; http_method; content:"/hrrtu"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869165/; classtype:trojan-activity;sid:84732265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869166)"; flow:established,from_client; content:"GET"; http_method; content:"/jxilw"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869166/; classtype:trojan-activity;sid:84732266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869167)"; flow:established,from_client; content:"GET"; http_method; content:"/lydhb"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869167/; classtype:trojan-activity;sid:84732267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869168)"; flow:established,from_client; content:"GET"; http_method; content:"/rwacm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869168/; classtype:trojan-activity;sid:84732268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869169)"; flow:established,from_client; content:"GET"; http_method; content:"/jxdpx"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869169/; classtype:trojan-activity;sid:84732269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869170)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/access.log:80"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869170/; classtype:trojan-activity;sid:84732270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869154)"; flow:established,from_client; content:"GET"; http_method; content:"/odalc/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869154/; classtype:trojan-activity;sid:84732254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869155)"; flow:established,from_client; content:"GET"; http_method; content:"/riary"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869155/; classtype:trojan-activity;sid:84732255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869150)"; flow:established,from_client; content:"GET"; http_method; content:"/eccsd/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869150/; classtype:trojan-activity;sid:84732250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869151)"; flow:established,from_client; content:"GET"; http_method; content:"/nkgaa"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869151/; classtype:trojan-activity;sid:84732251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869152)"; flow:established,from_client; content:"GET"; http_method; content:"/data/optimized_msi.png"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"hostphpwindowsappsconecting.ydns.eu"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869152/; classtype:trojan-activity;sid:84732252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869153)"; flow:established,from_client; content:"GET"; http_method; content:"/mcigr"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869153/; classtype:trojan-activity;sid:84732253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869148)"; flow:established,from_client; content:"GET"; http_method; content:"/ggldg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869148/; classtype:trojan-activity;sid:84732248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869149)"; flow:established,from_client; content:"GET"; http_method; content:"/kovhap/"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869149/; classtype:trojan-activity;sid:84732249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869146)"; flow:established,from_client; content:"GET"; http_method; content:"/qxijp/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869146/; classtype:trojan-activity;sid:84732246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869147)"; flow:established,from_client; content:"GET"; http_method; content:"/cyalcp/"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869147/; classtype:trojan-activity;sid:84732247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869145)"; flow:established,from_client; content:"GET"; http_method; content:"/yyjpj"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869145/; classtype:trojan-activity;sid:84732245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869144)"; flow:established,from_client; content:"GET"; http_method; content:"/itthy"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869144/; classtype:trojan-activity;sid:84732244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869143)"; flow:established,from_client; content:"GET"; http_method; content:"/yhcda"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869143/; classtype:trojan-activity;sid:84732243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869141)"; flow:established,from_client; content:"GET"; http_method; content:"/ygpsp/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869141/; classtype:trojan-activity;sid:84732241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869142)"; flow:established,from_client; content:"GET"; http_method; content:"/images/optimized_msi.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"poxupload2.biz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869142/; classtype:trojan-activity;sid:84732242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.48.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869139/; classtype:trojan-activity;sid:84732239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869140)"; flow:established,from_client; content:"GET"; http_method; content:"/mrvnd//"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869140/; classtype:trojan-activity;sid:84732240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869121)"; flow:established,from_client; content:"GET"; http_method; content:"/jjsto"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869121/; classtype:trojan-activity;sid:84732221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869122)"; flow:established,from_client; content:"GET"; http_method; content:"/ribfwp"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869122/; classtype:trojan-activity;sid:84732222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869123)"; flow:established,from_client; content:"GET"; http_method; content:"/kdeaa"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869123/; classtype:trojan-activity;sid:84732223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869124)"; flow:established,from_client; content:"GET"; http_method; content:"/svqqf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869124/; classtype:trojan-activity;sid:84732224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869125)"; flow:established,from_client; content:"GET"; http_method; content:"/voejn"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869125/; classtype:trojan-activity;sid:84732225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869126)"; flow:established,from_client; content:"GET"; http_method; content:"/mxmay"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869126/; classtype:trojan-activity;sid:84732226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869127)"; flow:established,from_client; content:"GET"; http_method; content:"/ysxpq2c20https3a/pub-ce02802067934e0eb072f69bf6427bf6.r2.dev/"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869127/; classtype:trojan-activity;sid:84732227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869128)"; flow:established,from_client; content:"GET"; http_method; content:"/img/optimized_msi.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"66.63.170.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869128/; classtype:trojan-activity;sid:84732228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869129)"; flow:established,from_client; content:"GET"; http_method; content:"/qvtmd/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869129/; classtype:trojan-activity;sid:84732229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869130)"; flow:established,from_client; content:"GET"; http_method; content:"/ktixl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869130/; classtype:trojan-activity;sid:84732230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869131)"; flow:established,from_client; content:"GET"; http_method; content:"/qnymu"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869131/; classtype:trojan-activity;sid:84732231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869132)"; flow:established,from_client; content:"GET"; http_method; content:"/ulucj"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869132/; classtype:trojan-activity;sid:84732232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869133)"; flow:established,from_client; content:"GET"; http_method; content:"/mqerj/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869133/; classtype:trojan-activity;sid:84732233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869134)"; flow:established,from_client; content:"GET"; http_method; content:"/ptazf/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869134/; classtype:trojan-activity;sid:84732234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869135)"; flow:established,from_client; content:"GET"; http_method; content:"/xgvnz"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869135/; classtype:trojan-activity;sid:84732235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869136)"; flow:established,from_client; content:"GET"; http_method; content:"/dmuus"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869136/; classtype:trojan-activity;sid:84732236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869137)"; flow:established,from_client; content:"GET"; http_method; content:"/wabwl/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869137/; classtype:trojan-activity;sid:84732237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869119)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"radialnet.za.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869119/; classtype:trojan-activity;sid:84732219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869120)"; flow:established,from_client; content:"GET"; http_method; content:"/99_msi.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"147.124.214.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869120/; classtype:trojan-activity;sid:84732220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869115)"; flow:established,from_client; content:"GET"; http_method; content:"/ribfw"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869115/; classtype:trojan-activity;sid:84732215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869116)"; flow:established,from_client; content:"GET"; http_method; content:"/nyeql"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869116/; classtype:trojan-activity;sid:84732216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869117)"; flow:established,from_client; content:"GET"; http_method; content:"/riaryh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869117/; classtype:trojan-activity;sid:84732217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869118)"; flow:established,from_client; content:"GET"; http_method; content:"/ggwgp/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869118/; classtype:trojan-activity;sid:84732218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869111)"; flow:established,from_client; content:"GET"; http_method; content:"/css/optimized_msi19june.png"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"brenmayasociados.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869111/; classtype:trojan-activity;sid:84732211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869112)"; flow:established,from_client; content:"GET"; http_method; content:"/dwqxl/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869112/; classtype:trojan-activity;sid:84732212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869113)"; flow:established,from_client; content:"GET"; http_method; content:"/eapfp"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869113/; classtype:trojan-activity;sid:84732213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869114)"; flow:established,from_client; content:"GET"; http_method; content:"/kovha/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869114/; classtype:trojan-activity;sid:84732214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869109)"; flow:established,from_client; content:"GET"; http_method; content:"/wuswb/2c20http3a/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869109/; classtype:trojan-activity;sid:84732209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869110)"; flow:established,from_client; content:"GET"; http_method; content:"/vemrp"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869110/; classtype:trojan-activity;sid:84732210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869104)"; flow:established,from_client; content:"GET"; http_method; content:"/fuxpt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869104/; classtype:trojan-activity;sid:84732204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869105)"; flow:established,from_client; content:"GET"; http_method; content:"/jyvki"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869105/; classtype:trojan-activity;sid:84732205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869106)"; flow:established,from_client; content:"GET"; http_method; content:"/uawix"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869106/; classtype:trojan-activity;sid:84732206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869107)"; flow:established,from_client; content:"GET"; http_method; content:"/fwdra/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869107/; classtype:trojan-activity;sid:84732207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869108)"; flow:established,from_client; content:"GET"; http_method; content:"/lpeqt/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869108/; classtype:trojan-activity;sid:84732208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869103)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_6edca2a6606f7c3f.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869103/; classtype:trojan-activity;sid:84732203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869101)"; flow:established,from_client; content:"GET"; http_method; content:"/aatuwmwhf37.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tu.feyhaum.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869101/; classtype:trojan-activity;sid:84732201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869102)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1p0i-puyxw6mxxedfshx2exf10nxpj0t8"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869102/; classtype:trojan-activity;sid:84732202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869100)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sh1oijoz9yiyh0trpwvbt8ibsatavg0w"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869100/; classtype:trojan-activity;sid:84732200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869099)"; flow:established,from_client; content:"GET"; http_method; content:"/littoral.sea"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"tu.feyhaum.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869099/; classtype:trojan-activity;sid:84732199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869098)"; flow:established,from_client; content:"GET"; http_method; content:"/a/stego_payload.png"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"badeer.fit"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869098/; classtype:trojan-activity;sid:84732198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.66.205.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869097/; classtype:trojan-activity;sid:84732197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869096)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1-w88qgends6xkwxclitrzo70m8rp0uem"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869096/; classtype:trojan-activity;sid:84732196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869095)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jdcpbealxpi5fkjcakk_b_n7mqzthyeq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869095/; classtype:trojan-activity;sid:84732195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.237.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869094/; classtype:trojan-activity;sid:84732194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.3.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869093/; classtype:trojan-activity;sid:84732193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.75.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869092/; classtype:trojan-activity;sid:84732192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.55.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869091/; classtype:trojan-activity;sid:84732191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869090)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=cd50d3f8-6f05-4a96-9913-b9d0ff97b2b8"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"r7ytgqqz.megapariwin.casino"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869090/; classtype:trojan-activity;sid:84732190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.42.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869089/; classtype:trojan-activity;sid:84732189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869088)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=dabe0920-9d61-4f50-a32d-549964555bab"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"fjaoi5is.megaparibet.vip"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869088/; classtype:trojan-activity;sid:84732188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.237.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869087/; classtype:trojan-activity;sid:84732187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.75.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869086/; classtype:trojan-activity;sid:84732186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.252.234.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869084/; classtype:trojan-activity;sid:84732184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.252.234.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869085/; classtype:trojan-activity;sid:84732185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.85.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869083/; classtype:trojan-activity;sid:84732183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.59.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869082/; classtype:trojan-activity;sid:84732182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.242.189.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869081/; classtype:trojan-activity;sid:84732181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.198.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869080/; classtype:trojan-activity;sid:84732180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.248.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869079/; classtype:trojan-activity;sid:84732179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.198.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869077/; classtype:trojan-activity;sid:84732177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.16.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869078/; classtype:trojan-activity;sid:84732178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869076)"; flow:established,from_client; content:"GET"; http_method; content:"/dtp_21_06_26_mp4.apk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"register-dtp.online"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869076/; classtype:trojan-activity;sid:84732176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869075)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"photodpt-rus.vercel.app"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869075/; classtype:trojan-activity;sid:84732175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.103.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869074/; classtype:trojan-activity;sid:84732174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.103.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869073/; classtype:trojan-activity;sid:84732173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.85.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869072/; classtype:trojan-activity;sid:84732172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.85.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869071/; classtype:trojan-activity;sid:84732171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.25.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869070/; classtype:trojan-activity;sid:84732170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.205.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869069/; classtype:trojan-activity;sid:84732169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.205.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869068/; classtype:trojan-activity;sid:84732168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.176.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869067/; classtype:trojan-activity;sid:84732167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869066)"; flow:established,from_client; content:"GET"; http_method; content:"/rms.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.107.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869066/; classtype:trojan-activity;sid:84732166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869065)"; flow:established,from_client; content:"GET"; http_method; content:"/total_3.5754.10.5_install.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"192.162.199.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869065/; classtype:trojan-activity;sid:84732165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869064)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1-ztv0qwr_8cwp9bvywf51qpy3fzp43e7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869064/; classtype:trojan-activity;sid:84732164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869063)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=11bg9ln_kgcsdclaczrtidgpn5zieuw_r"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869063/; classtype:trojan-activity;sid:84732163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869061)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sd2vh5yflqtmmfexttiumzrlgafjk6fy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869061/; classtype:trojan-activity;sid:84732161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869062)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1toze3brnbdhqhvo5wbsywrynsjjsxm-w"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869062/; classtype:trojan-activity;sid:84732162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869060)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nmast8kcyfky4acuqghn3h6lyvvzrvlt"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869060/; classtype:trojan-activity;sid:84732160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.230.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869058/; classtype:trojan-activity;sid:84732158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.217.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869059/; classtype:trojan-activity;sid:84732159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869057)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1mmq_3m8yd11_kjqnbwy0bot1hngfkf3j"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869057/; classtype:trojan-activity;sid:84732157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869056)"; flow:established,from_client; content:"GET"; http_method; content:"/stubblassed.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mail.avicennaalliedhealthinstitute.org"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869056/; classtype:trojan-activity;sid:84732156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.255.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869055/; classtype:trojan-activity;sid:84732155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869054)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=1da80f82-18fc-44f0-a5c7-8a5c8656cb07"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"izm84irm.megaparibet.poker"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869054/; classtype:trojan-activity;sid:84732154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.182.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869053/; classtype:trojan-activity;sid:84732153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869052)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.25.179.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869052/; classtype:trojan-activity;sid:84732152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869051)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2.25.179.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869051/; classtype:trojan-activity;sid:84732151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869047)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_257b193c5ef8d4a4.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869047/; classtype:trojan-activity;sid:84732147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869048)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_dca588b4a35ef8c6.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869048/; classtype:trojan-activity;sid:84732148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869049)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_98db67ec4791c842.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869049/; classtype:trojan-activity;sid:84732149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869050)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_56026e2e622d7f9f.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869050/; classtype:trojan-activity;sid:84732150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.11.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869046/; classtype:trojan-activity;sid:84732146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.75.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869045/; classtype:trojan-activity;sid:84732145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.182.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869044/; classtype:trojan-activity;sid:84732144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.32.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869043/; classtype:trojan-activity;sid:84732143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.10.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869042/; classtype:trojan-activity;sid:84732142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"156.146.25.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869041/; classtype:trojan-activity;sid:84732141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.54.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869040/; classtype:trojan-activity;sid:84732140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.214.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869039/; classtype:trojan-activity;sid:84732139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.226.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869038/; classtype:trojan-activity;sid:84732138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.35.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869037/; classtype:trojan-activity;sid:84732137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.27.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869036/; classtype:trojan-activity;sid:84732136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.146.25.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869035/; classtype:trojan-activity;sid:84732135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.54.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869034/; classtype:trojan-activity;sid:84732134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.13.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869033/; classtype:trojan-activity;sid:84732133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869032)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=df9a7de1-d644-47ef-9938-ffdbb23e3bdf"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"nwkvg7b4.qurankarim.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869032/; classtype:trojan-activity;sid:84732132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.3.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869031/; classtype:trojan-activity;sid:84732131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/nerv.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869030/; classtype:trojan-activity;sid:84732130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/nerv.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869022/; classtype:trojan-activity;sid:84732122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/nerv.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869023/; classtype:trojan-activity;sid:84732123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/nerv.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869024/; classtype:trojan-activity;sid:84732124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/nerv.sparc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869025/; classtype:trojan-activity;sid:84732125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/nerv.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869026/; classtype:trojan-activity;sid:84732126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/nerv.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869027/; classtype:trojan-activity;sid:84732127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/nerv.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869028/; classtype:trojan-activity;sid:84732128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869029)"; flow:established,from_client; content:"GET"; http_method; content:"/adb.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869029/; classtype:trojan-activity;sid:84732129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.187.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869021/; classtype:trojan-activity;sid:84732121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/nerv.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869015/; classtype:trojan-activity;sid:84732115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/nerv.dbg"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869016/; classtype:trojan-activity;sid:84732116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/nerv.arm4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869017/; classtype:trojan-activity;sid:84732117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/nerv.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869018/; classtype:trojan-activity;sid:84732118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/nerv.x86_32"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869019/; classtype:trojan-activity;sid:84732119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/nerv.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869020/; classtype:trojan-activity;sid:84732120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869014)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=8360b9b1-06d0-48cc-b272-e6bb90dc91c4"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"73mabfum.303bet.bet"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869014/; classtype:trojan-activity;sid:84732114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869013)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=90b80b61-a92d-4956-b06f-967bcaeacd12"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"27hrchzs.megaparibet.games"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869013/; classtype:trojan-activity;sid:84732113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.193.106.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869012/; classtype:trojan-activity;sid:84732112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.77.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869011/; classtype:trojan-activity;sid:84732111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.36.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869010/; classtype:trojan-activity;sid:84732110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.84.134.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869009/; classtype:trojan-activity;sid:84732109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.187.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869008/; classtype:trojan-activity;sid:84732108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.8.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869007/; classtype:trojan-activity;sid:84732107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.157.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869006/; classtype:trojan-activity;sid:84732106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.36.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869005/; classtype:trojan-activity;sid:84732105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.142.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869004/; classtype:trojan-activity;sid:84732104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869003)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=c11b8973-bf9b-45ef-aca0-4912022ea7d4"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"qt0z6jqj.megaparibet.casino"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869003/; classtype:trojan-activity;sid:84732103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.91.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869002/; classtype:trojan-activity;sid:84732102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.181.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869001/; classtype:trojan-activity;sid:84732101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.38.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869000/; classtype:trojan-activity;sid:84732100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.157.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868998/; classtype:trojan-activity;sid:84732098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.86.38.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868999/; classtype:trojan-activity;sid:84732099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.29.201.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868997/; classtype:trojan-activity;sid:84732097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.176.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868996/; classtype:trojan-activity;sid:84732096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.20.31.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868995/; classtype:trojan-activity;sid:84732095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.91.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868994/; classtype:trojan-activity;sid:84732094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.91.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868993/; classtype:trojan-activity;sid:84732093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.138.191.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868992/; classtype:trojan-activity;sid:84732092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.207.128.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868991/; classtype:trojan-activity;sid:84732091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.30.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868990/; classtype:trojan-activity;sid:84732090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.29.201.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868989/; classtype:trojan-activity;sid:84732089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868988)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=6461681f-9e79-418c-ad98-759631571fe1"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"94tny3fa.gamebc.casino"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868988/; classtype:trojan-activity;sid:84732088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.20.31.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868987/; classtype:trojan-activity;sid:84732087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.85.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868986/; classtype:trojan-activity;sid:84732086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.15.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868985/; classtype:trojan-activity;sid:84732085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.180.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868984/; classtype:trojan-activity;sid:84732084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.207.128.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868983/; classtype:trojan-activity;sid:84732083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868982)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=7352ee3f-621e-416c-88f1-5440db8ee265"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bxdc6z4b.betmegapari.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868982/; classtype:trojan-activity;sid:84732082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868981)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_5a6bb4745f14186f.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868981/; classtype:trojan-activity;sid:84732081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.160.141.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868980/; classtype:trojan-activity;sid:84732080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.180.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868978/; classtype:trojan-activity;sid:84732078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.181.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868979/; classtype:trojan-activity;sid:84732079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868977)"; flow:established,from_client; content:"GET"; http_method; content:"/je5io4.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868977/; classtype:trojan-activity;sid:84732077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.15.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868976/; classtype:trojan-activity;sid:84732076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.48.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868975/; classtype:trojan-activity;sid:84732075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.29.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868974/; classtype:trojan-activity;sid:84732074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.123.145.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868973/; classtype:trojan-activity;sid:84732073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.15.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868972/; classtype:trojan-activity;sid:84732072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.48.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868971/; classtype:trojan-activity;sid:84732071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.57.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868970/; classtype:trojan-activity;sid:84732070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.123.145.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868969/; classtype:trojan-activity;sid:84732069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.187.236.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868968/; classtype:trojan-activity;sid:84732068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.57.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868967/; classtype:trojan-activity;sid:84732067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.120.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868966/; classtype:trojan-activity;sid:84732066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.184.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868965/; classtype:trojan-activity;sid:84732065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.140.217.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868964/; classtype:trojan-activity;sid:84732064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.29.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868963/; classtype:trojan-activity;sid:84732063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.247.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868962/; classtype:trojan-activity;sid:84732062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.6.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868961/; classtype:trojan-activity;sid:84732061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.27.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868960/; classtype:trojan-activity;sid:84732060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.187.29.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868959/; classtype:trojan-activity;sid:84732059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.186.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868958/; classtype:trojan-activity;sid:84732058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.247.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868957/; classtype:trojan-activity;sid:84732057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.84.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868956/; classtype:trojan-activity;sid:84732056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868955)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_b29e08dc8252bb79.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868955/; classtype:trojan-activity;sid:84732055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.6.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868954/; classtype:trojan-activity;sid:84732054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.131.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868953/; classtype:trojan-activity;sid:84732053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.16.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868952/; classtype:trojan-activity;sid:84732052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868951)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=33e7dd8b-b19d-4396-8075-cd8edc1b4841"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"qraju7pt.betmegapari.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868951/; classtype:trojan-activity;sid:84732051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.153.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868950/; classtype:trojan-activity;sid:84732050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.187.29.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868949/; classtype:trojan-activity;sid:84732049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.131.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868948/; classtype:trojan-activity;sid:84732048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.1.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868947/; classtype:trojan-activity;sid:84732047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.26.61.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868946/; classtype:trojan-activity;sid:84732046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.101.187.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868945/; classtype:trojan-activity;sid:84732045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.229.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868944/; classtype:trojan-activity;sid:84732044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.4.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868943/; classtype:trojan-activity;sid:84732043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868942)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=a5aa14e2-53a4-4b23-89e0-3718c9c7fc02"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"34va0c3e.bio90.football"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868942/; classtype:trojan-activity;sid:84732042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.140.217.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868941/; classtype:trojan-activity;sid:84732041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868864)"; flow:established,from_client; content:"GET"; http_method; content:"/gigatex/mipsel"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868864/; classtype:trojan-activity;sid:84731964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868865)"; flow:established,from_client; content:"GET"; http_method; content:"/gigatex/arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868865/; classtype:trojan-activity;sid:84731965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868868)"; flow:established,from_client; content:"GET"; http_method; content:"/gigatex/mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868868/; classtype:trojan-activity;sid:84731968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868871)"; flow:established,from_client; content:"GET"; http_method; content:"/gigatex/arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868871/; classtype:trojan-activity;sid:84731971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868831)"; flow:established,from_client; content:"GET"; http_method; content:"/gigatex/arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868831/; classtype:trojan-activity;sid:84731931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868807)"; flow:established,from_client; content:"GET"; http_method; content:"/vmware-setup.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"64.89.163.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868807/; classtype:trojan-activity;sid:84731907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868806)"; flow:established,from_client; content:"GET"; http_method; content:"/deploy_softwaretech.sh"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"64.89.163.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868806/; classtype:trojan-activity;sid:84731906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868780)"; flow:established,from_client; content:"GET"; http_method; content:"/install.tgz"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"162.215.218.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868780/; classtype:trojan-activity;sid:84731880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868627)"; flow:established,from_client; content:"GET"; http_method; content:"/lmix.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868627/; classtype:trojan-activity;sid:84731727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868539)"; flow:established,from_client; content:"GET"; http_method; content:"/images/y11.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.nccommunication.be"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868539/; classtype:trojan-activity;sid:84731639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.127.235.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868451/; classtype:trojan-activity;sid:84731551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.127.235.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868443/; classtype:trojan-activity;sid:84731543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.42.243.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868343/; classtype:trojan-activity;sid:84731443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868323)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.79.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868323/; classtype:trojan-activity;sid:84731423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868324)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.79.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868324/; classtype:trojan-activity;sid:84731424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868322)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.79.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868322/; classtype:trojan-activity;sid:84731422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868319)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.79.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868319/; classtype:trojan-activity;sid:84731419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868320)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.79.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868320/; classtype:trojan-activity;sid:84731420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868321)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.79.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868321/; classtype:trojan-activity;sid:84731421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868223)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.79.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868223/; classtype:trojan-activity;sid:84731323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868222)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.79.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868222/; classtype:trojan-activity;sid:84731322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868221)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.79.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868221/; classtype:trojan-activity;sid:84731321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868219)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.79.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868219/; classtype:trojan-activity;sid:84731319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868220)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.79.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868220/; classtype:trojan-activity;sid:84731320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.95.54.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868200/; classtype:trojan-activity;sid:84731300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868177)"; flow:established,from_client; content:"GET"; http_method; content:"/test.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.240.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868177/; classtype:trojan-activity;sid:84731277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.92.242.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868176/; classtype:trojan-activity;sid:84731276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.92.242.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868175/; classtype:trojan-activity;sid:84731275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"77.83.39.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868121/; classtype:trojan-activity;sid:84731221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"77.83.39.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868120/; classtype:trojan-activity;sid:84731220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868075)"; flow:established,from_client; content:"GET"; http_method; content:"/md/dog_payload.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mamigummy.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868075/; classtype:trojan-activity;sid:84731175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868032)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_arm64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868032/; classtype:trojan-activity;sid:84731132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868031)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_armv7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868031/; classtype:trojan-activity;sid:84731131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868029)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_i486"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.60.195.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868029/; classtype:trojan-activity;sid:84731129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868030)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"217.60.195.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868030/; classtype:trojan-activity;sid:84731130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868027)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.60.195.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868027/; classtype:trojan-activity;sid:84731127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868028)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_mipsel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"217.60.195.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868028/; classtype:trojan-activity;sid:84731128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868010)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.60.195.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868010/; classtype:trojan-activity;sid:84731110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867985)"; flow:established,from_client; content:"GET"; http_method; content:"/cliaarch"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.26.106.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867985/; classtype:trojan-activity;sid:84731085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.155.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867819/; classtype:trojan-activity;sid:84730919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867723)"; flow:established,from_client; content:"GET"; http_method; content:"/nulltrafficaway/project-lab-test/refs/heads/main/config.json"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867723/; classtype:trojan-activity;sid:84730823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867722)"; flow:established,from_client; content:"GET"; http_method; content:"/nulltrafficaway/project-lab-test/refs/heads/main/watchsoftware.sh"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867722/; classtype:trojan-activity;sid:84730822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867715)"; flow:established,from_client; content:"GET"; http_method; content:"/nulltrafficaway/project-lab-test/refs/heads/main/deploy_softwaretech.sh"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867715/; classtype:trojan-activity;sid:84730815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867695)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867695/; classtype:trojan-activity;sid:84730795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867682)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.60.195.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867682/; classtype:trojan-activity;sid:84730782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867683)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.60.195.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867683/; classtype:trojan-activity;sid:84730783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867684)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867684/; classtype:trojan-activity;sid:84730784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867685)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867685/; classtype:trojan-activity;sid:84730785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867686)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.60.195.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867686/; classtype:trojan-activity;sid:84730786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867687)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867687/; classtype:trojan-activity;sid:84730787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867688)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867688/; classtype:trojan-activity;sid:84730788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867689)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.60.195.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867689/; classtype:trojan-activity;sid:84730789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867690)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867690/; classtype:trojan-activity;sid:84730790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867691)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dbg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.60.195.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867691/; classtype:trojan-activity;sid:84730791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867692)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"217.60.195.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867692/; classtype:trojan-activity;sid:84730792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867693)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.60.195.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867693/; classtype:trojan-activity;sid:84730793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867694)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867694/; classtype:trojan-activity;sid:84730794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867602)"; flow:established,from_client; content:"GET"; http_method; content:"/system4.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"64.89.160.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867602/; classtype:trojan-activity;sid:84730702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867603)"; flow:established,from_client; content:"GET"; http_method; content:"/system1.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"64.89.160.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867603/; classtype:trojan-activity;sid:84730703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867604)"; flow:established,from_client; content:"GET"; http_method; content:"/system.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.89.160.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867604/; classtype:trojan-activity;sid:84730704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867598)"; flow:established,from_client; content:"GET"; http_method; content:"/system4.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"64.89.160.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867598/; classtype:trojan-activity;sid:84730698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867581)"; flow:established,from_client; content:"GET"; http_method; content:"/hold.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.52.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867581/; classtype:trojan-activity;sid:84730681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867582)"; flow:established,from_client; content:"GET"; http_method; content:"/hold.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.52.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867582/; classtype:trojan-activity;sid:84730682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867583)"; flow:established,from_client; content:"GET"; http_method; content:"/hold.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.52.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867583/; classtype:trojan-activity;sid:84730683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867580)"; flow:established,from_client; content:"GET"; http_method; content:"/hold.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.52.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867580/; classtype:trojan-activity;sid:84730680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867540)"; flow:established,from_client; content:"GET"; http_method; content:"/lezys-optimizations-1.21.11.jar"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"lezysoptimizations.lovable.app"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867540/; classtype:trojan-activity;sid:84730640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"212.232.22.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867514/; classtype:trojan-activity;sid:84730614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.83.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867488/; classtype:trojan-activity;sid:84730588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.240.165.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867428/; classtype:trojan-activity;sid:84730528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.50.4.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867427/; classtype:trojan-activity;sid:84730527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.166.107.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867294/; classtype:trojan-activity;sid:84730394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.219.161.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867272/; classtype:trojan-activity;sid:84730372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.92.225.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867273/; classtype:trojan-activity;sid:84730373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.82.165.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867269/; classtype:trojan-activity;sid:84730369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.65.192.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867266/; classtype:trojan-activity;sid:84730366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.255.149.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867253/; classtype:trojan-activity;sid:84730353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.59.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867248/; classtype:trojan-activity;sid:84730348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867250)"; flow:established,from_client; content:"GET"; http_method; content:"/aes.js"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ch.10001mb.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867250/; classtype:trojan-activity;sid:84730350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867235)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867235/; classtype:trojan-activity;sid:84730335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867236)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867236/; classtype:trojan-activity;sid:84730336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867232)"; flow:established,from_client; content:"GET"; http_method; content:"/wjx3s12jlgykrl3o"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"158.94.210.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867232/; classtype:trojan-activity;sid:84730332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867212)"; flow:established,from_client; content:"GET"; http_method; content:"/dl600"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867212/; classtype:trojan-activity;sid:84730312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.236.238.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867190/; classtype:trojan-activity;sid:84730290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.236.238.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867188/; classtype:trojan-activity;sid:84730288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.226.209.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867170/; classtype:trojan-activity;sid:84730270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.226.209.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867169/; classtype:trojan-activity;sid:84730269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867088)"; flow:established,from_client; content:"GET"; http_method; content:"/49.elf"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.89.163.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867088/; classtype:trojan-activity;sid:84730188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866953)"; flow:established,from_client; content:"GET"; http_method; content:"/trievrota/common-ground-world-crypto-game-token-api/zip/refs/heads/main"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866953/; classtype:trojan-activity;sid:84730053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866941)"; flow:established,from_client; content:"GET"; http_method; content:"/glyreban/mines-predictor-casino-strategies/archive/refs/heads/main.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866941/; classtype:trojan-activity;sid:84730041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866939)"; flow:established,from_client; content:"GET"; http_method; content:"/draxatihm/ethercrash.io-casino-predictor-strategies/zip/refs/heads/main"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866939/; classtype:trojan-activity;sid:84730039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.68.168.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866937/; classtype:trojan-activity;sid:84730037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.233.104.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866786/; classtype:trojan-activity;sid:84729886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"64.89.161.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866729/; classtype:trojan-activity;sid:84729829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"64.89.161.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866728/; classtype:trojan-activity;sid:84729828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866723)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.89.161.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866723/; classtype:trojan-activity;sid:84729823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866724)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.89.161.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866724/; classtype:trojan-activity;sid:84729824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866725)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"64.89.161.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866725/; classtype:trojan-activity;sid:84729825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866719)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.89.161.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866719/; classtype:trojan-activity;sid:84729819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866720)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.89.161.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866720/; classtype:trojan-activity;sid:84729820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866721)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.89.161.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866721/; classtype:trojan-activity;sid:84729821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866722)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"64.89.161.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866722/; classtype:trojan-activity;sid:84729822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"64.89.160.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866717/; classtype:trojan-activity;sid:84729817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866707)"; flow:established,from_client; content:"GET"; http_method; content:"/thornflash3client.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866707/; classtype:trojan-activity;sid:84729807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.232.142.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866639/; classtype:trojan-activity;sid:84729739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866590)"; flow:established,from_client; content:"GET"; http_method; content:"/data/optimized_msi.png"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"hostphpwindowsnuevas.ydns.eu"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866590/; classtype:trojan-activity;sid:84729690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866580)"; flow:established,from_client; content:"GET"; http_method; content:"/ggldg/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866580/; classtype:trojan-activity;sid:84729680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866566)"; flow:established,from_client; content:"GET"; http_method; content:"/msi.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"archivoscrosoft.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866566/; classtype:trojan-activity;sid:84729666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866567)"; flow:established,from_client; content:"GET"; http_method; content:"/jxilw/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866567/; classtype:trojan-activity;sid:84729667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866557)"; flow:established,from_client; content:"GET"; http_method; content:"/yhcda/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866557/; classtype:trojan-activity;sid:84729657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.148.226.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866551/; classtype:trojan-activity;sid:84729651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866523)"; flow:established,from_client; content:"GET"; http_method; content:"/upwork/odours.prx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"purmed.ro"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866523/; classtype:trojan-activity;sid:84729623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866508)"; flow:established,from_client; content:"GET"; http_method; content:"/onie_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.226.250.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866508/; classtype:trojan-activity;sid:84729608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866509)"; flow:established,from_client; content:"GET"; http_method; content:"/onie_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.226.250.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866509/; classtype:trojan-activity;sid:84729609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866510)"; flow:established,from_client; content:"GET"; http_method; content:"/onie_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.226.250.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866510/; classtype:trojan-activity;sid:84729610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866512)"; flow:established,from_client; content:"GET"; http_method; content:"/onie_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.226.250.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866512/; classtype:trojan-activity;sid:84729612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866513)"; flow:established,from_client; content:"GET"; http_method; content:"/onie_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.226.250.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866513/; classtype:trojan-activity;sid:84729613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866514)"; flow:established,from_client; content:"GET"; http_method; content:"/onie_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.226.250.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866514/; classtype:trojan-activity;sid:84729614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866515)"; flow:established,from_client; content:"GET"; http_method; content:"/onie_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.226.250.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866515/; classtype:trojan-activity;sid:84729615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866503)"; flow:established,from_client; content:"GET"; http_method; content:"/onie_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.226.250.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866503/; classtype:trojan-activity;sid:84729603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866504)"; flow:established,from_client; content:"GET"; http_method; content:"/onie_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.226.250.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866504/; classtype:trojan-activity;sid:84729604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866382)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866382/; classtype:trojan-activity;sid:84729482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866369)"; flow:established,from_client; content:"GET"; http_method; content:"/p"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866369/; classtype:trojan-activity;sid:84729469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866354)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.73.162.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866354/; classtype:trojan-activity;sid:84729454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866355)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.73.162.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866355/; classtype:trojan-activity;sid:84729455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"5.8.18.62"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866349/; classtype:trojan-activity;sid:84729449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.8.18.62"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866348/; classtype:trojan-activity;sid:84729448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866346)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"67.220.73.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866346/; classtype:trojan-activity;sid:84729446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866330)"; flow:established,from_client; content:"GET"; http_method; content:"/stego_payload1.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"semencepourlavie.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866330/; classtype:trojan-activity;sid:84729430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866329)"; flow:established,from_client; content:"GET"; http_method; content:"/wtfueaikzcgpasnybyogk74.bin"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"192.3.136.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866329/; classtype:trojan-activity;sid:84729429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866328)"; flow:established,from_client; content:"GET"; http_method; content:"/soffymot.fla"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"192.3.136.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866328/; classtype:trojan-activity;sid:84729428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.162.36.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866324/; classtype:trojan-activity;sid:84729424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866135)"; flow:established,from_client; content:"GET"; http_method; content:"/boss"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.26.106.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866135/; classtype:trojan-activity;sid:84729235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866119)"; flow:established,from_client; content:"GET"; http_method; content:"/traffaarch"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.26.106.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866119/; classtype:trojan-activity;sid:84729219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866099)"; flow:established,from_client; content:"GET"; http_method; content:"/ovogenetic.smi"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tu.feyhaum.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866099/; classtype:trojan-activity;sid:84729199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866096)"; flow:established,from_client; content:"GET"; http_method; content:"/bdtrm181.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"192.3.136.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866096/; classtype:trojan-activity;sid:84729196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866095)"; flow:established,from_client; content:"GET"; http_method; content:"/persona.snp"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"192.3.136.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866095/; classtype:trojan-activity;sid:84729195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.245.204.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866002/; classtype:trojan-activity;sid:84729102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865939)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865939/; classtype:trojan-activity;sid:84729039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865938)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865938/; classtype:trojan-activity;sid:84729038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865929)"; flow:established,from_client; content:"GET"; http_method; content:"/adbpersist.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865929/; classtype:trojan-activity;sid:84729029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865927)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865927/; classtype:trojan-activity;sid:84729027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865919)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865919/; classtype:trojan-activity;sid:84729019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865917)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865917/; classtype:trojan-activity;sid:84729017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865913)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865913/; classtype:trojan-activity;sid:84729013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865914)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865914/; classtype:trojan-activity;sid:84729014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865915)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865915/; classtype:trojan-activity;sid:84729015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865916)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865916/; classtype:trojan-activity;sid:84729016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865907)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865907/; classtype:trojan-activity;sid:84729007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865908)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865908/; classtype:trojan-activity;sid:84729008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865909)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865909/; classtype:trojan-activity;sid:84729009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865910)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dbg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865910/; classtype:trojan-activity;sid:84729010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865911)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865911/; classtype:trojan-activity;sid:84729011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865903)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.198.224.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865903/; classtype:trojan-activity;sid:84729003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865904)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.198.224.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865904/; classtype:trojan-activity;sid:84729004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865905)"; flow:established,from_client; content:"GET"; http_method; content:"/barm7_x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.198.224.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865905/; classtype:trojan-activity;sid:84729005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865906)"; flow:established,from_client; content:"GET"; http_method; content:"/barm7_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.198.224.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865906/; classtype:trojan-activity;sid:84729006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865900)"; flow:established,from_client; content:"GET"; http_method; content:"/barm7_sp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.198.224.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865900/; classtype:trojan-activity;sid:84729000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865901)"; flow:established,from_client; content:"GET"; http_method; content:"/barm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.198.224.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865901/; classtype:trojan-activity;sid:84729001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865902)"; flow:established,from_client; content:"GET"; http_method; content:"/barm7_mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.198.224.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865902/; classtype:trojan-activity;sid:84729002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865899)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.198.224.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865899/; classtype:trojan-activity;sid:84728999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865898)"; flow:established,from_client; content:"GET"; http_method; content:"/barm7.gz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.198.224.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865898/; classtype:trojan-activity;sid:84728998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.42.11.67"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865790/; classtype:trojan-activity;sid:84728890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865719)"; flow:established,from_client; content:"GET"; http_method; content:"/check.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.26.106.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865719/; classtype:trojan-activity;sid:84728819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865717)"; flow:established,from_client; content:"GET"; http_method; content:"/syst3md"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.26.106.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865717/; classtype:trojan-activity;sid:84728817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865713)"; flow:established,from_client; content:"GET"; http_method; content:"/check1.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.26.106.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865713/; classtype:trojan-activity;sid:84728813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865715)"; flow:established,from_client; content:"GET"; http_method; content:"/checkmacos.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.26.106.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865715/; classtype:trojan-activity;sid:84728815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865707)"; flow:established,from_client; content:"GET"; http_method; content:"/log"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.26.106.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865707/; classtype:trojan-activity;sid:84728807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865699)"; flow:established,from_client; content:"GET"; http_method; content:"/error84"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.26.106.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865699/; classtype:trojan-activity;sid:84728799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865696)"; flow:established,from_client; content:"GET"; http_method; content:"/auto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.26.106.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865696/; classtype:trojan-activity;sid:84728796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865679)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865679/; classtype:trojan-activity;sid:84728779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865680)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865680/; classtype:trojan-activity;sid:84728780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865681)"; flow:established,from_client; content:"GET"; http_method; content:"/mips2"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865681/; classtype:trojan-activity;sid:84728781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865682)"; flow:established,from_client; content:"GET"; http_method; content:"/hmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865682/; classtype:trojan-activity;sid:84728782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865669)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865669/; classtype:trojan-activity;sid:84728769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865670)"; flow:established,from_client; content:"GET"; http_method; content:"/giga.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865670/; classtype:trojan-activity;sid:84728770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865665)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865665/; classtype:trojan-activity;sid:84728765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865666)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865666/; classtype:trojan-activity;sid:84728766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865667)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865667/; classtype:trojan-activity;sid:84728767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865668)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865668/; classtype:trojan-activity;sid:84728768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.52.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865634/; classtype:trojan-activity;sid:84728734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"178.16.52.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865631/; classtype:trojan-activity;sid:84728731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865625)"; flow:established,from_client; content:"GET"; http_method; content:"/aes.js"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"atom.freehosting.dev"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865625/; classtype:trojan-activity;sid:84728725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865621)"; flow:established,from_client; content:"GET"; http_method; content:"/aes.js"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ryo.gamer.free"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865621/; classtype:trojan-activity;sid:84728721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865606)"; flow:established,from_client; content:"GET"; http_method; content:"/aes.js"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"uni.site.je"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865606/; classtype:trojan-activity;sid:84728706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865598)"; flow:established,from_client; content:"GET"; http_method; content:"/158/img_202926.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"23.95.103.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865598/; classtype:trojan-activity;sid:84728698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865599)"; flow:established,from_client; content:"GET"; http_method; content:"/160/img_205651.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"172.245.209.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865599/; classtype:trojan-activity;sid:84728699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865600)"; flow:established,from_client; content:"GET"; http_method; content:"/92/img_054420.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"209.54.103.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865600/; classtype:trojan-activity;sid:84728700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865585)"; flow:established,from_client; content:"GET"; http_method; content:"/homeplus/rmmclient.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"11032026sver.blob.core.windows.net"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865585/; classtype:trojan-activity;sid:84728685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865578)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865578/; classtype:trojan-activity;sid:84728678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865579)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865579/; classtype:trojan-activity;sid:84728679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865565)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865565/; classtype:trojan-activity;sid:84728665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865566)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865566/; classtype:trojan-activity;sid:84728666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865567)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865567/; classtype:trojan-activity;sid:84728667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865561)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865561/; classtype:trojan-activity;sid:84728661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865562)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865562/; classtype:trojan-activity;sid:84728662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865563)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865563/; classtype:trojan-activity;sid:84728663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865564)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865564/; classtype:trojan-activity;sid:84728664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865557)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865557/; classtype:trojan-activity;sid:84728657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865556)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865556/; classtype:trojan-activity;sid:84728656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865552)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865552/; classtype:trojan-activity;sid:84728652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865553)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865553/; classtype:trojan-activity;sid:84728653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865554)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc-440fp"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865554/; classtype:trojan-activity;sid:84728654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865555)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865555/; classtype:trojan-activity;sid:84728655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865551)"; flow:established,from_client; content:"GET"; http_method; content:"/painbins.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865551/; classtype:trojan-activity;sid:84728651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865539)"; flow:established,from_client; content:"GET"; http_method; content:"/painbins.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865539/; classtype:trojan-activity;sid:84728639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865540)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865540/; classtype:trojan-activity;sid:84728640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865541)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865541/; classtype:trojan-activity;sid:84728641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865542)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865542/; classtype:trojan-activity;sid:84728642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865543)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865543/; classtype:trojan-activity;sid:84728643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865544)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc-440fp"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865544/; classtype:trojan-activity;sid:84728644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865545)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865545/; classtype:trojan-activity;sid:84728645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865546)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865546/; classtype:trojan-activity;sid:84728646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865537)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865537/; classtype:trojan-activity;sid:84728637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865530)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865530/; classtype:trojan-activity;sid:84728630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865531)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865531/; classtype:trojan-activity;sid:84728631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865532)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865532/; classtype:trojan-activity;sid:84728632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865533)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865533/; classtype:trojan-activity;sid:84728633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865534)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865534/; classtype:trojan-activity;sid:84728634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865535)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865535/; classtype:trojan-activity;sid:84728635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865536)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865536/; classtype:trojan-activity;sid:84728636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"23.172.112.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865489/; classtype:trojan-activity;sid:84728589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"23.172.112.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865490/; classtype:trojan-activity;sid:84728590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865473)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/ljigvpa.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865473/; classtype:trojan-activity;sid:84728573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865474)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/98r4axa.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865474/; classtype:trojan-activity;sid:84728574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865472)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/16sas.jpg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"62.60.226.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865472/; classtype:trojan-activity;sid:84728572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865440)"; flow:established,from_client; content:"GET"; http_method; content:"/adminme.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"baileyemas.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865440/; classtype:trojan-activity;sid:84728540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865438)"; flow:established,from_client; content:"GET"; http_method; content:"/kononiazclient.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865438/; classtype:trojan-activity;sid:84728538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865392)"; flow:established,from_client; content:"GET"; http_method; content:"/ipfs/qmnaxfqzwk4xa3p94a8ug5gte97bqr8uua87jedapkvcdk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"basic-blue-shrew.myfilebase.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865392/; classtype:trojan-activity;sid:84728492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865393)"; flow:established,from_client; content:"GET"; http_method; content:"/ipfs/qmnaxfqzwk4xa3p94a8ug5gte97bqr8uua87jedapkvcdk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"arbitrary-chocolate-tiglon.myfilebase.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865393/; classtype:trojan-activity;sid:84728493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.166.107.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865323/; classtype:trojan-activity;sid:84728423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.53.152.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865318/; classtype:trojan-activity;sid:84728418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865246)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclear.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"23.27.25.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865246/; classtype:trojan-activity;sid:84728346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865160)"; flow:established,from_client; content:"GET"; http_method; content:"/abgbipo.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.121.240.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865160/; classtype:trojan-activity;sid:84728260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865158)"; flow:established,from_client; content:"GET"; http_method; content:"/asdoiee.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.121.240.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865158/; classtype:trojan-activity;sid:84728258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865156)"; flow:established,from_client; content:"GET"; http_method; content:"/ifadgif.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.121.240.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865156/; classtype:trojan-activity;sid:84728256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865153)"; flow:established,from_client; content:"GET"; http_method; content:"/jkdekmk.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.121.240.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865153/; classtype:trojan-activity;sid:84728253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865136)"; flow:established,from_client; content:"GET"; http_method; content:"/156/img_225642.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"23.95.103.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865136/; classtype:trojan-activity;sid:84728236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864941)"; flow:established,from_client; content:"GET"; http_method; content:"/data/zoom/windows/download.php"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"samiksha.com.sg"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864941/; classtype:trojan-activity;sid:84728041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864942)"; flow:established,from_client; content:"GET"; http_method; content:"/data/zoom/windows/download.php"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"samiksha.com.sg"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864942/; classtype:trojan-activity;sid:84728042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864943)"; flow:established,from_client; content:"GET"; http_method; content:"/data/zoom/windows/download.php/"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"samiksha.com.sg"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864943/; classtype:trojan-activity;sid:84728043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"alpanel.screenconnect.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864944/; classtype:trojan-activity;sid:84728044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"89.40.31.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864867/; classtype:trojan-activity;sid:84727967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"89.40.31.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864865/; classtype:trojan-activity;sid:84727965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"62.60.226.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864863/; classtype:trojan-activity;sid:84727963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"62.60.226.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864864/; classtype:trojan-activity;sid:84727964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.151.182.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864860/; classtype:trojan-activity;sid:84727960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"46.151.182.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864862/; classtype:trojan-activity;sid:84727962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864825)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.197.12.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864825/; classtype:trojan-activity;sid:84727925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.83.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864753/; classtype:trojan-activity;sid:84727853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.63.185.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864628/; classtype:trojan-activity;sid:84727728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864619)"; flow:established,from_client; content:"GET"; http_method; content:"/nmixx.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864619/; classtype:trojan-activity;sid:84727719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864620)"; flow:established,from_client; content:"GET"; http_method; content:"/us.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864620/; classtype:trojan-activity;sid:84727720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864621)"; flow:established,from_client; content:"GET"; http_method; content:"/nmix.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864621/; classtype:trojan-activity;sid:84727721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864471)"; flow:established,from_client; content:"GET"; http_method; content:"/default.dat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"tuasesoriadigital.es"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864471/; classtype:trojan-activity;sid:84727571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864435)"; flow:established,from_client; content:"GET"; http_method; content:"/krypton.jar"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"clientkrypton.lovable.app"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864435/; classtype:trojan-activity;sid:84727535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864231)"; flow:established,from_client; content:"GET"; http_method; content:"/clean"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"217.60.195.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864231/; classtype:trojan-activity;sid:84727331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864227)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864227/; classtype:trojan-activity;sid:84727327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864228)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.60.195.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864228/; classtype:trojan-activity;sid:84727328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864229)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864229/; classtype:trojan-activity;sid:84727329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864230)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.60.195.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864230/; classtype:trojan-activity;sid:84727330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864226)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.60.195.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864226/; classtype:trojan-activity;sid:84727326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864174)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/css/colors/oceans/ebu.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"scoala1gherla.ro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864174/; classtype:trojan-activity;sid:84727274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.42.11.67"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864165/; classtype:trojan-activity;sid:84727265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.148.226.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864145/; classtype:trojan-activity;sid:84727245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864138)"; flow:established,from_client; content:"GET"; http_method; content:"/wizard.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864138/; classtype:trojan-activity;sid:84727238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.148.226.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864135/; classtype:trojan-activity;sid:84727235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.249.193.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863939/; classtype:trojan-activity;sid:84727039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.249.193.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863932/; classtype:trojan-activity;sid:84727032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.227.251.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863782/; classtype:trojan-activity;sid:84726882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863652)"; flow:established,from_client; content:"GET"; http_method; content:"/kkk.arm4k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"igmc.duckdns.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863652/; classtype:trojan-activity;sid:84726752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863642)"; flow:established,from_client; content:"GET"; http_method; content:"/dipndotsk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"igmc.duckdns.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863642/; classtype:trojan-activity;sid:84726742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863644)"; flow:established,from_client; content:"GET"; http_method; content:"/kkk.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"igmc.duckdns.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863644/; classtype:trojan-activity;sid:84726744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863645)"; flow:established,from_client; content:"GET"; http_method; content:"/kkk.arm5k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"igmc.duckdns.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863645/; classtype:trojan-activity;sid:84726745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863646)"; flow:established,from_client; content:"GET"; http_method; content:"/dipsk"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"igmc.duckdns.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863646/; classtype:trojan-activity;sid:84726746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863647)"; flow:established,from_client; content:"GET"; http_method; content:"/kkk.arm6k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"igmc.duckdns.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863647/; classtype:trojan-activity;sid:84726747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863648)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"igmc.duckdns.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863648/; classtype:trojan-activity;sid:84726748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863649)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"igmc.duckdns.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863649/; classtype:trojan-activity;sid:84726749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863650)"; flow:established,from_client; content:"GET"; http_method; content:"/kkk.arm7k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"igmc.duckdns.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863650/; classtype:trojan-activity;sid:84726750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863651)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"igmc.duckdns.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863651/; classtype:trojan-activity;sid:84726751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863532)"; flow:established,from_client; content:"GET"; http_method; content:"/kkk.arm5k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863532/; classtype:trojan-activity;sid:84726632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863533)"; flow:established,from_client; content:"GET"; http_method; content:"/kkk.arm4k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863533/; classtype:trojan-activity;sid:84726633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863535)"; flow:established,from_client; content:"GET"; http_method; content:"/dipndotsk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863535/; classtype:trojan-activity;sid:84726635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863536)"; flow:established,from_client; content:"GET"; http_method; content:"/kkk.arm7k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863536/; classtype:trojan-activity;sid:84726636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863523)"; flow:established,from_client; content:"GET"; http_method; content:"/kkk.arm6k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863523/; classtype:trojan-activity;sid:84726623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863524)"; flow:established,from_client; content:"GET"; http_method; content:"/dipsk"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863524/; classtype:trojan-activity;sid:84726624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863527)"; flow:established,from_client; content:"GET"; http_method; content:"/chromek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863527/; classtype:trojan-activity;sid:84726627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.75.62.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863363/; classtype:trojan-activity;sid:84726463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.75.62.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863358/; classtype:trojan-activity;sid:84726458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863350)"; flow:established,from_client; content:"GET"; http_method; content:"/lsge63sd3/bb.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"spasopro.at"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863350/; classtype:trojan-activity;sid:84726450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863290)"; flow:established,from_client; content:"GET"; http_method; content:"/mix.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863290/; classtype:trojan-activity;sid:84726390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863085)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnpowerpcxnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"45.13.186.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863085/; classtype:trojan-activity;sid:84726185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863079)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxni386xnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"45.13.186.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863079/; classtype:trojan-activity;sid:84726179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863080)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.13.186.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863080/; classtype:trojan-activity;sid:84726180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863081)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmipsxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"45.13.186.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863081/; classtype:trojan-activity;sid:84726181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863082)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"45.13.186.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863082/; classtype:trojan-activity;sid:84726182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863083)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnm68kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"45.13.186.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863083/; classtype:trojan-activity;sid:84726183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863084)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnarmxnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.13.186.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863084/; classtype:trojan-activity;sid:84726184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863074)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnx86_64xnxn"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"45.13.186.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863074/; classtype:trojan-activity;sid:84726174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863075)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnaarch64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"45.13.186.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863075/; classtype:trojan-activity;sid:84726175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863018)"; flow:established,from_client; content:"GET"; http_method; content:"/img_142806.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gboutros.howto.rocks"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863018/; classtype:trojan-activity;sid:84726118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862902)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_37b904483beaa60e.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862902/; classtype:trojan-activity;sid:84726002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862891)"; flow:established,from_client; content:"GET"; http_method; content:"/bebelo/jfttiwsmshalvieochkzbhn203.bin"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"sydneyaffordablecremations.com.au"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862891/; classtype:trojan-activity;sid:84725991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862885)"; flow:established,from_client; content:"GET"; http_method; content:"/kkk.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862885/; classtype:trojan-activity;sid:84725985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.227.251.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862673/; classtype:trojan-activity;sid:84725773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862648)"; flow:established,from_client; content:"GET"; http_method; content:"/js/client.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bunnellmc.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862648/; classtype:trojan-activity;sid:84725748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862637)"; flow:established,from_client; content:"GET"; http_method; content:"/city101/nova_logs_3.dat"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"194.87.71.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862637/; classtype:trojan-activity;sid:84725737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862384)"; flow:established,from_client; content:"GET"; http_method; content:"/xxx.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862384/; classtype:trojan-activity;sid:84725484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862361)"; flow:established,from_client; content:"GET"; http_method; content:"/kmgqynobzwpgityvchgpflviegq39.bin"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"192.3.136.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862361/; classtype:trojan-activity;sid:84725461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862362)"; flow:established,from_client; content:"GET"; http_method; content:"/arres.qxd"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.3.136.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862362/; classtype:trojan-activity;sid:84725462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862319)"; flow:established,from_client; content:"GET"; http_method; content:"/g/static/s/js/client.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"fmrio.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862319/; classtype:trojan-activity;sid:84725419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862292)"; flow:established,from_client; content:"GET"; http_method; content:"/eaglejetclient4.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862292/; classtype:trojan-activity;sid:84725392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862274)"; flow:established,from_client; content:"GET"; http_method; content:"/wealthy4500/pc/raw/refs/heads/main/zoominstaller.msi"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862274/; classtype:trojan-activity;sid:84725374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862268)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862268/; classtype:trojan-activity;sid:84725368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862264)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862264/; classtype:trojan-activity;sid:84725364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862227)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kxjea0riyrxmxhbys2wddsb9qlow0ldg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862227/; classtype:trojan-activity;sid:84725327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862183)"; flow:established,from_client; content:"GET"; http_method; content:"/ckfinder/php.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"muaklekcoop.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862183/; classtype:trojan-activity;sid:84725283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862173)"; flow:established,from_client; content:"GET"; http_method; content:"/city101/nova_logs_2.dat"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"178.17.58.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862173/; classtype:trojan-activity;sid:84725273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.129.231.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862166/; classtype:trojan-activity;sid:84725266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.129.231.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862167/; classtype:trojan-activity;sid:84725267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"193.142.146.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862164/; classtype:trojan-activity;sid:84725264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"193.142.146.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862163/; classtype:trojan-activity;sid:84725263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"79.124.8.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862160/; classtype:trojan-activity;sid:84725260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"79.124.8.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862161/; classtype:trojan-activity;sid:84725261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862118)"; flow:established,from_client; content:"GET"; http_method; content:"/ckfinder/core/js/hilton.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"muaklekcoop.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862118/; classtype:trojan-activity;sid:84725218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862119)"; flow:established,from_client; content:"GET"; http_method; content:"/ckfinder/core/js/acr-g1upd-639159296668701809.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"muaklekcoop.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862119/; classtype:trojan-activity;sid:84725219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.39.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861946/; classtype:trojan-activity;sid:84725046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861688)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.111.144.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861688/; classtype:trojan-activity;sid:84724788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861689)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.111.144.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861689/; classtype:trojan-activity;sid:84724789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861690)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.111.144.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861690/; classtype:trojan-activity;sid:84724790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861691)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.111.144.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861691/; classtype:trojan-activity;sid:84724791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861692)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.111.144.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861692/; classtype:trojan-activity;sid:84724792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861693)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.111.144.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861693/; classtype:trojan-activity;sid:84724793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861687)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/8"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.111.144.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861687/; classtype:trojan-activity;sid:84724787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861668)"; flow:established,from_client; content:"GET"; http_method; content:"/ipfs/qmbpifgvvgu4rsccjkunzwtmdxzeos2scdeqquqzg6guat"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"ipfs.io"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861668/; classtype:trojan-activity;sid:84724768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861649)"; flow:established,from_client; content:"GET"; http_method; content:"/xiyks"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861649/; classtype:trojan-activity;sid:84724749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861647)"; flow:established,from_client; content:"GET"; http_method; content:"/fwdra"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861647/; classtype:trojan-activity;sid:84724747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861579)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.111.144.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861579/; classtype:trojan-activity;sid:84724679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861562)"; flow:established,from_client; content:"GET"; http_method; content:"/ss"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"172.94.9.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861562/; classtype:trojan-activity;sid:84724662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861532)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.armv4l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861532/; classtype:trojan-activity;sid:84724632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861523)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.armv6l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861523/; classtype:trojan-activity;sid:84724623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861524)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.powerpc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861524/; classtype:trojan-activity;sid:84724624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861525)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.armv5l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861525/; classtype:trojan-activity;sid:84724625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861527)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.mipsel"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861527/; classtype:trojan-activity;sid:84724627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861528)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.armv7l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861528/; classtype:trojan-activity;sid:84724628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861530)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.i486"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861530/; classtype:trojan-activity;sid:84724630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861531)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861531/; classtype:trojan-activity;sid:84724631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861515)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861515/; classtype:trojan-activity;sid:84724615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861509)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861509/; classtype:trojan-activity;sid:84724609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861510)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.aarch64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861510/; classtype:trojan-activity;sid:84724610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861511)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861511/; classtype:trojan-activity;sid:84724611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861248)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1c3ypqyioszuyr4eszuaplydvr2utpnlu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861248/; classtype:trojan-activity;sid:84724348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861157)"; flow:established,from_client; content:"GET"; http_method; content:"/k"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.151.182.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861157/; classtype:trojan-activity;sid:84724257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"46.151.182.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861141/; classtype:trojan-activity;sid:84724241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"64.89.161.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861140/; classtype:trojan-activity;sid:84724240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"46.151.182.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861139/; classtype:trojan-activity;sid:84724239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.151.182.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861137/; classtype:trojan-activity;sid:84724237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"64.89.161.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861138/; classtype:trojan-activity;sid:84724238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.151.182.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861136/; classtype:trojan-activity;sid:84724236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.151.182.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861134/; classtype:trojan-activity;sid:84724234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861108)"; flow:established,from_client; content:"GET"; http_method; content:"/imagey973.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861108/; classtype:trojan-activity;sid:84724208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861107)"; flow:established,from_client; content:"GET"; http_method; content:"/speachhouse.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861107/; classtype:trojan-activity;sid:84724207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861106)"; flow:established,from_client; content:"GET"; http_method; content:"/imageps293.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861106/; classtype:trojan-activity;sid:84724206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861100)"; flow:established,from_client; content:"GET"; http_method; content:"/clientmmmmmmmmmm.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861100/; classtype:trojan-activity;sid:84724200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861101)"; flow:established,from_client; content:"GET"; http_method; content:"/imageiiiii88.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861101/; classtype:trojan-activity;sid:84724201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861102)"; flow:established,from_client; content:"GET"; http_method; content:"/imagenyueteuppol45.png"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861102/; classtype:trojan-activity;sid:84724202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861103)"; flow:established,from_client; content:"GET"; http_method; content:"/sallah.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861103/; classtype:trojan-activity;sid:84724203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861104)"; flow:established,from_client; content:"GET"; http_method; content:"/clientmay.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861104/; classtype:trojan-activity;sid:84724204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861105)"; flow:established,from_client; content:"GET"; http_method; content:"/67890.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861105/; classtype:trojan-activity;sid:84724205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861099)"; flow:established,from_client; content:"GET"; http_method; content:"/imageqqqqqq111.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861099/; classtype:trojan-activity;sid:84724199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861096)"; flow:established,from_client; content:"GET"; http_method; content:"/ijklmnopqrxtu.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861096/; classtype:trojan-activity;sid:84724196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861097)"; flow:established,from_client; content:"GET"; http_method; content:"/imagelouyytr09009.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861097/; classtype:trojan-activity;sid:84724197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861098)"; flow:established,from_client; content:"GET"; http_method; content:"/imagethur3.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861098/; classtype:trojan-activity;sid:84724198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861094)"; flow:established,from_client; content:"GET"; http_method; content:"/0982.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861094/; classtype:trojan-activity;sid:84724194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861095)"; flow:established,from_client; content:"GET"; http_method; content:"/clientmmmmiiii.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861095/; classtype:trojan-activity;sid:84724195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861087)"; flow:established,from_client; content:"GET"; http_method; content:"/kkkkkkkksieopelloptrf.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861087/; classtype:trojan-activity;sid:84724187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861088)"; flow:established,from_client; content:"GET"; http_method; content:"/imagevvvvvv980.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861088/; classtype:trojan-activity;sid:84724188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861089)"; flow:established,from_client; content:"GET"; http_method; content:"/sddilo.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861089/; classtype:trojan-activity;sid:84724189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861090)"; flow:established,from_client; content:"GET"; http_method; content:"/imagelophg09876.png"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861090/; classtype:trojan-activity;sid:84724190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861091)"; flow:established,from_client; content:"GET"; http_method; content:"/venumol0985.png"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861091/; classtype:trojan-activity;sid:84724191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861092)"; flow:established,from_client; content:"GET"; http_method; content:"/123456789.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861092/; classtype:trojan-activity;sid:84724192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861093)"; flow:established,from_client; content:"GET"; http_method; content:"/image445.png"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861093/; classtype:trojan-activity;sid:84724193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861023)"; flow:established,from_client; content:"GET"; http_method; content:"/xx.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861023/; classtype:trojan-activity;sid:84724123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860992)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"112.213.121.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860992/; classtype:trojan-activity;sid:84724092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860887)"; flow:established,from_client; content:"GET"; http_method; content:"/fdclient.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860887/; classtype:trojan-activity;sid:84723987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.87.112.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860850/; classtype:trojan-activity;sid:84723950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860828)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"205.185.114.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860828/; classtype:trojan-activity;sid:84723928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.157.252.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860518/; classtype:trojan-activity;sid:84723618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860450)"; flow:established,from_client; content:"GET"; http_method; content:"/titanuimxross01.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860450/; classtype:trojan-activity;sid:84723550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.99.58.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860192/; classtype:trojan-activity;sid:84723292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860091)"; flow:established,from_client; content:"GET"; http_method; content:"/aes.js"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"inini.kesug.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860091/; classtype:trojan-activity;sid:84723191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859818)"; flow:established,from_client; content:"GET"; http_method; content:"/s287.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"62.60.226.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859818/; classtype:trojan-activity;sid:84722918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859771)"; flow:established,from_client; content:"GET"; http_method; content:"/v49922.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"62.60.226.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859771/; classtype:trojan-activity;sid:84722871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859579)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859579/; classtype:trojan-activity;sid:84722679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859580)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859580/; classtype:trojan-activity;sid:84722680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859576)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859576/; classtype:trojan-activity;sid:84722676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859574)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859574/; classtype:trojan-activity;sid:84722674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859575)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859575/; classtype:trojan-activity;sid:84722675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859571)"; flow:established,from_client; content:"GET"; http_method; content:"/ciabins.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859571/; classtype:trojan-activity;sid:84722671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859572)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859572/; classtype:trojan-activity;sid:84722672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859565)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859565/; classtype:trojan-activity;sid:84722665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859566)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859566/; classtype:trojan-activity;sid:84722666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859567)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859567/; classtype:trojan-activity;sid:84722667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859568)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859568/; classtype:trojan-activity;sid:84722668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859569)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859569/; classtype:trojan-activity;sid:84722669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859570)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859570/; classtype:trojan-activity;sid:84722670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859465)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.13.186.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859465/; classtype:trojan-activity;sid:84722565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.68.249.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859418/; classtype:trojan-activity;sid:84722518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859242)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859242/; classtype:trojan-activity;sid:84722342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859133)"; flow:established,from_client; content:"GET"; http_method; content:"/msbuil.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pub-33172110f57a4bbfa0c089261c8b7d4d.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859133/; classtype:trojan-activity;sid:84722233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858824)"; flow:established,from_client; content:"GET"; http_method; content:"/n.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858824/; classtype:trojan-activity;sid:84721924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858726)"; flow:established,from_client; content:"GET"; http_method; content:"/4567.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858726/; classtype:trojan-activity;sid:84721826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858710)"; flow:established,from_client; content:"GET"; http_method; content:"/uni.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pub-33172110f57a4bbfa0c089261c8b7d4d.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858710/; classtype:trojan-activity;sid:84721810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858690)"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/acme-challenge/img_20260531_214059_714.png"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"kits.frog.tw"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858690/; classtype:trojan-activity;sid:84721790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858616)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858616/; classtype:trojan-activity;sid:84721716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858619)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858619/; classtype:trojan-activity;sid:84721719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858621)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858621/; classtype:trojan-activity;sid:84721721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858622)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858622/; classtype:trojan-activity;sid:84721722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858623)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858623/; classtype:trojan-activity;sid:84721723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858624)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858624/; classtype:trojan-activity;sid:84721724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858625)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858625/; classtype:trojan-activity;sid:84721725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858626)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858626/; classtype:trojan-activity;sid:84721726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858629)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858629/; classtype:trojan-activity;sid:84721729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858630)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858630/; classtype:trojan-activity;sid:84721730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858632)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858632/; classtype:trojan-activity;sid:84721732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858607)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858607/; classtype:trojan-activity;sid:84721707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858595)"; flow:established,from_client; content:"GET"; http_method; content:"/sexy.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858595/; classtype:trojan-activity;sid:84721695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858592)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858592/; classtype:trojan-activity;sid:84721692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858582)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858582/; classtype:trojan-activity;sid:84721682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858583)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858583/; classtype:trojan-activity;sid:84721683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858584)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858584/; classtype:trojan-activity;sid:84721684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858587)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858587/; classtype:trojan-activity;sid:84721687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858588)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858588/; classtype:trojan-activity;sid:84721688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858565)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858565/; classtype:trojan-activity;sid:84721665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858566)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858566/; classtype:trojan-activity;sid:84721666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858567)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858567/; classtype:trojan-activity;sid:84721667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858574)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858574/; classtype:trojan-activity;sid:84721674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858541)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858541/; classtype:trojan-activity;sid:84721641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858539)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858539/; classtype:trojan-activity;sid:84721639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858540)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858540/; classtype:trojan-activity;sid:84721640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858537)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858537/; classtype:trojan-activity;sid:84721637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858510)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858510/; classtype:trojan-activity;sid:84721610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858516)"; flow:established,from_client; content:"GET"; http_method; content:"/all.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858516/; classtype:trojan-activity;sid:84721616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858508)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858508/; classtype:trojan-activity;sid:84721608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858501)"; flow:established,from_client; content:"GET"; http_method; content:"/spx/spx.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"baolongwes.oss-ap-southeast-1.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858501/; classtype:trojan-activity;sid:84721601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858500)"; flow:established,from_client; content:"GET"; http_method; content:"/spx/ficeo.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"baolongwes.oss-ap-southeast-1.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858500/; classtype:trojan-activity;sid:84721600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858408)"; flow:established,from_client; content:"GET"; http_method; content:"/eaglestitan001.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858408/; classtype:trojan-activity;sid:84721508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858126)"; flow:established,from_client; content:"GET"; http_method; content:"/re.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858126/; classtype:trojan-activity;sid:84721226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.39.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858115/; classtype:trojan-activity;sid:84721215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858098)"; flow:established,from_client; content:"GET"; http_method; content:"/sodola"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858098/; classtype:trojan-activity;sid:84721198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858066)"; flow:established,from_client; content:"GET"; http_method; content:"/eagleclient004.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858066/; classtype:trojan-activity;sid:84721166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858067)"; flow:established,from_client; content:"GET"; http_method; content:"/1992.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858067/; classtype:trojan-activity;sid:84721167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858064)"; flow:established,from_client; content:"GET"; http_method; content:"/eaglewingsdna04.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858064/; classtype:trojan-activity;sid:84721164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857954)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hppbdssh6fedu5tclfys1760jq9d0fvc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857954/; classtype:trojan-activity;sid:84721054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857952)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qj81ivfcftpeqs-4wffvozykixvnnh-7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857952/; classtype:trojan-activity;sid:84721052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857953)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1xflzjnjflykhgl_clp_nejp3g1txmb3g"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857953/; classtype:trojan-activity;sid:84721053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857928)"; flow:established,from_client; content:"GET"; http_method; content:"/newrem.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"archivoscrosoft.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857928/; classtype:trojan-activity;sid:84721028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.233.104.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857886/; classtype:trojan-activity;sid:84720986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.233.104.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857342/; classtype:trojan-activity;sid:84720442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857259)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857259/; classtype:trojan-activity;sid:84720359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857260)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857260/; classtype:trojan-activity;sid:84720360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857267)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857267/; classtype:trojan-activity;sid:84720367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856984)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.231.14.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856984/; classtype:trojan-activity;sid:84720084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856983)"; flow:established,from_client; content:"GET"; http_method; content:"/win.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.231.14.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856983/; classtype:trojan-activity;sid:84720083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856344)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.17.183.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856344/; classtype:trojan-activity;sid:84719444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856328)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856328/; classtype:trojan-activity;sid:84719428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856329)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856329/; classtype:trojan-activity;sid:84719429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856330)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856330/; classtype:trojan-activity;sid:84719430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856331)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856331/; classtype:trojan-activity;sid:84719431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856332)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856332/; classtype:trojan-activity;sid:84719432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856333)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856333/; classtype:trojan-activity;sid:84719433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856334)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856334/; classtype:trojan-activity;sid:84719434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856335)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856335/; classtype:trojan-activity;sid:84719435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856327)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856327/; classtype:trojan-activity;sid:84719427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856325)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856325/; classtype:trojan-activity;sid:84719425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856326)"; flow:established,from_client; content:"GET"; http_method; content:"/lol"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856326/; classtype:trojan-activity;sid:84719426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856322)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856322/; classtype:trojan-activity;sid:84719422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856323)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856323/; classtype:trojan-activity;sid:84719423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856324)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856324/; classtype:trojan-activity;sid:84719424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856317)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856317/; classtype:trojan-activity;sid:84719417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856318)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856318/; classtype:trojan-activity;sid:84719418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856319)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856319/; classtype:trojan-activity;sid:84719419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856320)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856320/; classtype:trojan-activity;sid:84719420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856321)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856321/; classtype:trojan-activity;sid:84719421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856315)"; flow:established,from_client; content:"GET"; http_method; content:"/jack5tr.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856315/; classtype:trojan-activity;sid:84719415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856316)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856316/; classtype:trojan-activity;sid:84719416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856314)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856314/; classtype:trojan-activity;sid:84719414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.68.249.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856177/; classtype:trojan-activity;sid:84719277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.109.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856086/; classtype:trojan-activity;sid:84719186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.248.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856053/; classtype:trojan-activity;sid:84719153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855674)"; flow:established,from_client; content:"GET"; http_method; content:"/files/install.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"192.253.248.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855674/; classtype:trojan-activity;sid:84718774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854800)"; flow:established,from_client; content:"GET"; http_method; content:"/k"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.135.9.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854800/; classtype:trojan-activity;sid:84717900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854799)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.45.68.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854799/; classtype:trojan-activity;sid:84717899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854798)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.45.68.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854798/; classtype:trojan-activity;sid:84717898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.240.165.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854444/; classtype:trojan-activity;sid:84717544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.240.165.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854436/; classtype:trojan-activity;sid:84717536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854182)"; flow:established,from_client; content:"GET"; http_method; content:"/system1.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"64.89.160.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854182/; classtype:trojan-activity;sid:84717282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854181)"; flow:established,from_client; content:"GET"; http_method; content:"/cabeto850128/comicsam/refs/heads/main/kisbj4ddvg.pif"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854181/; classtype:trojan-activity;sid:84717281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854179)"; flow:established,from_client; content:"GET"; http_method; content:"/cabeto850128/comicsam/refs/heads/main/cdbhhfa.html"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854179/; classtype:trojan-activity;sid:84717279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854177)"; flow:established,from_client; content:"GET"; http_method; content:"/system.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.89.160.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854177/; classtype:trojan-activity;sid:84717277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854013)"; flow:established,from_client; content:"GET"; http_method; content:"/dec"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.182.98.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854013/; classtype:trojan-activity;sid:84717113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854014)"; flow:established,from_client; content:"GET"; http_method; content:"/dec"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.8.70.117"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854014/; classtype:trojan-activity;sid:84717114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854008)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.182.98.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854008/; classtype:trojan-activity;sid:84717108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854009)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.8.70.117"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854009/; classtype:trojan-activity;sid:84717109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853721)"; flow:established,from_client; content:"GET"; http_method; content:"/mailrealfedex-svga/uploader/raw/refs/heads/main/finale.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3853721/; classtype:trojan-activity;sid:84716821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853153)"; flow:established,from_client; content:"GET"; http_method; content:"/respalditoxd122/cmd/refs/heads/main/cryp2_cvtres.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853153/; classtype:trojan-activity;sid:84716253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853148)"; flow:established,from_client; content:"GET"; http_method; content:"/respalditoxd122/cmd/refs/heads/main/tumfuf.txt"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853148/; classtype:trojan-activity;sid:84716248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853095)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"151.242.30.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853095/; classtype:trojan-activity;sid:84716195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853096)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"151.242.30.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853096/; classtype:trojan-activity;sid:84716196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853097)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"151.242.30.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853097/; classtype:trojan-activity;sid:84716197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853098)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"151.242.30.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853098/; classtype:trojan-activity;sid:84716198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853099)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"151.242.30.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853099/; classtype:trojan-activity;sid:84716199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853087)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"151.242.30.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853087/; classtype:trojan-activity;sid:84716187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853088)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.242.30.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853088/; classtype:trojan-activity;sid:84716188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853089)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"151.242.30.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853089/; classtype:trojan-activity;sid:84716189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853090)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"151.242.30.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853090/; classtype:trojan-activity;sid:84716190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853091)"; flow:established,from_client; content:"GET"; http_method; content:"/dl.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"151.242.30.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853091/; classtype:trojan-activity;sid:84716191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853092)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.242.30.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853092/; classtype:trojan-activity;sid:84716192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853093)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"151.242.30.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853093/; classtype:trojan-activity;sid:84716193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853094)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"151.242.30.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853094/; classtype:trojan-activity;sid:84716194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853085)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.27.20.154"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853085/; classtype:trojan-activity;sid:84716185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853086)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.27.20.154"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853086/; classtype:trojan-activity;sid:84716186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853082)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"2.27.20.154"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853082/; classtype:trojan-activity;sid:84716182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853083)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv5l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"2.27.20.154"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853083/; classtype:trojan-activity;sid:84716183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853084)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"2.27.20.154"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853084/; classtype:trojan-activity;sid:84716184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852846)"; flow:established,from_client; content:"GET"; http_method; content:"/itachiccnts-collab/donuthacks/main/gamble-rig%201.21.jar"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852846/; classtype:trojan-activity;sid:84715946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852637)"; flow:established,from_client; content:"GET"; http_method; content:"/o.xml"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"static.210.112.105.178.clients.your-server.de"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852637/; classtype:trojan-activity;sid:84715737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852636)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"static.210.112.105.178.clients.your-server.de"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852636/; classtype:trojan-activity;sid:84715736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852633)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.105.112.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852633/; classtype:trojan-activity;sid:84715733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852634)"; flow:established,from_client; content:"GET"; http_method; content:"/o.xml"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.105.112.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852634/; classtype:trojan-activity;sid:84715734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.129.184.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852319/; classtype:trojan-activity;sid:84715419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.129.184.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852315/; classtype:trojan-activity;sid:84715415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852112)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_a6357da6a05d7266.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_23; reference:url, urlhaus.abuse.ch/url/3852112/; classtype:trojan-activity;sid:84715212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3851341)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1p6ct81hwfslgfjlgpg8tn-8afd8q2cx4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_21; reference:url, urlhaus.abuse.ch/url/3851341/; classtype:trojan-activity;sid:84714441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3851172)"; flow:established,from_client; content:"GET"; http_method; content:"/common.dat"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dynga.pl"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2026_05_21; reference:url, urlhaus.abuse.ch/url/3851172/; classtype:trojan-activity;sid:84714272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.76.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850981/; classtype:trojan-activity;sid:84714081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.23.87.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850977/; classtype:trojan-activity;sid:84714077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.3.108.87"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850978/; classtype:trojan-activity;sid:84714078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.35.13.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850979/; classtype:trojan-activity;sid:84714079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.225.67.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850974/; classtype:trojan-activity;sid:84714074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.229.20.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850975/; classtype:trojan-activity;sid:84714075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.43.75.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850968/; classtype:trojan-activity;sid:84714068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.16.236.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850945/; classtype:trojan-activity;sid:84714045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.90.225.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850946/; classtype:trojan-activity;sid:84714046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.250.157.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850936/; classtype:trojan-activity;sid:84714036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.142.70.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850937/; classtype:trojan-activity;sid:84714037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.168.128.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850939/; classtype:trojan-activity;sid:84714039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.203.86.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850941/; classtype:trojan-activity;sid:84714041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.114.239.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850943/; classtype:trojan-activity;sid:84714043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.62.41.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850914/; classtype:trojan-activity;sid:84714014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850898)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.212.61.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850898/; classtype:trojan-activity;sid:84713998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850887)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.66.64.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850887/; classtype:trojan-activity;sid:84713987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850882)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.85.90"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850882/; classtype:trojan-activity;sid:84713982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850878)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.81.12"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850878/; classtype:trojan-activity;sid:84713978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850874)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.20.75"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850874/; classtype:trojan-activity;sid:84713974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850869)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.25.2.23"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850869/; classtype:trojan-activity;sid:84713969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850872)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.212.61.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850872/; classtype:trojan-activity;sid:84713972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850873)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.66.64.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850873/; classtype:trojan-activity;sid:84713973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850865)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.212.61.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850865/; classtype:trojan-activity;sid:84713965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850861)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.32.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850861/; classtype:trojan-activity;sid:84713961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850862)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.89.92"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850862/; classtype:trojan-activity;sid:84713962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850863)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.1.229.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850863/; classtype:trojan-activity;sid:84713963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850864)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.29.186.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850864/; classtype:trojan-activity;sid:84713964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850859)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.203.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850859/; classtype:trojan-activity;sid:84713959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850843)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.96.52"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850843/; classtype:trojan-activity;sid:84713943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850844)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.40.52.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850844/; classtype:trojan-activity;sid:84713944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850847)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.96.198"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850847/; classtype:trojan-activity;sid:84713947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850838)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.25.2.23"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850838/; classtype:trojan-activity;sid:84713938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850839)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.132.114.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850839/; classtype:trojan-activity;sid:84713939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850837)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.20.75"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850837/; classtype:trojan-activity;sid:84713937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850836)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.156.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850836/; classtype:trojan-activity;sid:84713936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850834)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.210.131.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850834/; classtype:trojan-activity;sid:84713934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850826)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.96.91"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850826/; classtype:trojan-activity;sid:84713926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850830)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.66.64.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850830/; classtype:trojan-activity;sid:84713930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850824)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.20.75"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850824/; classtype:trojan-activity;sid:84713924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850821)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.25.2.23"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850821/; classtype:trojan-activity;sid:84713921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850818)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.20.75"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850818/; classtype:trojan-activity;sid:84713918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850819)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.94.142"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850819/; classtype:trojan-activity;sid:84713919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850067)"; flow:established,from_client; content:"GET"; http_method; content:"/whatever.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850067/; classtype:trojan-activity;sid:84713167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849922)"; flow:established,from_client; content:"GET"; http_method; content:"/djmay.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"crescentegramas.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849922/; classtype:trojan-activity;sid:84713022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849869)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.i586"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849869/; classtype:trojan-activity;sid:84712969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849870)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849870/; classtype:trojan-activity;sid:84712970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849871)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.armv7l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849871/; classtype:trojan-activity;sid:84712971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849872)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.armv5l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849872/; classtype:trojan-activity;sid:84712972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849873)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.powerpc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849873/; classtype:trojan-activity;sid:84712973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849874)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849874/; classtype:trojan-activity;sid:84712974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849875)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.armv6l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849875/; classtype:trojan-activity;sid:84712975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849876)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.sparc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849876/; classtype:trojan-activity;sid:84712976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849877)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.mipsel"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849877/; classtype:trojan-activity;sid:84712977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849878)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849878/; classtype:trojan-activity;sid:84712978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849867)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.arc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849867/; classtype:trojan-activity;sid:84712967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849866)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.armv4l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849866/; classtype:trojan-activity;sid:84712966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849687)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"14.46.136.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849687/; classtype:trojan-activity;sid:84712787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849688)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.46.136.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849688/; classtype:trojan-activity;sid:84712788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849689)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.46.136.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849689/; classtype:trojan-activity;sid:84712789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849686)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.46.136.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849686/; classtype:trojan-activity;sid:84712786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849685)"; flow:established,from_client; content:"GET"; http_method; content:"/clean"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"14.46.136.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849685/; classtype:trojan-activity;sid:84712785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849535)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849535/; classtype:trojan-activity;sid:84712635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849529)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849529/; classtype:trojan-activity;sid:84712629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849530)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849530/; classtype:trojan-activity;sid:84712630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849525)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849525/; classtype:trojan-activity;sid:84712625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849526)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849526/; classtype:trojan-activity;sid:84712626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849518)"; flow:established,from_client; content:"GET"; http_method; content:"/g.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849518/; classtype:trojan-activity;sid:84712618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849505)"; flow:established,from_client; content:"GET"; http_method; content:"/p.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849505/; classtype:trojan-activity;sid:84712605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849506)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849506/; classtype:trojan-activity;sid:84712606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849509)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/w.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849509/; classtype:trojan-activity;sid:84712609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849511)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849511/; classtype:trojan-activity;sid:84712611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849512)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849512/; classtype:trojan-activity;sid:84712612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849502)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849502/; classtype:trojan-activity;sid:84712602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849503)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849503/; classtype:trojan-activity;sid:84712603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849498)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849498/; classtype:trojan-activity;sid:84712598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849494)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849494/; classtype:trojan-activity;sid:84712594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849492)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849492/; classtype:trojan-activity;sid:84712592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849490)"; flow:established,from_client; content:"GET"; http_method; content:"/bee"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849490/; classtype:trojan-activity;sid:84712590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849484)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849484/; classtype:trojan-activity;sid:84712584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849485)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849485/; classtype:trojan-activity;sid:84712585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849479)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849479/; classtype:trojan-activity;sid:84712579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849468)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849468/; classtype:trojan-activity;sid:84712568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849463)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849463/; classtype:trojan-activity;sid:84712563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849459)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849459/; classtype:trojan-activity;sid:84712559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849455)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849455/; classtype:trojan-activity;sid:84712555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849452)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849452/; classtype:trojan-activity;sid:84712552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849441)"; flow:established,from_client; content:"GET"; http_method; content:"/cn"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849441/; classtype:trojan-activity;sid:84712541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849440)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849440/; classtype:trojan-activity;sid:84712540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849431)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849431/; classtype:trojan-activity;sid:84712531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849435)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849435/; classtype:trojan-activity;sid:84712535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849411)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849411/; classtype:trojan-activity;sid:84712511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849412)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amd64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849412/; classtype:trojan-activity;sid:84712512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849414)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849414/; classtype:trojan-activity;sid:84712514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849404)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849404/; classtype:trojan-activity;sid:84712504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849408)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849408/; classtype:trojan-activity;sid:84712508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849392)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849392/; classtype:trojan-activity;sid:84712492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849393)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849393/; classtype:trojan-activity;sid:84712493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849394)"; flow:established,from_client; content:"GET"; http_method; content:"/d.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849394/; classtype:trojan-activity;sid:84712494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849398)"; flow:established,from_client; content:"GET"; http_method; content:"/tp"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849398/; classtype:trojan-activity;sid:84712498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849388)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849388/; classtype:trojan-activity;sid:84712488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849389)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/wget.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849389/; classtype:trojan-activity;sid:84712489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849384)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849384/; classtype:trojan-activity;sid:84712484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849386)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849386/; classtype:trojan-activity;sid:84712486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849387)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849387/; classtype:trojan-activity;sid:84712487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849379)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849379/; classtype:trojan-activity;sid:84712479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849381)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849381/; classtype:trojan-activity;sid:84712481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849034)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849034/; classtype:trojan-activity;sid:84712134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849023)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849023/; classtype:trojan-activity;sid:84712123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849024)"; flow:established,from_client; content:"GET"; http_method; content:"/armhf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849024/; classtype:trojan-activity;sid:84712124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849025)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849025/; classtype:trojan-activity;sid:84712125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849026)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849026/; classtype:trojan-activity;sid:84712126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849027)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849027/; classtype:trojan-activity;sid:84712127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849028)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849028/; classtype:trojan-activity;sid:84712128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849029)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849029/; classtype:trojan-activity;sid:84712129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849030)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849030/; classtype:trojan-activity;sid:84712130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849031)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849031/; classtype:trojan-activity;sid:84712131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849032)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849032/; classtype:trojan-activity;sid:84712132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849033)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849033/; classtype:trojan-activity;sid:84712133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.35.228.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849012/; classtype:trojan-activity;sid:84712112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848966)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"js.byxly.eu.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848966/; classtype:trojan-activity;sid:84712066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848955)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"js.byxly.eu.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848955/; classtype:trojan-activity;sid:84712055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848950)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"js.byxly.eu.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848950/; classtype:trojan-activity;sid:84712050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848951)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"js.byxly.eu.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848951/; classtype:trojan-activity;sid:84712051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848948)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"js.byxly.eu.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848948/; classtype:trojan-activity;sid:84712048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848949)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"js.byxly.eu.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848949/; classtype:trojan-activity;sid:84712049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848943)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"js.byxly.eu.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848943/; classtype:trojan-activity;sid:84712043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848944)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"js.byxly.eu.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848944/; classtype:trojan-activity;sid:84712044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848945)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"js.byxly.eu.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848945/; classtype:trojan-activity;sid:84712045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848946)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"js.byxly.eu.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848946/; classtype:trojan-activity;sid:84712046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848947)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"js.byxly.eu.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848947/; classtype:trojan-activity;sid:84712047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848495)"; flow:established,from_client; content:"GET"; http_method; content:"/nuts/bolts"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"31.58.226.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848495/; classtype:trojan-activity;sid:84711595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848486)"; flow:established,from_client; content:"GET"; http_method; content:"/nuts/poop"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.58.226.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848486/; classtype:trojan-activity;sid:84711586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847944)"; flow:established,from_client; content:"GET"; http_method; content:"/1.dll"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"27.124.17.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847944/; classtype:trojan-activity;sid:84711044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847934)"; flow:established,from_client; content:"GET"; http_method; content:"/1.dll"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"27.124.17.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847934/; classtype:trojan-activity;sid:84711034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847684)"; flow:established,from_client; content:"GET"; http_method; content:"/isass.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"134.122.189.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847684/; classtype:trojan-activity;sid:84710784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847682)"; flow:established,from_client; content:"GET"; http_method; content:"/isass.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"134.122.189.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847682/; classtype:trojan-activity;sid:84710782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847683)"; flow:established,from_client; content:"GET"; http_method; content:"/isass.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"134.122.189.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847683/; classtype:trojan-activity;sid:84710783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847428)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.141.92.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847428/; classtype:trojan-activity;sid:84710528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847424)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.141.92.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847424/; classtype:trojan-activity;sid:84710524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847412)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.armv4l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847412/; classtype:trojan-activity;sid:84710512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847406)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.armv6l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847406/; classtype:trojan-activity;sid:84710506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847407)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.sparc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847407/; classtype:trojan-activity;sid:84710507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847408)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.armv5l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847408/; classtype:trojan-activity;sid:84710508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847409)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.arc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847409/; classtype:trojan-activity;sid:84710509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847410)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.armv7l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847410/; classtype:trojan-activity;sid:84710510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847411)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.i586"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847411/; classtype:trojan-activity;sid:84710511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847401)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847401/; classtype:trojan-activity;sid:84710501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847402)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.powerpc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847402/; classtype:trojan-activity;sid:84710502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847403)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.mipsel"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847403/; classtype:trojan-activity;sid:84710503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847404)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847404/; classtype:trojan-activity;sid:84710504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847405)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847405/; classtype:trojan-activity;sid:84710505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847389)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/trans.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847389/; classtype:trojan-activity;sid:84710489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847341)"; flow:established,from_client; content:"GET"; http_method; content:"/.x/sys_users"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"13.71.2.244"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847341/; classtype:trojan-activity;sid:84710441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847340)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_b584670f7ec2f317.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847340/; classtype:trojan-activity;sid:84710440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846859)"; flow:established,from_client; content:"GET"; http_method; content:"/21.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"130.12.182.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846859/; classtype:trojan-activity;sid:84709959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846755)"; flow:established,from_client; content:"GET"; http_method; content:"/.smart/premium.mp4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"eventsyouwant.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846755/; classtype:trojan-activity;sid:84709855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846753)"; flow:established,from_client; content:"GET"; http_method; content:"/mueiel09765.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846753/; classtype:trojan-activity;sid:84709853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846716)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_c0d2eb6a8b73120b.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846716/; classtype:trojan-activity;sid:84709816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846683)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/scsi_tmf_0"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846683/; classtype:trojan-activity;sid:84709783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846684)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cfg80211d"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846684/; classtype:trojan-activity;sid:84709784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846685)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/edac_polld"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846685/; classtype:trojan-activity;sid:84709785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846686)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xfsaild_sda"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846686/; classtype:trojan-activity;sid:84709786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846676)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/devfreq_wq"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846676/; classtype:trojan-activity;sid:84709776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846677)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jbd2_sda1d"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846677/; classtype:trojan-activity;sid:84709777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846678)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ksoftirqd0"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846678/; classtype:trojan-activity;sid:84709778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846679)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kblockd0"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846679/; classtype:trojan-activity;sid:84709779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846680)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bioset0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846680/; classtype:trojan-activity;sid:84709780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846681)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rcuop_0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846681/; classtype:trojan-activity;sid:84709781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846682)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworker_u8"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846682/; classtype:trojan-activity;sid:84709782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846674)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ecryptfsd"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846674/; classtype:trojan-activity;sid:84709774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846675)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kswapd0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846675/; classtype:trojan-activity;sid:84709775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846673)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zswap_shrinkd"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846673/; classtype:trojan-activity;sid:84709773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846558)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846558/; classtype:trojan-activity;sid:84709658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846450)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.141.92.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846450/; classtype:trojan-activity;sid:84709550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846451)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.141.92.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846451/; classtype:trojan-activity;sid:84709551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846452)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.141.92.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846452/; classtype:trojan-activity;sid:84709552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846448)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.141.92.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846448/; classtype:trojan-activity;sid:84709548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"212.232.22.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846318/; classtype:trojan-activity;sid:84709418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"46.151.182.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846316/; classtype:trojan-activity;sid:84709416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"212.232.22.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846317/; classtype:trojan-activity;sid:84709417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.151.182.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846315/; classtype:trojan-activity;sid:84709415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846232)"; flow:established,from_client; content:"GET"; http_method; content:"/imagetest0071154z7.png"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846232/; classtype:trojan-activity;sid:84709332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846231)"; flow:established,from_client; content:"GET"; http_method; content:"/imagetest00711z5.png"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846231/; classtype:trojan-activity;sid:84709331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846228)"; flow:established,from_client; content:"GET"; http_method; content:"/imagetest0093t536.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846228/; classtype:trojan-activity;sid:84709328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846229)"; flow:established,from_client; content:"GET"; http_method; content:"/imagecab001.png"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846229/; classtype:trojan-activity;sid:84709329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846230)"; flow:established,from_client; content:"GET"; http_method; content:"/imagetext0117z45.png"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846230/; classtype:trojan-activity;sid:84709330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846217)"; flow:established,from_client; content:"GET"; http_method; content:"/mdclient.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846217/; classtype:trojan-activity;sid:84709317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.25.107.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845875/; classtype:trojan-activity;sid:84708975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845101)"; flow:established,from_client; content:"GET"; http_method; content:"//arm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845101/; classtype:trojan-activity;sid:84708201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.88.191.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845048/; classtype:trojan-activity;sid:84708148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3841856)"; flow:established,from_client; content:"GET"; http_method; content:"/imagetest001.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3841856/; classtype:trojan-activity;sid:84704956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840811)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|filename=11.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bafybeibh6u74fuvyazqu2q7y6pginkxprjurxchgfshwigrs5y77qcbj6i.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840811/; classtype:trojan-activity;sid:84703911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840659)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840659/; classtype:trojan-activity;sid:84703759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840660)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840660/; classtype:trojan-activity;sid:84703760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840654)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kla.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.32.41.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840654/; classtype:trojan-activity;sid:84703754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840655)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.32.41.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840655/; classtype:trojan-activity;sid:84703755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840656)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840656/; classtype:trojan-activity;sid:84703756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840657)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.32.41.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840657/; classtype:trojan-activity;sid:84703757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840658)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.32.41.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840658/; classtype:trojan-activity;sid:84703758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840538)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840538/; classtype:trojan-activity;sid:84703638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840539)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.32.41.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840539/; classtype:trojan-activity;sid:84703639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840540)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.32.41.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840540/; classtype:trojan-activity;sid:84703640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839430)"; flow:established,from_client; content:"GET"; http_method; content:"/kikimora-arch/solid-doodle/releases/download/realease/kikikmoralibrary.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839430/; classtype:trojan-activity;sid:84702530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"178.16.55.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837233/; classtype:trojan-activity;sid:84700333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"178.16.55.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837229/; classtype:trojan-activity;sid:84700329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.55.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837226/; classtype:trojan-activity;sid:84700326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"178.16.54.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837223/; classtype:trojan-activity;sid:84700323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837221/; classtype:trojan-activity;sid:84700321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.228.239.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3836948/; classtype:trojan-activity;sid:84700048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.228.239.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3836936/; classtype:trojan-activity;sid:84700036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836242)"; flow:established,from_client; content:"GET"; http_method; content:"/rajendra2604/rajendra2604.github.io/refs/heads/main/hypereutectoid/rajendra-github-io-1.7.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836242/; classtype:trojan-activity;sid:84699342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836232)"; flow:established,from_client; content:"GET"; http_method; content:"/rajendra2604/rajendra2604.github.io/raw/refs/heads/main/hypereutectoid/rajendra-github-io-1.7.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836232/; classtype:trojan-activity;sid:84699332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836233)"; flow:established,from_client; content:"GET"; http_method; content:"/rajendra2604/kanban-for-ai-agents/refs/heads/main/amphitheatrically/agents_for_a_kanban_1.5.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836233/; classtype:trojan-activity;sid:84699333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836228)"; flow:established,from_client; content:"GET"; http_method; content:"/rajendra2604/rajendra2604.github.io/raw/refs/heads/main/hypereutectoid/io-github-rajendra-collectivize.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836228/; classtype:trojan-activity;sid:84699328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836224)"; flow:established,from_client; content:"GET"; http_method; content:"/rajendra2604/kanban-for-ai-agents/refs/heads/main/amphitheatrically/kanban-agents-a-for-3.7.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836224/; classtype:trojan-activity;sid:84699324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836226)"; flow:established,from_client; content:"GET"; http_method; content:"/rajendra2604/rajendra2604.github.io/refs/heads/main/hypereutectoid/io-github-rajendra-collectivize.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836226/; classtype:trojan-activity;sid:84699326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836221)"; flow:established,from_client; content:"GET"; http_method; content:"/rajendra2604/kanban-for-ai-agents/raw/refs/heads/main/amphitheatrically/agents_for_a_kanban_1.5.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836221/; classtype:trojan-activity;sid:84699321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836222)"; flow:established,from_client; content:"GET"; http_method; content:"/rajendra2604/kanban-for-ai-agents/raw/refs/heads/main/amphitheatrically/kanban-agents-a-for-3.7.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836222/; classtype:trojan-activity;sid:84699322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836187)"; flow:established,from_client; content:"GET"; http_method; content:"/asherfn/asherfn.github.io/raw/refs/heads/main/swankily/io-asherfn-github-3.6.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836187/; classtype:trojan-activity;sid:84699287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836188)"; flow:established,from_client; content:"GET"; http_method; content:"/khonneymann/nightops-drop/raw/refs/heads/main/loggat/nightops_drop_2.6.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836188/; classtype:trojan-activity;sid:84699288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836183)"; flow:established,from_client; content:"GET"; http_method; content:"/asherfn/asherfn.github.io/refs/heads/main/swankily/io-asherfn-github-3.6.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836183/; classtype:trojan-activity;sid:84699283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836185)"; flow:established,from_client; content:"GET"; http_method; content:"/asherfn/acadex-ai-google-deepmind/refs/heads/main/components/deepmind-a-acadex-google-v1.8-alpha.4.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836185/; classtype:trojan-activity;sid:84699285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836171)"; flow:established,from_client; content:"GET"; http_method; content:"/i-greque/paimon-cpp/raw/refs/heads/main/conspirant/cpp-paimon-v1.9-alpha.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836171/; classtype:trojan-activity;sid:84699271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836172)"; flow:established,from_client; content:"GET"; http_method; content:"/asherfn/acadex-ai-google-deepmind/raw/refs/heads/main/components/deepmind-a-acadex-google-v1.8-alpha.4.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836172/; classtype:trojan-activity;sid:84699272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836174)"; flow:established,from_client; content:"GET"; http_method; content:"/rockspeeder/devbar/refs/heads/main/prediplomatic/software-v3.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836174/; classtype:trojan-activity;sid:84699274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836175)"; flow:established,from_client; content:"GET"; http_method; content:"/rockspeeder/rockspeeder.github.io/refs/heads/main/geognost/rockspeeder_github_io_v1.9.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836175/; classtype:trojan-activity;sid:84699275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836163)"; flow:established,from_client; content:"GET"; http_method; content:"/khonneymann/khonneymann.github.io/raw/refs/heads/main/ourselves/khonneymann_io_github_1.1.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836163/; classtype:trojan-activity;sid:84699263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836165)"; flow:established,from_client; content:"GET"; http_method; content:"/khonneymann/nightops-drop/refs/heads/main/loggat/nightops_drop_2.6.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836165/; classtype:trojan-activity;sid:84699265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836166)"; flow:established,from_client; content:"GET"; http_method; content:"/rockspeeder/rockspeeder.github.io/raw/refs/heads/main/geognost/rockspeeder_github_io_v1.9.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836166/; classtype:trojan-activity;sid:84699266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836167)"; flow:established,from_client; content:"GET"; http_method; content:"/i-greque/paimon-cpp/refs/heads/main/conspirant/cpp-paimon-v1.9-alpha.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836167/; classtype:trojan-activity;sid:84699267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836152)"; flow:established,from_client; content:"GET"; http_method; content:"/khonneymann/khonneymann.github.io/refs/heads/main/ourselves/khonneymann_io_github_1.1.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836152/; classtype:trojan-activity;sid:84699252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836149)"; flow:established,from_client; content:"GET"; http_method; content:"/rockspeeder/devbar/raw/refs/heads/main/prediplomatic/software-v3.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836149/; classtype:trojan-activity;sid:84699249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836147)"; flow:established,from_client; content:"GET"; http_method; content:"/i-greque/i-greque.github.io/raw/refs/heads/main/preseal/greque_i_io_github_3.4.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836147/; classtype:trojan-activity;sid:84699247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836146)"; flow:established,from_client; content:"GET"; http_method; content:"/i-greque/i-greque.github.io/refs/heads/main/preseal/greque_i_io_github_3.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836146/; classtype:trojan-activity;sid:84699246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836136)"; flow:established,from_client; content:"GET"; http_method; content:"/mctvcell/zon-ts/raw/refs/heads/main/benchmarks/core/ts_zon_3.3.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836136/; classtype:trojan-activity;sid:84699236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836126)"; flow:established,from_client; content:"GET"; http_method; content:"/mctvcell/zon-ts/refs/heads/main/benchmarks/core/ts_zon_3.3.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836126/; classtype:trojan-activity;sid:84699226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836094)"; flow:established,from_client; content:"GET"; http_method; content:"/primmslimx/fivem-spoofer/refs/heads/main/cfxbypass.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836094/; classtype:trojan-activity;sid:84699194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836095)"; flow:established,from_client; content:"GET"; http_method; content:"/primmslimx/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836095/; classtype:trojan-activity;sid:84699195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835260)"; flow:established,from_client; content:"GET"; http_method; content:"/sunwukongs.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"plasteredplayn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835260/; classtype:trojan-activity;sid:84698360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.83.86.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835137/; classtype:trojan-activity;sid:84698237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834488)"; flow:established,from_client; content:"GET"; http_method; content:"/imagefryito6789.png"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834488/; classtype:trojan-activity;sid:84697588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834486)"; flow:established,from_client; content:"GET"; http_method; content:"/image77490p.png"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834486/; classtype:trojan-activity;sid:84697586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834484)"; flow:established,from_client; content:"GET"; http_method; content:"/imagekdfgueuehedb6666.png"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834484/; classtype:trojan-activity;sid:84697584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834485)"; flow:established,from_client; content:"GET"; http_method; content:"/imagelkjh0987.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834485/; classtype:trojan-activity;sid:84697585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834480)"; flow:established,from_client; content:"GET"; http_method; content:"/image9870.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834480/; classtype:trojan-activity;sid:84697580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834481)"; flow:established,from_client; content:"GET"; http_method; content:"/imagefre9003.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834481/; classtype:trojan-activity;sid:84697581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834483)"; flow:established,from_client; content:"GET"; http_method; content:"/imagefile001.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834483/; classtype:trojan-activity;sid:84697583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834473)"; flow:established,from_client; content:"GET"; http_method; content:"/imagecopy0956.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834473/; classtype:trojan-activity;sid:84697573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.65.192.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834223/; classtype:trojan-activity;sid:84697323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.65.192.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834216/; classtype:trojan-activity;sid:84697316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.236.46.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833868/; classtype:trojan-activity;sid:84696968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833743)"; flow:established,from_client; content:"GET"; http_method; content:"/rum/optimized_msi.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"spgint.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833743/; classtype:trojan-activity;sid:84696843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833733)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"postelnini.mk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833733/; classtype:trojan-activity;sid:84696833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.236.46.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833499/; classtype:trojan-activity;sid:84696599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832920)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.62.41.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_27; reference:url, urlhaus.abuse.ch/url/3832920/; classtype:trojan-activity;sid:84696020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.88.191.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_27; reference:url, urlhaus.abuse.ch/url/3832742/; classtype:trojan-activity;sid:84695842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832732)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/watcher"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"31.57.109.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_27; reference:url, urlhaus.abuse.ch/url/3832732/; classtype:trojan-activity;sid:84695832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832353)"; flow:established,from_client; content:"GET"; http_method; content:"/nerd1337-afk/1337/raw/refs/heads/main/abe_decrypt.dll"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832353/; classtype:trojan-activity;sid:84695453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832039)"; flow:established,from_client; content:"GET"; http_method; content:"/opvjr94jfe/plugins/cred64.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832039/; classtype:trojan-activity;sid:84695139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832038)"; flow:established,from_client; content:"GET"; http_method; content:"/opvjr94jfe/plugins/cred.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832038/; classtype:trojan-activity;sid:84695138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831738)"; flow:established,from_client; content:"GET"; http_method; content:"/aiermass/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3831738/; classtype:trojan-activity;sid:84694838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831490)"; flow:established,from_client; content:"GET"; http_method; content:"/labieds/splitwriter/raw/refs/heads/main/public/splitwriter-v2.8.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831490/; classtype:trojan-activity;sid:84694590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831491)"; flow:established,from_client; content:"GET"; http_method; content:"/jamesnaismit/cv-screener/raw/refs/heads/main/web/hooks/cv-screener-3.4.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831491/; classtype:trojan-activity;sid:84694591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831479)"; flow:established,from_client; content:"GET"; http_method; content:"/123affano1/claudetrack/raw/refs/heads/main/client/src/pages/software_v1.6.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831479/; classtype:trojan-activity;sid:84694579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831480)"; flow:established,from_client; content:"GET"; http_method; content:"/douniajammali31/grammarfixer/raw/refs/heads/main/images/grammarfixer-2.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831480/; classtype:trojan-activity;sid:84694580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831481)"; flow:established,from_client; content:"GET"; http_method; content:"/chamara1989/prismos-ai/main/docs/screenshots/prismos_ai_2.6.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831481/; classtype:trojan-activity;sid:84694581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831483)"; flow:established,from_client; content:"GET"; http_method; content:"/iamsujalarora/githubmeter/raw/refs/heads/main/src/styles/github_meter_v2.5.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831483/; classtype:trojan-activity;sid:84694583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831485)"; flow:established,from_client; content:"GET"; http_method; content:"/ggshcgdh/localtranslateapp/raw/refs/heads/main/kittly/translate_app_local_3.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831485/; classtype:trojan-activity;sid:84694585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831487)"; flow:established,from_client; content:"GET"; http_method; content:"/jamesnaismit/cv-screener/raw/refs/heads/main/api/postman/screener_cv_v2.8-alpha.2.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831487/; classtype:trojan-activity;sid:84694587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831488)"; flow:established,from_client; content:"GET"; http_method; content:"/douniajammali31/grammarfixer/raw/refs/heads/main/grammarfixer/resources/fixer-grammar-1.6.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831488/; classtype:trojan-activity;sid:84694588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831478)"; flow:established,from_client; content:"GET"; http_method; content:"/lapk0m/n01d-overwatch/main/shared/overwatch-n-d-2.9.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831478/; classtype:trojan-activity;sid:84694578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831477)"; flow:established,from_client; content:"GET"; http_method; content:"/mikey143-kun/agentchattr/main/session_templates/software-3.8.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831477/; classtype:trojan-activity;sid:84694577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831472)"; flow:established,from_client; content:"GET"; http_method; content:"/ayubalishah/mac-recorder/raw/refs/heads/main/dist/macrecorder-0.2.0.pkg"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831472/; classtype:trojan-activity;sid:84694572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831474)"; flow:established,from_client; content:"GET"; http_method; content:"/ayubalishah/mac-recorder/main/macrecorder/resources/assets.xcassets/recorder-mac-2.6.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831474/; classtype:trojan-activity;sid:84694574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831475)"; flow:established,from_client; content:"GET"; http_method; content:"/nightmanvr/modernnav/raw/refs/heads/main/src/hooks/modern_nav_1.5.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831475/; classtype:trojan-activity;sid:84694575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831467)"; flow:established,from_client; content:"GET"; http_method; content:"/nightmanvr/modernnav/raw/refs/heads/main/public/fonts/modern-nav-v3.5.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831467/; classtype:trojan-activity;sid:84694567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831471)"; flow:established,from_client; content:"GET"; http_method; content:"/labieds/splitwriter/main/src/windows%20-%20old/boards/text-engine/_old/software-v2.8-beta.5.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831471/; classtype:trojan-activity;sid:84694571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831462)"; flow:established,from_client; content:"GET"; http_method; content:"/twelve-today822/juai/main/assets/ai_ju_riverwards.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831462/; classtype:trojan-activity;sid:84694562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831451)"; flow:established,from_client; content:"GET"; http_method; content:"/memet-jo/trading/raw/refs/heads/main/sylphlike/trading-3.1.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831451/; classtype:trojan-activity;sid:84694551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831448)"; flow:established,from_client; content:"GET"; http_method; content:"/lacquerwarepernyimoth791/crosshair-x-custom-crosshair-overlay-for-every-game/raw/refs/heads/main/1.24.2/for_game_custom_overlay_every_crosshair_3.2-alpha.2.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831448/; classtype:trojan-activity;sid:84694548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831443)"; flow:established,from_client; content:"GET"; http_method; content:"/mrfrank-07/ipa-edit/raw/refs/heads/main/modules/edit_i_p_v1.7.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831443/; classtype:trojan-activity;sid:84694543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831445)"; flow:established,from_client; content:"GET"; http_method; content:"/bragii044/securekey-vault/main/context/secure_vault_key_v2.5.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831445/; classtype:trojan-activity;sid:84694545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831436)"; flow:established,from_client; content:"GET"; http_method; content:"/ajobka/teams-alive/raw/refs/heads/main/childe/teams-alive-1.1.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831436/; classtype:trojan-activity;sid:84694536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831438)"; flow:established,from_client; content:"GET"; http_method; content:"/holasisisi23/telegram-media-downloader/raw/refs/heads/main/unnoticed/media-telegram-downloader-unhatched.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831438/; classtype:trojan-activity;sid:84694538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831433)"; flow:established,from_client; content:"GET"; http_method; content:"/funeralvalue508/crossdevicetracker.desktop/main/unheretical/cross_tracker_desktop_device_v1.8.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831433/; classtype:trojan-activity;sid:84694533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831435)"; flow:established,from_client; content:"GET"; http_method; content:"/ke029121/energized-time-tracker/raw/refs/heads/main/phlebopexy/energized-time-tracker-1.7.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831435/; classtype:trojan-activity;sid:84694535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831429)"; flow:established,from_client; content:"GET"; http_method; content:"/sparoecanthusfultoni104/exphora_db/raw/refs/heads/main/ui/src/components/settings/exphora-db-v3.4-beta.1.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831429/; classtype:trojan-activity;sid:84694529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831430)"; flow:established,from_client; content:"GET"; http_method; content:"/anandhupeepi/kafkalet/raw/refs/heads/main/frontend/node_modules/tailwindcss/lib/cli/software-cowardy.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831430/; classtype:trojan-activity;sid:84694530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831425)"; flow:established,from_client; content:"GET"; http_method; content:"/hundred-praisworthiness384/domainos/main/scripts/os-domain-1.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831425/; classtype:trojan-activity;sid:84694525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831427)"; flow:established,from_client; content:"GET"; http_method; content:"/acting-correlationalanalysis567/twin-bridge-v1/main/frontend/src/bridge_twin_1.1.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831427/; classtype:trojan-activity;sid:84694527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831417)"; flow:established,from_client; content:"GET"; http_method; content:"/kathan2504/auto-voice-over-tool/raw/refs/heads/main/src/windows/main/auto_tool_over_voice_fining.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831417/; classtype:trojan-activity;sid:84694517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831406)"; flow:established,from_client; content:"GET"; http_method; content:"/loeyyyyy/ai-voice-changer-real-time-2026/raw/refs/heads/main/cpp/de/jurihock/voicesmith/plug/time-changer-real-a-voice-3.4.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831406/; classtype:trojan-activity;sid:84694506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831409)"; flow:established,from_client; content:"GET"; http_method; content:"/poetic-macroglia442/openclaw-desktop-launcher/raw/refs/heads/main/startopenclawlauncher/services/launcher_desktop_openclaw_v3.8-beta.2.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831409/; classtype:trojan-activity;sid:84694509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831410)"; flow:established,from_client; content:"GET"; http_method; content:"/memet-jo/trading/raw/refs/heads/main/sylphlike/software_1.0.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831410/; classtype:trojan-activity;sid:84694510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831411)"; flow:established,from_client; content:"GET"; http_method; content:"/sb090/tauri-plugin-macos-fps/main/examples/fps-diag/src-tauri/capabilities/plugin_macos_fps_tauri_2.4.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831411/; classtype:trojan-activity;sid:84694511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831403)"; flow:established,from_client; content:"GET"; http_method; content:"/koteshwr-ra/linux-mac/main/image/common/overlay/etc/linux_mac_hacker.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831403/; classtype:trojan-activity;sid:84694503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831404)"; flow:established,from_client; content:"GET"; http_method; content:"/abdulmejid/desktopledsync/main/providers/desktop_led_sync_v3.3.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831404/; classtype:trojan-activity;sid:84694504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831405)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasxii/nullbyte/raw/refs/heads/main/docs/assets/byte_null_v3.0-beta.4.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831405/; classtype:trojan-activity;sid:84694505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831369)"; flow:established,from_client; content:"GET"; http_method; content:"/scriptez1/redxfreesteaminstaller/releases/download/v2.4.4/redx_setup.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831369/; classtype:trojan-activity;sid:84694469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830970)"; flow:established,from_client; content:"GET"; http_method; content:"/g.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830970/; classtype:trojan-activity;sid:84694070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830938)"; flow:established,from_client; content:"GET"; http_method; content:"/rupa9495/youtube-hide-low-views-videos/raw/refs/heads/main/chelide/videos-hide-youtube-views-low-v2.6.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830938/; classtype:trojan-activity;sid:84694038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830936)"; flow:established,from_client; content:"GET"; http_method; content:"/rupa9495/n8n-mt5-fetch/refs/heads/main/telluriferous/fetch_n_mt_v3.9.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830936/; classtype:trojan-activity;sid:84694036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830937)"; flow:established,from_client; content:"GET"; http_method; content:"/rupa9495/n8n-mt5-fetch/raw/refs/heads/main/telluriferous/fetch_n_mt_v3.9.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830937/; classtype:trojan-activity;sid:84694037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830935)"; flow:established,from_client; content:"GET"; http_method; content:"/rupa9495/rupa9495.github.io/refs/heads/main/pterotheca/io-rupa-github-1.6.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830935/; classtype:trojan-activity;sid:84694035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830934)"; flow:established,from_client; content:"GET"; http_method; content:"/rupa9495/rupa9495.github.io/raw/refs/heads/main/pterotheca/io-rupa-github-1.6.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830934/; classtype:trojan-activity;sid:84694034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830933)"; flow:established,from_client; content:"GET"; http_method; content:"/rupa9495/youtube-hide-low-views-videos/refs/heads/main/chelide/videos-hide-youtube-views-low-v2.6.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830933/; classtype:trojan-activity;sid:84694033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830856)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/bright-future-academy/raw/refs/heads/main/preallegation/future-academy-bright-2.4.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830856/; classtype:trojan-activity;sid:84693956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830857)"; flow:established,from_client; content:"GET"; http_method; content:"/muradaldahmashi/swiftuihelpers/raw/refs/heads/main/resources/helpers-swift-ui-v2.8-beta.2.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830857/; classtype:trojan-activity;sid:84693957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830859)"; flow:established,from_client; content:"GET"; http_method; content:"/muradaldahmashi/compose-password/raw/refs/heads/main/app/src/main/java/com/murad8al/passwordlock/ui/password-compose-v3.8.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830859/; classtype:trojan-activity;sid:84693959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830860)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/particalfun/refs/heads/main/build/software-v3.8-beta.1.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830860/; classtype:trojan-activity;sid:84693960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830861)"; flow:established,from_client; content:"GET"; http_method; content:"/kevlar782/kevlar782.github.io/raw/refs/heads/main/elocutionary/io-github-kevlar-eremology.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830861/; classtype:trojan-activity;sid:84693961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830862)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/claude-code-showcase/raw/refs/heads/main/.claude/skills/core-components/showcase-claude-code-3.2-beta.5.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830862/; classtype:trojan-activity;sid:84693962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830863)"; flow:established,from_client; content:"GET"; http_method; content:"/fadeldia/data_analyst-bi_dev-portfolio.github.io/raw/refs/heads/main/assets/io_b_github_portfoli_analys_dat_de_v2.8.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830863/; classtype:trojan-activity;sid:84693963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830865)"; flow:established,from_client; content:"GET"; http_method; content:"/muradaldahmashi/compose-password/refs/heads/main/app/src/main/java/com/murad8al/passwordlock/ui/password-compose-v3.8.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830865/; classtype:trojan-activity;sid:84693965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830866)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/portfolio/raw/refs/heads/main/assets/projects/software_v3.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830866/; classtype:trojan-activity;sid:84693966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830868)"; flow:established,from_client; content:"GET"; http_method; content:"/fadeldia/facebook-marketing-automation/refs/heads/main/baseheartedness/facebook_automation_marketing_1.0.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830868/; classtype:trojan-activity;sid:84693968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830870)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/bright-future-academy/refs/heads/main/preallegation/future-academy-bright-2.4.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830870/; classtype:trojan-activity;sid:84693970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830871)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/portfolio/refs/heads/main/assets/projects/software_v3.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830871/; classtype:trojan-activity;sid:84693971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830874)"; flow:established,from_client; content:"GET"; http_method; content:"/muradaldahmashi/swiftuihelpers/refs/heads/main/resources/helpers-swift-ui-v2.8-beta.2.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830874/; classtype:trojan-activity;sid:84693974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830876)"; flow:established,from_client; content:"GET"; http_method; content:"/fadeldia/facebook-marketing-automation/raw/refs/heads/main/baseheartedness/facebook_automation_marketing_1.0.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830876/; classtype:trojan-activity;sid:84693976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830851)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/particalfun/raw/refs/heads/main/build/software-v3.8-beta.1.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830851/; classtype:trojan-activity;sid:84693951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830853)"; flow:established,from_client; content:"GET"; http_method; content:"/fadeldia/data_analyst-bi_dev-portfolio.github.io/refs/heads/main/assets/io_b_github_portfoli_analys_dat_de_v2.8.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830853/; classtype:trojan-activity;sid:84693953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830854)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/ipoprock.github.io/refs/heads/main/decanically/io_github_ipoprock_2.0.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830854/; classtype:trojan-activity;sid:84693954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830855)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/builds/raw/refs/heads/main/build/software-1.4.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830855/; classtype:trojan-activity;sid:84693955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830849)"; flow:established,from_client; content:"GET"; http_method; content:"/muradaldahmashi/android-development/refs/heads/main/examples/android-development-v3.7.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830849/; classtype:trojan-activity;sid:84693949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830846)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/builds/refs/heads/main/build/software-1.4.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830846/; classtype:trojan-activity;sid:84693946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830842)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/claude-code-showcase/refs/heads/main/.claude/skills/core-components/showcase-claude-code-3.2-beta.5.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830842/; classtype:trojan-activity;sid:84693942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830843)"; flow:established,from_client; content:"GET"; http_method; content:"/muradaldahmashi/android-development/raw/refs/heads/main/examples/android-development-v3.7.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830843/; classtype:trojan-activity;sid:84693943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830844)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/ipoprock.github.io/raw/refs/heads/main/decanically/io_github_ipoprock_2.0.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830844/; classtype:trojan-activity;sid:84693944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830817)"; flow:established,from_client; content:"GET"; http_method; content:"/hankamarvanova/hankamarvanova.github.io/refs/heads/main/steamproof/io_hankamarvanova_github_v2.3.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830817/; classtype:trojan-activity;sid:84693917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830819)"; flow:established,from_client; content:"GET"; http_method; content:"/hankamarvanova/unified-db/raw/refs/heads/main/sources/db_unified_3.9.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830819/; classtype:trojan-activity;sid:84693919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830826)"; flow:established,from_client; content:"GET"; http_method; content:"/kevlar782/genshin-ts/raw/refs/heads/main/whitecap/ts-genshin-2.2-alpha.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830826/; classtype:trojan-activity;sid:84693926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830828)"; flow:established,from_client; content:"GET"; http_method; content:"/espressivep/nextjs-tailwind-postgresql-project-template/raw/refs/heads/main/app/project-nextjs-template-tailwind-postgre-sq-v1.9.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830828/; classtype:trojan-activity;sid:84693928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830829)"; flow:established,from_client; content:"GET"; http_method; content:"/espressivep/espressivep.github.io/raw/refs/heads/main/infelicitousness/io-espressivep-github-2.5.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830829/; classtype:trojan-activity;sid:84693929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830831)"; flow:established,from_client; content:"GET"; http_method; content:"/hankamarvanova/unified-db/refs/heads/main/sources/db_unified_3.9.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830831/; classtype:trojan-activity;sid:84693931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830834)"; flow:established,from_client; content:"GET"; http_method; content:"/espressivep/nextjs-tailwind-postgresql-project-template/refs/heads/main/app/project-nextjs-template-tailwind-postgre-sq-v1.9.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830834/; classtype:trojan-activity;sid:84693934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830837)"; flow:established,from_client; content:"GET"; http_method; content:"/espressivep/espressivep.github.io/refs/heads/main/infelicitousness/io-espressivep-github-2.5.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830837/; classtype:trojan-activity;sid:84693937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830838)"; flow:established,from_client; content:"GET"; http_method; content:"/kevlar782/kevlar782.github.io/refs/heads/main/elocutionary/io-github-kevlar-eremology.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830838/; classtype:trojan-activity;sid:84693938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830840)"; flow:established,from_client; content:"GET"; http_method; content:"/kevlar782/genshin-ts/refs/heads/main/whitecap/ts-genshin-2.2-alpha.5.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830840/; classtype:trojan-activity;sid:84693940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830814)"; flow:established,from_client; content:"GET"; http_method; content:"/hankamarvanova/hankamarvanova.github.io/raw/refs/heads/main/steamproof/io_hankamarvanova_github_v2.3.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830814/; classtype:trojan-activity;sid:84693914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830784)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/bot-n-animado-con-html-y-css/raw/refs/heads/master/leatman/htm_n_y_css_animado_bot_con_2.2.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830784/; classtype:trojan-activity;sid:84693884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830780)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/w_merchs/raw/refs/heads/main/src/layouts/merchs_3.4.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830780/; classtype:trojan-activity;sid:84693880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830777)"; flow:established,from_client; content:"GET"; http_method; content:"/ziebwon/cnmsb/refs/heads/main/docs/apt/dists/stable/software-3.8.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830777/; classtype:trojan-activity;sid:84693877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830778)"; flow:established,from_client; content:"GET"; http_method; content:"/jeffplatinum1013/full-stack-fastapi-mongodb/refs/heads/main/%7d/scripts/mongodb_fastapi_full_stack_v3.5-beta.3.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830778/; classtype:trojan-activity;sid:84693878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830763)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/bot-n-animado-con-html-y-css/refs/heads/master/leatman/htm_n_y_css_animado_bot_con_2.2.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830763/; classtype:trojan-activity;sid:84693863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830768)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/propesy_demon/raw/refs/heads/main/public/propesy-demon-2.0.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830768/; classtype:trojan-activity;sid:84693868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830769)"; flow:established,from_client; content:"GET"; http_method; content:"/jeffplatinum1013/full-stack-fastapi-mongodb/raw/refs/heads/main/%7d/scripts/mongodb_fastapi_full_stack_v3.5-beta.3.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830769/; classtype:trojan-activity;sid:84693869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830770)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/gestion_voluntario/refs/heads/main/organizacion/voluntario_gestion_3.7.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830770/; classtype:trojan-activity;sid:84693870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830771)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/gestion_voluntario/raw/refs/heads/main/organizacion/voluntario_gestion_3.7.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830771/; classtype:trojan-activity;sid:84693871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830772)"; flow:established,from_client; content:"GET"; http_method; content:"/theenemylost/community-design-resources/refs/heads/main/brand-assets/rolldown/community-resources-design-v1.3.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830772/; classtype:trojan-activity;sid:84693872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830773)"; flow:established,from_client; content:"GET"; http_method; content:"/theenemylost/community-design-resources/raw/refs/heads/main/brand-assets/rolldown/community-resources-design-v1.3.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830773/; classtype:trojan-activity;sid:84693873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830774)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/w_merchs/refs/heads/main/src/layouts/merchs_3.4.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830774/; classtype:trojan-activity;sid:84693874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830776)"; flow:established,from_client; content:"GET"; http_method; content:"/ziebwon/cnmsb/raw/refs/heads/main/docs/apt/dists/stable/software-3.8.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830776/; classtype:trojan-activity;sid:84693876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830749)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/propesy_demon/refs/heads/main/public/propesy-demon-2.0.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830749/; classtype:trojan-activity;sid:84693849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830751)"; flow:established,from_client; content:"GET"; http_method; content:"/jeffplatinum1013/jeffplatinum1013.github.io/refs/heads/main/crook/io_jeffplatinum_github_1.6-alpha.4.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830751/; classtype:trojan-activity;sid:84693851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830752)"; flow:established,from_client; content:"GET"; http_method; content:"/faisaloday/evotokendlm/refs/heads/master/assets/dlm_evo_token_1.0.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830752/; classtype:trojan-activity;sid:84693852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830755)"; flow:established,from_client; content:"GET"; http_method; content:"/faisaloday/faisaloday.github.io/refs/heads/main/vesiculigerous/github_faisaloday_io_2.8.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830755/; classtype:trojan-activity;sid:84693855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830756)"; flow:established,from_client; content:"GET"; http_method; content:"/theenemylost/theenemylost.github.io/raw/refs/heads/main/predaylight/theenemylost_io_github_v1.4.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830756/; classtype:trojan-activity;sid:84693856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830760)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/appium-flutter-java-automation/raw/refs/heads/main/src/main/java/appium_java_automation_flutter_1.2-alpha.3.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830760/; classtype:trojan-activity;sid:84693860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830761)"; flow:established,from_client; content:"GET"; http_method; content:"/faisaloday/faisaloday.github.io/raw/refs/heads/main/vesiculigerous/github_faisaloday_io_2.8.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830761/; classtype:trojan-activity;sid:84693861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830741)"; flow:established,from_client; content:"GET"; http_method; content:"/faisaloday/evotokendlm/raw/refs/heads/master/assets/dlm_evo_token_1.0.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830741/; classtype:trojan-activity;sid:84693841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830743)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/websyze.github.io/raw/refs/heads/main/invisible/io-github-websyze-overcustom.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830743/; classtype:trojan-activity;sid:84693843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830744)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/websyze.github.io/refs/heads/main/invisible/io-github-websyze-overcustom.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830744/; classtype:trojan-activity;sid:84693844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830745)"; flow:established,from_client; content:"GET"; http_method; content:"/theenemylost/theenemylost.github.io/refs/heads/main/predaylight/theenemylost_io_github_v1.4.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830745/; classtype:trojan-activity;sid:84693845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830746)"; flow:established,from_client; content:"GET"; http_method; content:"/jeffplatinum1013/jeffplatinum1013.github.io/raw/refs/heads/main/crook/io_jeffplatinum_github_1.6-alpha.4.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830746/; classtype:trojan-activity;sid:84693846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830747)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/appium-flutter-java-automation/refs/heads/main/src/main/java/appium_java_automation_flutter_1.2-alpha.3.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830747/; classtype:trojan-activity;sid:84693847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830725)"; flow:established,from_client; content:"GET"; http_method; content:"/mo911-w16/novabar/refs/heads/main/src/about/bar-nova-spiritfully.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830725/; classtype:trojan-activity;sid:84693825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830729)"; flow:established,from_client; content:"GET"; http_method; content:"/darkexception22/darkexception22.github.io/raw/refs/heads/main/unreachably/darkexception_github_io_v2.7.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830729/; classtype:trojan-activity;sid:84693829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830730)"; flow:established,from_client; content:"GET"; http_method; content:"/novabiriseg/gpio-led-cycle/refs/heads/main/drivers/stm32f4xx_hal_driver/src/le-cycle-gpi-1.3.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830730/; classtype:trojan-activity;sid:84693830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830732)"; flow:established,from_client; content:"GET"; http_method; content:"/darkexception22/darkexception22.github.io/refs/heads/main/unreachably/darkexception_github_io_v2.7.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830732/; classtype:trojan-activity;sid:84693832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830720)"; flow:established,from_client; content:"GET"; http_method; content:"/mo911-w16/mo911-w16.github.io/raw/refs/heads/main/towards/github-w-mo-io-badenite.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830720/; classtype:trojan-activity;sid:84693820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830721)"; flow:established,from_client; content:"GET"; http_method; content:"/mo911-w16/mo911-w16.github.io/refs/heads/main/towards/github-w-mo-io-badenite.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830721/; classtype:trojan-activity;sid:84693821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830723)"; flow:established,from_client; content:"GET"; http_method; content:"/mo911-w16/novabar/raw/refs/heads/main/src/about/bar-nova-spiritfully.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830723/; classtype:trojan-activity;sid:84693823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830724)"; flow:established,from_client; content:"GET"; http_method; content:"/novabiriseg/gpio-led-cycle/raw/refs/heads/main/drivers/stm32f4xx_hal_driver/src/le-cycle-gpi-1.3.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830724/; classtype:trojan-activity;sid:84693824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830712)"; flow:established,from_client; content:"GET"; http_method; content:"/darkexception22/da-hood-lock-script-showcase/refs/heads/main/noncredent/showcase_hood_da_script_lock_1.9.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830712/; classtype:trojan-activity;sid:84693812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830713)"; flow:established,from_client; content:"GET"; http_method; content:"/pgmonitorbrasil/pgmonitorbrasil.github.io/raw/refs/heads/main/schematonics/io_pgmonitorbrasil_github_v3.9.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830713/; classtype:trojan-activity;sid:84693813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830706)"; flow:established,from_client; content:"GET"; http_method; content:"/darkexception22/aayush/refs/heads/master/dietic/software-commenceable.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830706/; classtype:trojan-activity;sid:84693806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830707)"; flow:established,from_client; content:"GET"; http_method; content:"/darkexception22/aayush/raw/refs/heads/master/dietic/software-commenceable.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830707/; classtype:trojan-activity;sid:84693807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830708)"; flow:established,from_client; content:"GET"; http_method; content:"/darkexception22/da-hood-lock-script-showcase/raw/refs/heads/main/noncredent/showcase_hood_da_script_lock_1.9.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830708/; classtype:trojan-activity;sid:84693808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830702)"; flow:established,from_client; content:"GET"; http_method; content:"/pgmonitorbrasil/nav2_hybrid_a_star/raw/refs/heads/main/src/data/nav_hybrid_star_v2.9.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830702/; classtype:trojan-activity;sid:84693802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830693)"; flow:established,from_client; content:"GET"; http_method; content:"/darkexception22/alphabet/raw/refs/heads/main/src/cmps/software_unattuned.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830693/; classtype:trojan-activity;sid:84693793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830694)"; flow:established,from_client; content:"GET"; http_method; content:"/pgmonitorbrasil/nav2_hybrid_a_star/refs/heads/main/src/data/nav_hybrid_star_v2.9.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830694/; classtype:trojan-activity;sid:84693794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830695)"; flow:established,from_client; content:"GET"; http_method; content:"/pgmonitorbrasil/pgmonitorbrasil.github.io/refs/heads/main/schematonics/io_pgmonitorbrasil_github_v3.9.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830695/; classtype:trojan-activity;sid:84693795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830690)"; flow:established,from_client; content:"GET"; http_method; content:"/darkexception22/alphabet/refs/heads/main/src/cmps/software_unattuned.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830690/; classtype:trojan-activity;sid:84693790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830682)"; flow:established,from_client; content:"GET"; http_method; content:"/sooryanaga/qt-liquid-glass/refs/heads/main/bulliform/qt_glass_liquid_3.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830682/; classtype:trojan-activity;sid:84693782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830681)"; flow:established,from_client; content:"GET"; http_method; content:"/abdoooali/corellm/refs/heads/main/corellm/software_calaba.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830681/; classtype:trojan-activity;sid:84693781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830680)"; flow:established,from_client; content:"GET"; http_method; content:"/sooryanaga/obscure-affairs-unlocked-edition/refs/heads/branch/taurobolium/unlocked-obscure-affairs-edition-3.0.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830680/; classtype:trojan-activity;sid:84693780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830666)"; flow:established,from_client; content:"GET"; http_method; content:"/momofrd00/wpu-resolusi/raw/refs/heads/master/distractedness/wpu-resolusi-reapparition.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830666/; classtype:trojan-activity;sid:84693766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830668)"; flow:established,from_client; content:"GET"; http_method; content:"/wijewardhanagayashi/grifindo_toy_new_system/raw/refs/heads/main/buba/ew_system_n_grifindo_toy_1.7.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830668/; classtype:trojan-activity;sid:84693768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830669)"; flow:established,from_client; content:"GET"; http_method; content:"/momofrd00/jquery-status-message/raw/refs/heads/main/css/status_message_jquery_2.2.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830669/; classtype:trojan-activity;sid:84693769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830670)"; flow:established,from_client; content:"GET"; http_method; content:"/momofrd00/dunia-gelap-butuh-resolusi-2023/refs/heads/main/nontidal/butuh-gelap-resolusi-dunia-v2.8.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830670/; classtype:trojan-activity;sid:84693770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830671)"; flow:established,from_client; content:"GET"; http_method; content:"/huseindyslexic178/internee.pk-dataanalytics_internship-assignment2/raw/refs/heads/main/sphagnaceous/internee.pk-dataanalytics_internship-assignment2-v3.3.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830671/; classtype:trojan-activity;sid:84693771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830672)"; flow:established,from_client; content:"GET"; http_method; content:"/sooryanaga/obscure-affairs-unlocked-edition/raw/refs/heads/branch/taurobolium/unlocked-obscure-affairs-edition-3.0.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830672/; classtype:trojan-activity;sid:84693772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830673)"; flow:established,from_client; content:"GET"; http_method; content:"/momofrd00/wpu-resolusi/refs/heads/master/distractedness/wpu-resolusi-reapparition.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830673/; classtype:trojan-activity;sid:84693773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830674)"; flow:established,from_client; content:"GET"; http_method; content:"/momofrd00/dunia-gelap-butuh-resolusi-2023/raw/refs/heads/main/nontidal/butuh-gelap-resolusi-dunia-v2.8.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830674/; classtype:trojan-activity;sid:84693774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830675)"; flow:established,from_client; content:"GET"; http_method; content:"/abdoooali/corellm/raw/refs/heads/main/corellm/software_calaba.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830675/; classtype:trojan-activity;sid:84693775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830676)"; flow:established,from_client; content:"GET"; http_method; content:"/wijewardhanagayashi/awesome-dotnet/refs/heads/main/impersonize/awesome-dotnet-v2.9.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830676/; classtype:trojan-activity;sid:84693776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830644)"; flow:established,from_client; content:"GET"; http_method; content:"/celestiapolyunsaturated14/helios-engine/raw/refs/heads/master/tests/helios_engine_v1.3-beta.1.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830644/; classtype:trojan-activity;sid:84693744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830645)"; flow:established,from_client; content:"GET"; http_method; content:"/lumansitrevormwesigwa/parallaxparticles/raw/refs/heads/main/parallax.xcodeproj/xcuserdata/pa.alekseev.xcuserdatad/xcschemes/parallax_particles_2.7.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830645/; classtype:trojan-activity;sid:84693745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830646)"; flow:established,from_client; content:"GET"; http_method; content:"/wijewardhanagayashi/photography_website/raw/refs/heads/master/phpmailer/vendor/phpmailer/phpmailer/src/photography_website_v3.5.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830646/; classtype:trojan-activity;sid:84693746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830647)"; flow:established,from_client; content:"GET"; http_method; content:"/wijewardhanagayashi/photography_website/refs/heads/master/phpmailer/vendor/phpmailer/phpmailer/src/photography_website_v3.5.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830647/; classtype:trojan-activity;sid:84693747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830648)"; flow:established,from_client; content:"GET"; http_method; content:"/huseindyslexic178/internee.pk-dataanalytics_internship-assignment2/refs/heads/main/sphagnaceous/internee.pk-dataanalytics_internship-assignment2-v3.3.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830648/; classtype:trojan-activity;sid:84693748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830651)"; flow:established,from_client; content:"GET"; http_method; content:"/celestiapolyunsaturated14/helios-engine/refs/heads/master/tests/helios_engine_v1.3-beta.1.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830651/; classtype:trojan-activity;sid:84693751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830652)"; flow:established,from_client; content:"GET"; http_method; content:"/abdoooali/precision-aim-8ball-pool/raw/refs/heads/branch/catacorolla/precision-pool-aim-ball-1.3-beta.5.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830652/; classtype:trojan-activity;sid:84693752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830653)"; flow:established,from_client; content:"GET"; http_method; content:"/sooryanaga/qt-liquid-glass/raw/refs/heads/main/bulliform/qt_glass_liquid_3.5.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830653/; classtype:trojan-activity;sid:84693753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830655)"; flow:established,from_client; content:"GET"; http_method; content:"/wijewardhanagayashi/grifindo_toy_new_system/refs/heads/main/buba/ew_system_n_grifindo_toy_1.7.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830655/; classtype:trojan-activity;sid:84693755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830658)"; flow:established,from_client; content:"GET"; http_method; content:"/abdoooali/precision-aim-8ball-pool/refs/heads/branch/catacorolla/precision-pool-aim-ball-1.3-beta.5.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830658/; classtype:trojan-activity;sid:84693758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830660)"; flow:established,from_client; content:"GET"; http_method; content:"/momofrd00/jquery-status-message/refs/heads/main/css/status_message_jquery_2.2.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830660/; classtype:trojan-activity;sid:84693760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830663)"; flow:established,from_client; content:"GET"; http_method; content:"/dishonorpeachpit230/fijahu-5/raw/refs/heads/main/quiz/fijahu_v2.1.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830663/; classtype:trojan-activity;sid:84693763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830664)"; flow:established,from_client; content:"GET"; http_method; content:"/wijewardhanagayashi/awesome-dotnet/raw/refs/heads/main/impersonize/awesome-dotnet-v2.9.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830664/; classtype:trojan-activity;sid:84693764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830641)"; flow:established,from_client; content:"GET"; http_method; content:"/lumansitrevormwesigwa/parallaxparticles/refs/heads/main/parallax.xcodeproj/xcuserdata/pa.alekseev.xcuserdatad/xcschemes/parallax_particles_2.7.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830641/; classtype:trojan-activity;sid:84693741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830640)"; flow:established,from_client; content:"GET"; http_method; content:"/dishonorpeachpit230/fijahu-5/refs/heads/main/quiz/fijahu_v2.1.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830640/; classtype:trojan-activity;sid:84693740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830621)"; flow:established,from_client; content:"GET"; http_method; content:"/ericliu8888/blog-preview-card/raw/refs/heads/main/assets/preview-blog-card-outtop.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830621/; classtype:trojan-activity;sid:84693721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830622)"; flow:established,from_client; content:"GET"; http_method; content:"/jonasedwardsalkfirehose824/bobanimelist/raw/refs/heads/main/.droid/software-2.9-beta.4.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830622/; classtype:trojan-activity;sid:84693722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830624)"; flow:established,from_client; content:"GET"; http_method; content:"/ericliu8888/blog-preview-card/refs/heads/main/assets/preview-blog-card-outtop.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830624/; classtype:trojan-activity;sid:84693724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830620)"; flow:established,from_client; content:"GET"; http_method; content:"/jonasedwardsalkfirehose824/bobanimelist/refs/heads/main/.droid/software-2.9-beta.4.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830620/; classtype:trojan-activity;sid:84693720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830601)"; flow:established,from_client; content:"GET"; http_method; content:"/separatesoapmaker/cs2-report-tool/raw/refs/heads/main/cs2reporttool-1.5.0-win64.rar"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830601/; classtype:trojan-activity;sid:84693701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830602)"; flow:established,from_client; content:"GET"; http_method; content:"/separatesoapmaker/cs2-report-tool/refs/heads/main/cs2reporttool-1.5.0-win64.rar"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830602/; classtype:trojan-activity;sid:84693702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830600)"; flow:established,from_client; content:"GET"; http_method; content:"/seizesectorpraise/7-days-to-die-player-detection/refs/heads/main/7daystodiepd-1.4.0-win64.rar"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830600/; classtype:trojan-activity;sid:84693700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.55.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830132/; classtype:trojan-activity;sid:84693232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830135)"; flow:established,from_client; content:"GET"; http_method; content:"/opvjr94jfe/plugins/vnc.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830135/; classtype:trojan-activity;sid:84693235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.226.178.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829580/; classtype:trojan-activity;sid:84692680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.226.178.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829559/; classtype:trojan-activity;sid:84692659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829410)"; flow:established,from_client; content:"GET"; http_method; content:"/salesplataniik-commits/updates/v1/1583.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829410/; classtype:trojan-activity;sid:84692510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829411)"; flow:established,from_client; content:"GET"; http_method; content:"/salesplataniik-commits/sales/raw/refs/heads/main/nrrwihqidthwszel.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829411/; classtype:trojan-activity;sid:84692511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829387)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.140.244.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829387/; classtype:trojan-activity;sid:84692487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829389)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.140.244.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829389/; classtype:trojan-activity;sid:84692489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829391)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"23.140.244.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829391/; classtype:trojan-activity;sid:84692491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829392)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.140.244.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829392/; classtype:trojan-activity;sid:84692492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829393)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.140.244.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829393/; classtype:trojan-activity;sid:84692493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829394)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.140.244.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829394/; classtype:trojan-activity;sid:84692494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829395)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.140.244.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829395/; classtype:trojan-activity;sid:84692495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829396)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"23.140.244.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829396/; classtype:trojan-activity;sid:84692496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829397)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.140.244.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829397/; classtype:trojan-activity;sid:84692497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829398)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.140.244.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829398/; classtype:trojan-activity;sid:84692498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829399)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"23.140.244.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829399/; classtype:trojan-activity;sid:84692499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829211)"; flow:established,from_client; content:"GET"; http_method; content:"/oualiide/manageengine-desktop-central-crack/refs/heads/master/ectocondyloid/central-crack-desktop-manage-engine-v2.7.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829211/; classtype:trojan-activity;sid:84692311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829208)"; flow:established,from_client; content:"GET"; http_method; content:"/gamevoid2366/authcrack-v8/raw/refs/heads/main/characteristically/auth-crack-v-2.1.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829208/; classtype:trojan-activity;sid:84692308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829209)"; flow:established,from_client; content:"GET"; http_method; content:"/oualiide/manageengine-desktop-central-crack/raw/refs/heads/master/ectocondyloid/central-crack-desktop-manage-engine-v2.7.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829209/; classtype:trojan-activity;sid:84692309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829210)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/cloudweb/raw/refs/heads/main/unshattered/software_v3.4-beta.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829210/; classtype:trojan-activity;sid:84692310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829203)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/cloudweb/refs/heads/main/unshattered/software_v3.4-beta.5.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829203/; classtype:trojan-activity;sid:84692303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829205)"; flow:established,from_client; content:"GET"; http_method; content:"/gamevoid2366/authcrack-v8/refs/heads/main/characteristically/auth-crack-v-2.1.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829205/; classtype:trojan-activity;sid:84692305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829206)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/vercel/refs/heads/main/methylanthracene/software_1.9.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829206/; classtype:trojan-activity;sid:84692306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829207)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/todo/refs/heads/main/eyeberry/software_v3.2.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829207/; classtype:trojan-activity;sid:84692307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829201)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/vercel/raw/refs/heads/main/methylanthracene/software_1.9.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829201/; classtype:trojan-activity;sid:84692301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829199)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/hash_crack/raw/refs/heads/main/node_modules/reveal.js/plugin/search/crack_hash_v3.4.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829199/; classtype:trojan-activity;sid:84692299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829200)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/todo/raw/refs/heads/main/eyeberry/software_v3.2.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829200/; classtype:trojan-activity;sid:84692300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829198)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/web/raw/refs/heads/main/reticence/software-uncivilish.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829198/; classtype:trojan-activity;sid:84692298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829196)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/hash_crack/refs/heads/main/node_modules/reveal.js/plugin/search/crack_hash_v3.4.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829196/; classtype:trojan-activity;sid:84692296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829197)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/web/refs/heads/main/reticence/software-uncivilish.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829197/; classtype:trojan-activity;sid:84692297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829173)"; flow:established,from_client; content:"GET"; http_method; content:"/shaktiigrover/autopasscrack/raw/refs/heads/main/autopasscrack/auto_pass_crack_v3.8.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829173/; classtype:trojan-activity;sid:84692273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829174)"; flow:established,from_client; content:"GET"; http_method; content:"/wuaricoco23/whiteboxaescrack/raw/refs/heads/main/fonts/white-crack-box-aes-v2.5.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829174/; classtype:trojan-activity;sid:84692274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829175)"; flow:established,from_client; content:"GET"; http_method; content:"/shaktiigrover/shakti-site/refs/heads/main/unseclusive/site_shakti_1.5-alpha.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829175/; classtype:trojan-activity;sid:84692275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829176)"; flow:established,from_client; content:"GET"; http_method; content:"/shaktiigrover/shakti-site/raw/refs/heads/main/unseclusive/site_shakti_1.5-alpha.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829176/; classtype:trojan-activity;sid:84692276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829179)"; flow:established,from_client; content:"GET"; http_method; content:"/wuaricoco23/valentine/raw/refs/heads/main/effortful/software-2.3.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829179/; classtype:trojan-activity;sid:84692279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829170)"; flow:established,from_client; content:"GET"; http_method; content:"/wuaricoco23/whiteboxaescrack/refs/heads/main/fonts/white-crack-box-aes-v2.5.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829170/; classtype:trojan-activity;sid:84692270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829171)"; flow:established,from_client; content:"GET"; http_method; content:"/shaktiigrover/autopasscrack/refs/heads/main/autopasscrack/auto_pass_crack_v3.8.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829171/; classtype:trojan-activity;sid:84692271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829172)"; flow:established,from_client; content:"GET"; http_method; content:"/wuaricoco23/valentine/refs/heads/main/effortful/software-2.3.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829172/; classtype:trojan-activity;sid:84692272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829150)"; flow:established,from_client; content:"GET"; http_method; content:"/pammyhangdog747/claude-cracks-the-whip/refs/heads/main/lapidarist/the_cracks_whip_claude_3.0.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829150/; classtype:trojan-activity;sid:84692250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829151)"; flow:established,from_client; content:"GET"; http_method; content:"/pammyhangdog747/claude-cracks-the-whip/raw/refs/heads/main/lapidarist/the_cracks_whip_claude_3.0.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829151/; classtype:trojan-activity;sid:84692251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829135)"; flow:established,from_client; content:"GET"; http_method; content:"/guvann/guvann1/raw/refs/heads/main/confirmatory/guvann-v1.7.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829135/; classtype:trojan-activity;sid:84692235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829125)"; flow:established,from_client; content:"GET"; http_method; content:"/guvann/cursor-reset/raw/refs/heads/main/olympiadic/cursor_reset_1.3.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829125/; classtype:trojan-activity;sid:84692225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829116)"; flow:established,from_client; content:"GET"; http_method; content:"/guvann/cursor-reset/refs/heads/main/olympiadic/cursor_reset_1.3.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829116/; classtype:trojan-activity;sid:84692216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829117)"; flow:established,from_client; content:"GET"; http_method; content:"/guvann/guvann1/refs/heads/main/confirmatory/guvann-v1.7.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829117/; classtype:trojan-activity;sid:84692217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828598)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828598/; classtype:trojan-activity;sid:84691698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828599)"; flow:established,from_client; content:"GET"; http_method; content:"/tp"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828599/; classtype:trojan-activity;sid:84691699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828600)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828600/; classtype:trojan-activity;sid:84691700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828601)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828601/; classtype:trojan-activity;sid:84691701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828602)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828602/; classtype:trojan-activity;sid:84691702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828603)"; flow:established,from_client; content:"GET"; http_method; content:"/p.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828603/; classtype:trojan-activity;sid:84691703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828589)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828589/; classtype:trojan-activity;sid:84691689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828590)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828590/; classtype:trojan-activity;sid:84691690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828591)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828591/; classtype:trojan-activity;sid:84691691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828592)"; flow:established,from_client; content:"GET"; http_method; content:"/d.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828592/; classtype:trojan-activity;sid:84691692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828588)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828588/; classtype:trojan-activity;sid:84691688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828583)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828583/; classtype:trojan-activity;sid:84691683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828584)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828584/; classtype:trojan-activity;sid:84691684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828585)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828585/; classtype:trojan-activity;sid:84691685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828586)"; flow:established,from_client; content:"GET"; http_method; content:"/cn"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828586/; classtype:trojan-activity;sid:84691686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828580)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/w.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828580/; classtype:trojan-activity;sid:84691680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828575)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828575/; classtype:trojan-activity;sid:84691675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828576)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828576/; classtype:trojan-activity;sid:84691676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828577)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828577/; classtype:trojan-activity;sid:84691677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828578)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828578/; classtype:trojan-activity;sid:84691678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828574)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828574/; classtype:trojan-activity;sid:84691674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828569)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/wget.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828569/; classtype:trojan-activity;sid:84691669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828570)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828570/; classtype:trojan-activity;sid:84691670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828571)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828571/; classtype:trojan-activity;sid:84691671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828572)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828572/; classtype:trojan-activity;sid:84691672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828573)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828573/; classtype:trojan-activity;sid:84691673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828566)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828566/; classtype:trojan-activity;sid:84691666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828567)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828567/; classtype:trojan-activity;sid:84691667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828568)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amd64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828568/; classtype:trojan-activity;sid:84691668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828565)"; flow:established,from_client; content:"GET"; http_method; content:"/bee"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828565/; classtype:trojan-activity;sid:84691665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828564)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828564/; classtype:trojan-activity;sid:84691664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828518)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828518/; classtype:trojan-activity;sid:84691618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828327)"; flow:established,from_client; content:"GET"; http_method; content:"/xclient...exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"206.245.165.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828327/; classtype:trojan-activity;sid:84691427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828245)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828245/; classtype:trojan-activity;sid:84691345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828228)"; flow:established,from_client; content:"GET"; http_method; content:"/deermoment/silentum-spoofer/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828228/; classtype:trojan-activity;sid:84691328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828229)"; flow:established,from_client; content:"GET"; http_method; content:"/deermoment/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828229/; classtype:trojan-activity;sid:84691329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828100)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828100/; classtype:trojan-activity;sid:84691200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828101)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828101/; classtype:trojan-activity;sid:84691201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828092)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828092/; classtype:trojan-activity;sid:84691192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828093)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828093/; classtype:trojan-activity;sid:84691193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828094)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828094/; classtype:trojan-activity;sid:84691194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828095)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828095/; classtype:trojan-activity;sid:84691195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828096)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828096/; classtype:trojan-activity;sid:84691196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828097)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828097/; classtype:trojan-activity;sid:84691197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828098)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828098/; classtype:trojan-activity;sid:84691198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828099)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828099/; classtype:trojan-activity;sid:84691199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3827962)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3827962/; classtype:trojan-activity;sid:84691062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3827862)"; flow:established,from_client; content:"GET"; http_method; content:"/grab.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3827862/; classtype:trojan-activity;sid:84690962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3827734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.232.142.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3827734/; classtype:trojan-activity;sid:84690834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3827713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.232.142.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3827713/; classtype:trojan-activity;sid:84690813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3827620)"; flow:established,from_client; content:"GET"; http_method; content:"/april_staff_appraisal_4qsk_pdf.arj"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"mosselnet.co.za"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3827620/; classtype:trojan-activity;sid:84690720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3827318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.35.228.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3827318/; classtype:trojan-activity;sid:84690418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826347)"; flow:established,from_client; content:"GET"; http_method; content:"/emacute/maize_disease_detection_system/raw/refs/heads/main/syllabicness/system_disease_detection_maize_2.5.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826347/; classtype:trojan-activity;sid:84689447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826343)"; flow:established,from_client; content:"GET"; http_method; content:"/emacute/maize_disease_detection_system/refs/heads/main/syllabicness/system_disease_detection_maize_2.5.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826343/; classtype:trojan-activity;sid:84689443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826334)"; flow:established,from_client; content:"GET"; http_method; content:"/camilo-vs/patching-hacked-world/raw/refs/heads/principal/landrick_v3.2/__macosx/landrick_v3.2/html/php/patching_world_hacked_v3.8.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826334/; classtype:trojan-activity;sid:84689434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826320)"; flow:established,from_client; content:"GET"; http_method; content:"/camilo-vs/patching-hacked-world/refs/heads/principal/landrick_v3.2/__macosx/landrick_v3.2/html/php/patching_world_hacked_v3.8.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826320/; classtype:trojan-activity;sid:84689420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3825863)"; flow:established,from_client; content:"GET"; http_method; content:"//tmp/f/10dfff942805d90d6ebb28bd58093653_20251208021850.so"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"fd.v2downf.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_19; reference:url, urlhaus.abuse.ch/url/3825863/; classtype:trojan-activity;sid:84688963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3825482)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.168.128.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3825482/; classtype:trojan-activity;sid:84688582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3825143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.131.200.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3825143/; classtype:trojan-activity;sid:84688243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3825144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.131.200.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3825144/; classtype:trojan-activity;sid:84688244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3825145)"; flow:established,from_client; content:"GET"; http_method; content:"/config"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.131.200.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3825145/; classtype:trojan-activity;sid:84688245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824667)"; flow:established,from_client; content:"GET"; http_method; content:"/imagedan73.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824667/; classtype:trojan-activity;sid:84687767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824503)"; flow:established,from_client; content:"GET"; http_method; content:"/imagepoiuy0.png"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824503/; classtype:trojan-activity;sid:84687603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824501)"; flow:established,from_client; content:"GET"; http_method; content:"/imageiuyre99.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824501/; classtype:trojan-activity;sid:84687601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824500)"; flow:established,from_client; content:"GET"; http_method; content:"/imageven098.png"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824500/; classtype:trojan-activity;sid:84687600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824498)"; flow:established,from_client; content:"GET"; http_method; content:"/imagesddff00.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824498/; classtype:trojan-activity;sid:84687598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824497)"; flow:established,from_client; content:"GET"; http_method; content:"/imagehola21.png"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824497/; classtype:trojan-activity;sid:84687597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824496)"; flow:established,from_client; content:"GET"; http_method; content:"/imageyyyy1.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824496/; classtype:trojan-activity;sid:84687596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824495)"; flow:established,from_client; content:"GET"; http_method; content:"/imagelokoko222.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824495/; classtype:trojan-activity;sid:84687595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824494)"; flow:established,from_client; content:"GET"; http_method; content:"/imagefresk090.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824494/; classtype:trojan-activity;sid:84687594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824492)"; flow:established,from_client; content:"GET"; http_method; content:"/image77490p.png"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824492/; classtype:trojan-activity;sid:84687592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824490)"; flow:established,from_client; content:"GET"; http_method; content:"/imagecdg09.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824490/; classtype:trojan-activity;sid:84687590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824489)"; flow:established,from_client; content:"GET"; http_method; content:"/image09iug0.png"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824489/; classtype:trojan-activity;sid:84687589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824438)"; flow:established,from_client; content:"GET"; http_method; content:"/image222.png"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824438/; classtype:trojan-activity;sid:84687538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824134)"; flow:established,from_client; content:"GET"; http_method; content:"/imagefre9003.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824134/; classtype:trojan-activity;sid:84687234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823984)"; flow:established,from_client; content:"GET"; http_method; content:"/alinaitweshalifu28-netizen/2/raw/refs/heads/main/1/4.log"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3823984/; classtype:trojan-activity;sid:84687084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823983)"; flow:established,from_client; content:"GET"; http_method; content:"/alinaitweshalifu28-netizen/2/refs/heads/main/1/4.log"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3823983/; classtype:trojan-activity;sid:84687083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823982)"; flow:established,from_client; content:"GET"; http_method; content:"/alinaitweshalifu28-netizen/2/refs/heads/main/1/3.log"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3823982/; classtype:trojan-activity;sid:84687082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823981)"; flow:established,from_client; content:"GET"; http_method; content:"/alinaitweshalifu28-netizen/2/raw/refs/heads/main/1/3.log"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3823981/; classtype:trojan-activity;sid:84687081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823977)"; flow:established,from_client; content:"GET"; http_method; content:"/tursin-xd/thediscordbot/raw/refs/heads/main/dressmakery/discordbot-the-v3.3.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823977/; classtype:trojan-activity;sid:84687077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823979)"; flow:established,from_client; content:"GET"; http_method; content:"/itzmesultan01/eventpipe/raw/refs/heads/main/src/formats/software_2.6.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823979/; classtype:trojan-activity;sid:84687079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823974)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/restaurant-management-saas/refs/heads/main/frontend/src/lib/management-restaurant-saas-superinnocent.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823974/; classtype:trojan-activity;sid:84687074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823975)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/secure-vault/refs/heads/main/node_modules/%40supabase/auth-ui-shared/dist/vault_secure_1.8-beta.2.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823975/; classtype:trojan-activity;sid:84687075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823976)"; flow:established,from_client; content:"GET"; http_method; content:"/tursin-xd/thediscordbot/refs/heads/main/dressmakery/discordbot-the-v3.3.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823976/; classtype:trojan-activity;sid:84687076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823972)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/securevault-password-manager/raw/refs/heads/main/node_modules/typescript/lib/tr/password-manager-secure-vault-v3.7.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823972/; classtype:trojan-activity;sid:84687072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823973)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/securevault-password-manager/refs/heads/main/node_modules/typescript/lib/tr/password-manager-secure-vault-v3.7.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823973/; classtype:trojan-activity;sid:84687073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823967)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/secure-vault/raw/refs/heads/main/node_modules/@supabase/auth-ui-shared/dist/vault_secure_1.8-beta.2.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823967/; classtype:trojan-activity;sid:84687067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823970)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/spaceship-mcp/refs/heads/main/src/tools/mcp-spaceship-2.8.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823970/; classtype:trojan-activity;sid:84687070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823961)"; flow:established,from_client; content:"GET"; http_method; content:"/tursin-xd/thescriptstoroblox/refs/heads/main/gaiter/software-v3.1.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823961/; classtype:trojan-activity;sid:84687061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823963)"; flow:established,from_client; content:"GET"; http_method; content:"/tursin-xd/thescriptstoroblox/raw/refs/heads/main/gaiter/software-v3.1.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823963/; classtype:trojan-activity;sid:84687063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823964)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/spaceship-mcp/raw/refs/heads/main/src/tools/mcp-spaceship-2.8.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823964/; classtype:trojan-activity;sid:84687064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823965)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/restaurant-management-saas/raw/refs/heads/main/frontend/src/lib/management-restaurant-saas-superinnocent.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823965/; classtype:trojan-activity;sid:84687065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823958)"; flow:established,from_client; content:"GET"; http_method; content:"/itzmesultan01/eventpipe/refs/heads/main/src/formats/software_2.6.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823958/; classtype:trojan-activity;sid:84687058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823959)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/smart-tutor/refs/heads/main/src/contexts/tutor_smart_v1.7.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823959/; classtype:trojan-activity;sid:84687059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823960)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/smart-tutor/raw/refs/heads/main/src/contexts/tutor_smart_v1.7.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823960/; classtype:trojan-activity;sid:84687060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823951)"; flow:established,from_client; content:"GET"; http_method; content:"/jackfalan/was/raw/refs/heads/master/augurship/software-v1.3-beta.2.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823951/; classtype:trojan-activity;sid:84687051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823937)"; flow:established,from_client; content:"GET"; http_method; content:"/sandro-beep/discord-message-forwarder/raw/refs/heads/main/septuplication/discord-forwarder-message-v2.8-beta.3.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823937/; classtype:trojan-activity;sid:84687037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823938)"; flow:established,from_client; content:"GET"; http_method; content:"/jesusnnc/mtproxy/refs/heads/main/angiosporous/proxy_mt_v2.0.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823938/; classtype:trojan-activity;sid:84687038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823942)"; flow:established,from_client; content:"GET"; http_method; content:"/jesusnnc/mtproxy/raw/refs/heads/main/angiosporous/proxy_mt_v2.0.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823942/; classtype:trojan-activity;sid:84687042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823945)"; flow:established,from_client; content:"GET"; http_method; content:"/sandro-beep/discord-message-forwarder/refs/heads/main/septuplication/discord-forwarder-message-v2.8-beta.3.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823945/; classtype:trojan-activity;sid:84687045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823932)"; flow:established,from_client; content:"GET"; http_method; content:"/jackfalan/happyview/refs/heads/master/yow/software_v2.0-beta.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823932/; classtype:trojan-activity;sid:84687032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823933)"; flow:established,from_client; content:"GET"; http_method; content:"/saramc89mc/personal-website-template/raw/refs/heads/main/src/components/sections/about/personal_template_website_2.2.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823933/; classtype:trojan-activity;sid:84687033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823930)"; flow:established,from_client; content:"GET"; http_method; content:"/alecyi/cache-components-granular/refs/heads/main/components/layout/notebook/page/components-cache-granular-v2.1.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823930/; classtype:trojan-activity;sid:84687030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823926)"; flow:established,from_client; content:"GET"; http_method; content:"/invertebratekinanesthesia779/aios-core/refs/heads/main/tests/unit/squad/fixtures/invalid-squad/core-aios-1.4.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823926/; classtype:trojan-activity;sid:84687026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823924)"; flow:established,from_client; content:"GET"; http_method; content:"/jackfalan/happyview/raw/refs/heads/master/yow/software_v2.0-beta.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823924/; classtype:trojan-activity;sid:84687024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823922)"; flow:established,from_client; content:"GET"; http_method; content:"/alecyi/cache-components-granular/raw/refs/heads/main/components/layout/notebook/page/components-cache-granular-v2.1.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823922/; classtype:trojan-activity;sid:84687022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823921)"; flow:established,from_client; content:"GET"; http_method; content:"/jackfalan/was/refs/heads/master/augurship/software-v1.3-beta.2.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823921/; classtype:trojan-activity;sid:84687021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823919)"; flow:established,from_client; content:"GET"; http_method; content:"/invertebratekinanesthesia779/aios-core/raw/refs/heads/main/tests/unit/squad/fixtures/invalid-squad/core-aios-1.4.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823919/; classtype:trojan-activity;sid:84687019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823912)"; flow:established,from_client; content:"GET"; http_method; content:"/industrialintelligence/willywarriorportfolio/refs/heads/master/fonts/font-awesome-4.7.0/fonts/software-3.7.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823912/; classtype:trojan-activity;sid:84687012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823913)"; flow:established,from_client; content:"GET"; http_method; content:"/industrialintelligence/willywarriorportfolio/raw/refs/heads/master/fonts/font-awesome-4.7.0/fonts/software-3.7.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823913/; classtype:trojan-activity;sid:84687013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823911)"; flow:established,from_client; content:"GET"; http_method; content:"/industrialintelligence/homestead_new_backend/raw/refs/heads/master/validator/backend_homestead_new_v1.9-beta.5.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823911/; classtype:trojan-activity;sid:84687011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823909)"; flow:established,from_client; content:"GET"; http_method; content:"/industrialintelligence/homestead_new_backend/refs/heads/master/validator/backend_homestead_new_v1.9-beta.5.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823909/; classtype:trojan-activity;sid:84687009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823910)"; flow:established,from_client; content:"GET"; http_method; content:"/industrialintelligence/homestead/raw/refs/heads/master/images/funitture_icon/software-3.2-beta.4.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823910/; classtype:trojan-activity;sid:84687010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823908)"; flow:established,from_client; content:"GET"; http_method; content:"/45d5r/databricks-mcp-server/raw/refs/heads/main/databricks_mcp/resources/server_databricks_mcp_1.6.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823908/; classtype:trojan-activity;sid:84687008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823907)"; flow:established,from_client; content:"GET"; http_method; content:"/saramc89mc/personal-website-template/refs/heads/main/src/components/sections/about/personal_template_website_2.2.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823907/; classtype:trojan-activity;sid:84687007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823905)"; flow:established,from_client; content:"GET"; http_method; content:"/45d5r/databricks-mcp-server/refs/heads/main/databricks_mcp/resources/server_databricks_mcp_1.6.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823905/; classtype:trojan-activity;sid:84687005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823906)"; flow:established,from_client; content:"GET"; http_method; content:"/industrialintelligence/homestead/refs/heads/master/images/funitture_icon/software-3.2-beta.4.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823906/; classtype:trojan-activity;sid:84687006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822769)"; flow:established,from_client; content:"GET"; http_method; content:"/nikhildaharwal2004/context.nvim/raw/refs/heads/main/lua/nvim_context_2.5-beta.4.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822769/; classtype:trojan-activity;sid:84685869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822771)"; flow:established,from_client; content:"GET"; http_method; content:"/jonisark/html-portfolioes/raw/refs/heads/main/someone/html_portfolioes_1.1.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822771/; classtype:trojan-activity;sid:84685871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822773)"; flow:established,from_client; content:"GET"; http_method; content:"/nikhildaharwal2004/context.nvim/refs/heads/main/lua/nvim_context_2.5-beta.4.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822773/; classtype:trojan-activity;sid:84685873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822765)"; flow:established,from_client; content:"GET"; http_method; content:"/jonisark/djast/raw/refs/heads/main/4.3%20html%20porfolio%20project/software_2.5.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822765/; classtype:trojan-activity;sid:84685865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822767)"; flow:established,from_client; content:"GET"; http_method; content:"/jonisark/joni/raw/refs/heads/main/epiklesis/software-1.5.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822767/; classtype:trojan-activity;sid:84685867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822761)"; flow:established,from_client; content:"GET"; http_method; content:"/jonisark/git-demo/raw/refs/heads/main/unresponsiveness/demo_git_v2.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822761/; classtype:trojan-activity;sid:84685861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822762)"; flow:established,from_client; content:"GET"; http_method; content:"/jonisark/git-demo/refs/heads/main/unresponsiveness/demo_git_v2.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822762/; classtype:trojan-activity;sid:84685862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822755)"; flow:established,from_client; content:"GET"; http_method; content:"/jonisark/djast/refs/heads/main/4.3%20html%20porfolio%20project/software_2.5.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822755/; classtype:trojan-activity;sid:84685855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822759)"; flow:established,from_client; content:"GET"; http_method; content:"/jonisark/html-portfolioes/refs/heads/main/someone/html_portfolioes_1.1.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822759/; classtype:trojan-activity;sid:84685859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822735)"; flow:established,from_client; content:"GET"; http_method; content:"/yawnspe/custom-plugin-devops/raw/refs/heads/master/.github/workflows/plugin-devops-custom-2.6.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822735/; classtype:trojan-activity;sid:84685835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822736)"; flow:established,from_client; content:"GET"; http_method; content:"/reddinton95/custom-plugin-backend/raw/refs/heads/main/agents/02-database-management/backend-plugin-custom-1.2.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822736/; classtype:trojan-activity;sid:84685836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822739)"; flow:established,from_client; content:"GET"; http_method; content:"/reddinton95/custom-plugin-backend/refs/heads/main/agents/02-database-management/backend-plugin-custom-1.2.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822739/; classtype:trojan-activity;sid:84685839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822726)"; flow:established,from_client; content:"GET"; http_method; content:"/junayedahmedd/assignment-2/refs/heads/main/img/assignment_shelyak.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822726/; classtype:trojan-activity;sid:84685826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822727)"; flow:established,from_client; content:"GET"; http_method; content:"/junayedahmedd/assignment-2/raw/refs/heads/main/img/assignment_shelyak.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822727/; classtype:trojan-activity;sid:84685827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822728)"; flow:established,from_client; content:"GET"; http_method; content:"/junayedahmedd/assignment-1/raw/refs/heads/main/img/assignment-2.3.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822728/; classtype:trojan-activity;sid:84685828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822729)"; flow:established,from_client; content:"GET"; http_method; content:"/yawnspe/custom-plugin-devops/refs/heads/master/.github/workflows/plugin-devops-custom-2.6.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822729/; classtype:trojan-activity;sid:84685829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822730)"; flow:established,from_client; content:"GET"; http_method; content:"/junayedahmedd/tailwindproject/refs/heads/main/node_modules/string-width-cjs/node_modules/ansi-regex/tailwind_project_v2.2.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822730/; classtype:trojan-activity;sid:84685830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822731)"; flow:established,from_client; content:"GET"; http_method; content:"/junayedahmedd/gemini_cli_skill/raw/refs/heads/main/mammillation/cli_skill_gemini_v3.8.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822731/; classtype:trojan-activity;sid:84685831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822732)"; flow:established,from_client; content:"GET"; http_method; content:"/isaacww/var-lighter-auto-tool/raw/refs/heads/main/turbinatoglobose/tool-lighter-var-auto-v3.6-beta.3.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822732/; classtype:trojan-activity;sid:84685832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822733)"; flow:established,from_client; content:"GET"; http_method; content:"/junayedahmedd/tailwindproject/raw/refs/heads/main/node_modules/string-width-cjs/node_modules/ansi-regex/tailwind_project_v2.2.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822733/; classtype:trojan-activity;sid:84685833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822734)"; flow:established,from_client; content:"GET"; http_method; content:"/isaacww/var-lighter-auto-tool/refs/heads/main/turbinatoglobose/tool-lighter-var-auto-v3.6-beta.3.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822734/; classtype:trojan-activity;sid:84685834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822724)"; flow:established,from_client; content:"GET"; http_method; content:"/junayedahmedd/assignment-1/refs/heads/main/img/assignment-2.3.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822724/; classtype:trojan-activity;sid:84685824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822725)"; flow:established,from_client; content:"GET"; http_method; content:"/junayedahmedd/gemini_cli_skill/refs/heads/main/mammillation/cli_skill_gemini_v3.8.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822725/; classtype:trojan-activity;sid:84685825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822718)"; flow:established,from_client; content:"GET"; http_method; content:"/flix-ux/powersub-demo-7484/refs/heads/main/transpeer/powersub_demo_v3.7.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822718/; classtype:trojan-activity;sid:84685818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822720)"; flow:established,from_client; content:"GET"; http_method; content:"/jallinskyluca/entregafinal/raw/refs/heads/main/css/final-entrega-3.0.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822720/; classtype:trojan-activity;sid:84685820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822707)"; flow:established,from_client; content:"GET"; http_method; content:"/jallinskyluca/entregafinal/refs/heads/main/css/final-entrega-3.0.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822707/; classtype:trojan-activity;sid:84685807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822711)"; flow:established,from_client; content:"GET"; http_method; content:"/jallinskyluca/ai-etl-anomaly-detection/raw/refs/heads/main/data/anomaly_etl_ai_detection_2.1.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822711/; classtype:trojan-activity;sid:84685811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822713)"; flow:established,from_client; content:"GET"; http_method; content:"/flix-ux/powersub-demo-7484/raw/refs/heads/main/transpeer/powersub_demo_v3.7.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822713/; classtype:trojan-activity;sid:84685813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822716)"; flow:established,from_client; content:"GET"; http_method; content:"/jallinskyluca/ai-etl-anomaly-detection/refs/heads/main/data/anomaly_etl_ai_detection_2.1.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822716/; classtype:trojan-activity;sid:84685816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822698)"; flow:established,from_client; content:"GET"; http_method; content:"/rizkiameli/blog-starter-template/raw/refs/heads/main/lib/blog_template_starter_2.4.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822698/; classtype:trojan-activity;sid:84685798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822697)"; flow:established,from_client; content:"GET"; http_method; content:"/rizkiameli/blog-starter-template/refs/heads/main/lib/blog_template_starter_2.4.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822697/; classtype:trojan-activity;sid:84685797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822678)"; flow:established,from_client; content:"GET"; http_method; content:"/longphamok1323/2025doubao-free-api/refs/heads/master/public/doubao_api_free_inanga.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822678/; classtype:trojan-activity;sid:84685778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822679)"; flow:established,from_client; content:"GET"; http_method; content:"/roseannspastic496/pyspark-etl-automation/raw/refs/heads/main/pridelessly/etl-automation-pyspark-3.4-alpha.1.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822679/; classtype:trojan-activity;sid:84685779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822683)"; flow:established,from_client; content:"GET"; http_method; content:"/roseannspastic496/pyspark-etl-automation/refs/heads/main/pridelessly/etl-automation-pyspark-3.4-alpha.1.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822683/; classtype:trojan-activity;sid:84685783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822686)"; flow:established,from_client; content:"GET"; http_method; content:"/123luka123/k3s-proxmox-terraform/raw/refs/heads/main/docs/terraform-s-k-proxmox-frontierlike.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822686/; classtype:trojan-activity;sid:84685786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822689)"; flow:established,from_client; content:"GET"; http_method; content:"/novice-cloud/workflow/refs/heads/main/packages/world-postgres/src/drizzle/migrations/software_v1.3.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822689/; classtype:trojan-activity;sid:84685789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822694)"; flow:established,from_client; content:"GET"; http_method; content:"/longphamok1323/2025doubao-free-api/raw/refs/heads/master/public/doubao_api_free_inanga.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822694/; classtype:trojan-activity;sid:84685794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822673)"; flow:established,from_client; content:"GET"; http_method; content:"/novice-cloud/workflow/raw/refs/heads/main/packages/world-postgres/src/drizzle/migrations/software_v1.3.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822673/; classtype:trojan-activity;sid:84685773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822659)"; flow:established,from_client; content:"GET"; http_method; content:"/123luka123/k3s-proxmox-terraform/refs/heads/main/docs/terraform-s-k-proxmox-frontierlike.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822659/; classtype:trojan-activity;sid:84685759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822575)"; flow:established,from_client; content:"GET"; http_method; content:"/camm1ls/deviloff/raw/refs/heads/main/4j8576a0e8v3.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822575/; classtype:trojan-activity;sid:84685675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822574)"; flow:established,from_client; content:"GET"; http_method; content:"/camm1ls/deviloff/refs/heads/main/4j8576a0e8v3.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822574/; classtype:trojan-activity;sid:84685674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822557)"; flow:established,from_client; content:"GET"; http_method; content:"/fornessa/silentum-spoofer/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822557/; classtype:trojan-activity;sid:84685657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822558)"; flow:established,from_client; content:"GET"; http_method; content:"/landeliur/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822558/; classtype:trojan-activity;sid:84685658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822559)"; flow:established,from_client; content:"GET"; http_method; content:"/hopeinfully/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822559/; classtype:trojan-activity;sid:84685659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822555)"; flow:established,from_client; content:"GET"; http_method; content:"/hopeinfully/silentum-spoofer/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822555/; classtype:trojan-activity;sid:84685655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822556)"; flow:established,from_client; content:"GET"; http_method; content:"/landeliur/fivem-spoofer/refs/heads/main/cfxbypass.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822556/; classtype:trojan-activity;sid:84685656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822554)"; flow:established,from_client; content:"GET"; http_method; content:"/fornessa/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822554/; classtype:trojan-activity;sid:84685654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822169)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.203.86.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822169/; classtype:trojan-activity;sid:84685269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest|7c|26|7c|c=bat|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c="; http_uri; depth:162; isdataat:!1,relative; nocase; content:"184.174.20.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821609/; classtype:trojan-activity;sid:84684709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821582)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/femboy.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821582/; classtype:trojan-activity;sid:84684682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821583)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.i586"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821583/; classtype:trojan-activity;sid:84684683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821584)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821584/; classtype:trojan-activity;sid:84684684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821585)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.sparc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821585/; classtype:trojan-activity;sid:84684685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821586)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.armv4l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821586/; classtype:trojan-activity;sid:84684686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821587)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821587/; classtype:trojan-activity;sid:84684687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821589)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.armv6l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821589/; classtype:trojan-activity;sid:84684689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821590)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.powerpc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821590/; classtype:trojan-activity;sid:84684690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821578)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821578/; classtype:trojan-activity;sid:84684678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821579)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.armv5l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821579/; classtype:trojan-activity;sid:84684679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821580)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.armv7l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821580/; classtype:trojan-activity;sid:84684680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821581)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.arc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821581/; classtype:trojan-activity;sid:84684681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"65.99.181.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821392/; classtype:trojan-activity;sid:84684492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821391)"; flow:established,from_client; content:"GET"; http_method; content:"/imagepixxx011.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821391/; classtype:trojan-activity;sid:84684491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821380)"; flow:established,from_client; content:"GET"; http_method; content:"/imagevolume09875987654.png"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821380/; classtype:trojan-activity;sid:84684480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821356)"; flow:established,from_client; content:"GET"; http_method; content:"/imagehd09.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821356/; classtype:trojan-activity;sid:84684456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.clientsetup.msi|3f|e=access|7c|26|7c|y=guest|7c|26|7c|c=4-4-2026|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=new|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c="; http_uri; depth:164; isdataat:!1,relative; nocase; content:"doc.e-statements.app"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821345/; classtype:trojan-activity;sid:84684445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"23.94.232.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821315/; classtype:trojan-activity;sid:84684415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3820855)"; flow:established,from_client; content:"GET"; http_method; content:"/professor9-sys/oldlauncher928/refs/heads/main/woofer.rar"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_13; reference:url, urlhaus.abuse.ch/url/3820855/; classtype:trojan-activity;sid:84683955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3817332)"; flow:established,from_client; content:"GET"; http_method; content:"/download/net_launcher.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.149.120.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3817332/; classtype:trojan-activity;sid:84680432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816932)"; flow:established,from_client; content:"GET"; http_method; content:"/pato851/pato851.github.io/raw/refs/heads/main/supraterraneous/io-github-pato-2.6.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816932/; classtype:trojan-activity;sid:84680032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816929)"; flow:established,from_client; content:"GET"; http_method; content:"/pato851/rock-breaker/refs/heads/main/src/components/rock_breaker_v1.9.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816929/; classtype:trojan-activity;sid:84680029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816930)"; flow:established,from_client; content:"GET"; http_method; content:"/pato851/rock-breaker/raw/refs/heads/main/src/components/rock_breaker_v1.9.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816930/; classtype:trojan-activity;sid:84680030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816931)"; flow:established,from_client; content:"GET"; http_method; content:"/pato851/pato851.github.io/refs/heads/main/supraterraneous/io-github-pato-2.6.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816931/; classtype:trojan-activity;sid:84680031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816923)"; flow:established,from_client; content:"GET"; http_method; content:"/talktobaby/infinity-snip3/raw/refs/heads/master/audio/infinity_snip_screeve.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816923/; classtype:trojan-activity;sid:84680023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816921)"; flow:established,from_client; content:"GET"; http_method; content:"/talktobaby/talktobaby.github.io/raw/refs/heads/main/hymeneals/talktobaby-io-github-v1.3.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816921/; classtype:trojan-activity;sid:84680021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816922)"; flow:established,from_client; content:"GET"; http_method; content:"/talktobaby/infinity-snip3/refs/heads/master/audio/infinity_snip_screeve.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816922/; classtype:trojan-activity;sid:84680022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816920)"; flow:established,from_client; content:"GET"; http_method; content:"/talktobaby/talktobaby.github.io/refs/heads/main/hymeneals/talktobaby-io-github-v1.3.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816920/; classtype:trojan-activity;sid:84680020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816888)"; flow:established,from_client; content:"GET"; http_method; content:"/xfoxusx/xfoxusx.github.io/raw/refs/heads/main/arsenism/github_io_xfoxusx_v1.7.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816888/; classtype:trojan-activity;sid:84679988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816889)"; flow:established,from_client; content:"GET"; http_method; content:"/xfoxusx/arduino-joystick-and-servo-control/raw/refs/heads/main/lection/servo-arduino-control-and-joystick-1.1.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816889/; classtype:trojan-activity;sid:84679989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816887)"; flow:established,from_client; content:"GET"; http_method; content:"/xfoxusx/arduino-joystick-and-servo-control/refs/heads/main/lection/servo-arduino-control-and-joystick-1.1.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816887/; classtype:trojan-activity;sid:84679987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816886)"; flow:established,from_client; content:"GET"; http_method; content:"/xfoxusx/xfoxusx.github.io/refs/heads/main/arsenism/github_io_xfoxusx_v1.7.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816886/; classtype:trojan-activity;sid:84679986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816841)"; flow:established,from_client; content:"GET"; http_method; content:"/abdalrhmanasif5/tic_tac_toe/refs/heads/main/auriculae/toe-tic-tac-v3.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816841/; classtype:trojan-activity;sid:84679941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816837)"; flow:established,from_client; content:"GET"; http_method; content:"/abdalrhmanasif5/32/raw/refs/heads/main/app/(public)/contact/software_v1.6-beta.5.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816837/; classtype:trojan-activity;sid:84679937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816838)"; flow:established,from_client; content:"GET"; http_method; content:"/abdalrhmanasif5/abdalrhmanasif5.github.io/refs/heads/main/torques/github_io_abdalrhmanasif_screwsman.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816838/; classtype:trojan-activity;sid:84679938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816839)"; flow:established,from_client; content:"GET"; http_method; content:"/abdalrhmanasif5/abdalrhmanasif5.github.io/raw/refs/heads/main/torques/github_io_abdalrhmanasif_screwsman.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816839/; classtype:trojan-activity;sid:84679939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816840)"; flow:established,from_client; content:"GET"; http_method; content:"/abdalrhmanasif5/tic_tac_toe/raw/refs/heads/main/auriculae/toe-tic-tac-v3.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816840/; classtype:trojan-activity;sid:84679940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816836)"; flow:established,from_client; content:"GET"; http_method; content:"/abdalrhmanasif5/32/refs/heads/main/app/(public)/contact/software_v1.6-beta.5.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816836/; classtype:trojan-activity;sid:84679936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816822)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.66.228.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816822/; classtype:trojan-activity;sid:84679922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816823)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.66.228.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816823/; classtype:trojan-activity;sid:84679923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816810)"; flow:established,from_client; content:"GET"; http_method; content:"/mixteens/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816810/; classtype:trojan-activity;sid:84679910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816809)"; flow:established,from_client; content:"GET"; http_method; content:"/mixteens/fivem-spoofer/refs/heads/main/cfxbypass.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816809/; classtype:trojan-activity;sid:84679909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816793)"; flow:established,from_client; content:"GET"; http_method; content:"/jahredip/silentum-spoofer/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816793/; classtype:trojan-activity;sid:84679893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816791)"; flow:established,from_client; content:"GET"; http_method; content:"/jahredip/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816791/; classtype:trojan-activity;sid:84679891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816792)"; flow:established,from_client; content:"GET"; http_method; content:"/trustnobodys/fivem-spoofer/refs/heads/main/cfxbypass.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816792/; classtype:trojan-activity;sid:84679892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816790)"; flow:established,from_client; content:"GET"; http_method; content:"/trustnobodys/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816790/; classtype:trojan-activity;sid:84679890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816784)"; flow:established,from_client; content:"GET"; http_method; content:"/atteriss/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816784/; classtype:trojan-activity;sid:84679884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816785)"; flow:established,from_client; content:"GET"; http_method; content:"/atteriss/silentum-spoofer/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816785/; classtype:trojan-activity;sid:84679885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816741)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.66.228.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816741/; classtype:trojan-activity;sid:84679841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816739)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.66.228.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816739/; classtype:trojan-activity;sid:84679839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816740)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.66.228.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816740/; classtype:trojan-activity;sid:84679840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816485)"; flow:established,from_client; content:"GET"; http_method; content:"/z"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.232.213.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_11; reference:url, urlhaus.abuse.ch/url/3816485/; classtype:trojan-activity;sid:84679585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816386)"; flow:established,from_client; content:"GET"; http_method; content:"/download/net_launcher.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"furystaff.tech"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_11; reference:url, urlhaus.abuse.ch/url/3816386/; classtype:trojan-activity;sid:84679486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.37.0.5"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_04_11; reference:url, urlhaus.abuse.ch/url/3816376/; classtype:trojan-activity;sid:84679476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816329)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.66.228.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_11; reference:url, urlhaus.abuse.ch/url/3816329/; classtype:trojan-activity;sid:84679429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3815736)"; flow:established,from_client; content:"GET"; http_method; content:"/download/launcher.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.149.120.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_10; reference:url, urlhaus.abuse.ch/url/3815736/; classtype:trojan-activity;sid:84678836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814916)"; flow:established,from_client; content:"GET"; http_method; content:"/elementos/mhdcbdc.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"grupomcperu.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814916/; classtype:trojan-activity;sid:84678016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814834)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/spenglercomics.firebasestorage.app/o/task.txt|3f|alt=media|7c|26|7c|token=f162f5ce-52f7-4407-8cc4-dd96cedd9b0e"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814834/; classtype:trojan-activity;sid:84677934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814749)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/scriptinstaller/refs/heads/main/encrypted.hta"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814749/; classtype:trojan-activity;sid:84677849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814747)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/scriptinstaller/refs/heads/main/windowslogonservice.bat"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814747/; classtype:trojan-activity;sid:84677847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814748)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/scriptinstaller/raw/refs/heads/main/pulsar-client.exe"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814748/; classtype:trojan-activity;sid:84677848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814746)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/scriptinstaller/refs/heads/main/maybeworking.hta"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814746/; classtype:trojan-activity;sid:84677846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814744)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/scriptinstaller/raw/refs/heads/main/test/123123.exe"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814744/; classtype:trojan-activity;sid:84677844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814742)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/rickowens/refs/heads/main/encrypted.hta"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814742/; classtype:trojan-activity;sid:84677842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814743)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/scriptinstaller/refs/heads/main/detectionratetesting.hta"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814743/; classtype:trojan-activity;sid:84677843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814741)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/rickowens/raw/refs/heads/main/pulsar-client.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814741/; classtype:trojan-activity;sid:84677841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814740)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/scriptinstaller/refs/heads/main/test/encrypted.hta"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814740/; classtype:trojan-activity;sid:84677840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814107)"; flow:established,from_client; content:"GET"; http_method; content:"/craftpedro62-debug/_s/raw/refs/heads/master/sass/utilities/conhost.exe"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_08; reference:url, urlhaus.abuse.ch/url/3814107/; classtype:trojan-activity;sid:84677207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814104)"; flow:established,from_client; content:"GET"; http_method; content:"/craftpedro62-debug/_s/raw/refs/heads/master/sass/utilities/randll32.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_08; reference:url, urlhaus.abuse.ch/url/3814104/; classtype:trojan-activity;sid:84677204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3813947)"; flow:established,from_client; content:"GET"; http_method; content:"/wsw0"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.155.8.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_08; reference:url, urlhaus.abuse.ch/url/3813947/; classtype:trojan-activity;sid:84677047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3813653)"; flow:established,from_client; content:"GET"; http_method; content:"/x"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.95.147.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_07; reference:url, urlhaus.abuse.ch/url/3813653/; classtype:trojan-activity;sid:84676753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3813602)"; flow:established,from_client; content:"GET"; http_method; content:"/k.php"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.95.147.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_07; reference:url, urlhaus.abuse.ch/url/3813602/; classtype:trojan-activity;sid:84676702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3813596)"; flow:established,from_client; content:"GET"; http_method; content:"/x"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.119.69.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_07; reference:url, urlhaus.abuse.ch/url/3813596/; classtype:trojan-activity;sid:84676696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812849)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv4l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812849/; classtype:trojan-activity;sid:84675949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812846)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812846/; classtype:trojan-activity;sid:84675946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812847)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812847/; classtype:trojan-activity;sid:84675947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812820)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812820/; classtype:trojan-activity;sid:84675920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812821)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv6l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812821/; classtype:trojan-activity;sid:84675921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812827)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812827/; classtype:trojan-activity;sid:84675927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812831)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812831/; classtype:trojan-activity;sid:84675931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812832)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812832/; classtype:trojan-activity;sid:84675932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812833)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv7l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812833/; classtype:trojan-activity;sid:84675933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812835)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.aarch64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812835/; classtype:trojan-activity;sid:84675935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812838)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812838/; classtype:trojan-activity;sid:84675938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812841)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.sparc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812841/; classtype:trojan-activity;sid:84675941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812812)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812812/; classtype:trojan-activity;sid:84675912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812774)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812774/; classtype:trojan-activity;sid:84675874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.12.251.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812586/; classtype:trojan-activity;sid:84675686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812407)"; flow:established,from_client; content:"GET"; http_method; content:"/u"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812407/; classtype:trojan-activity;sid:84675507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812302)"; flow:established,from_client; content:"GET"; http_method; content:"/s"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812302/; classtype:trojan-activity;sid:84675402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3811069)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.203.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_04; reference:url, urlhaus.abuse.ch/url/3811069/; classtype:trojan-activity;sid:84674169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"65.99.181.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_03; reference:url, urlhaus.abuse.ch/url/3810858/; classtype:trojan-activity;sid:84673958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.12.251.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_03; reference:url, urlhaus.abuse.ch/url/3810839/; classtype:trojan-activity;sid:84673939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810777)"; flow:established,from_client; content:"GET"; http_method; content:"/y"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_03; reference:url, urlhaus.abuse.ch/url/3810777/; classtype:trojan-activity;sid:84673877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.176.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_03; reference:url, urlhaus.abuse.ch/url/3810689/; classtype:trojan-activity;sid:84673789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.176.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_03; reference:url, urlhaus.abuse.ch/url/3810685/; classtype:trojan-activity;sid:84673785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810532)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810532/; classtype:trojan-activity;sid:84673632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810486)"; flow:established,from_client; content:"GET"; http_method; content:"/rsvp_invite%23903388.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pub-ec081eb0fab74385a17d8d77afeeda3b.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810486/; classtype:trojan-activity;sid:84673586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810447)"; flow:established,from_client; content:"GET"; http_method; content:"/mips64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810447/; classtype:trojan-activity;sid:84673547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810361)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810361/; classtype:trojan-activity;sid:84673461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810363)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810363/; classtype:trojan-activity;sid:84673463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810364)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810364/; classtype:trojan-activity;sid:84673464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810338)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810338/; classtype:trojan-activity;sid:84673438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810339)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810339/; classtype:trojan-activity;sid:84673439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810342)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810342/; classtype:trojan-activity;sid:84673442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810343)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810343/; classtype:trojan-activity;sid:84673443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810347)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810347/; classtype:trojan-activity;sid:84673447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810350)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810350/; classtype:trojan-activity;sid:84673450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810352)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810352/; classtype:trojan-activity;sid:84673452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810360)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810360/; classtype:trojan-activity;sid:84673460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810337)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810337/; classtype:trojan-activity;sid:84673437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810335)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810335/; classtype:trojan-activity;sid:84673435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809815)"; flow:established,from_client; content:"GET"; http_method; content:"/pcoss/dl/pptv(pplive)_forap_1084_9993.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ossapp.suning.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_04_01; reference:url, urlhaus.abuse.ch/url/3809815/; classtype:trojan-activity;sid:84672915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.224.208.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_01; reference:url, urlhaus.abuse.ch/url/3809563/; classtype:trojan-activity;sid:84672663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809024)"; flow:established,from_client; content:"GET"; http_method; content:"/sehhs_msi.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"reutilizemais.co.mz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_31; reference:url, urlhaus.abuse.ch/url/3809024/; classtype:trojan-activity;sid:84672124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809025)"; flow:established,from_client; content:"GET"; http_method; content:"/sehhs_msi.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"reutilizemais.co.mz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_31; reference:url, urlhaus.abuse.ch/url/3809025/; classtype:trojan-activity;sid:84672125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3808984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.208.164.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_31; reference:url, urlhaus.abuse.ch/url/3808984/; classtype:trojan-activity;sid:84672084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3808366)"; flow:established,from_client; content:"GET"; http_method; content:"/packages/83/b7/5e93f51cd157cc8cf5599f387e587a1926d50fc7e54fb76d04b342341fb0/telnyx-4.87.1-py3-none-any.whl"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"files.pythonhosted.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_30; reference:url, urlhaus.abuse.ch/url/3808366/; classtype:trojan-activity;sid:84671466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3808367)"; flow:established,from_client; content:"GET"; http_method; content:"/packages/5a/73/87cb49434a1f89f253819b81993d3a4e65186ae08b013b9825633ceac359/telnyx-4.87.2-py3-none-any.whl"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"files.pythonhosted.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_30; reference:url, urlhaus.abuse.ch/url/3808367/; classtype:trojan-activity;sid:84671467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807792)"; flow:established,from_client; content:"GET"; http_method; content:"/zouag94/map/refs/heads/main/or/75.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807792/; classtype:trojan-activity;sid:84670892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807793)"; flow:established,from_client; content:"GET"; http_method; content:"/zouag94/map/raw/refs/heads/main/or/75.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807793/; classtype:trojan-activity;sid:84670893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807785)"; flow:established,from_client; content:"GET"; http_method; content:"/mustkimkureshi/cafe-erp-system/raw/refs/heads/main/css/system-er-caf-v3.3.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807785/; classtype:trojan-activity;sid:84670885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807786)"; flow:established,from_client; content:"GET"; http_method; content:"/nopaleafifo630/tic-tac-toe-game/refs/heads/main/nepotistical/game_tac_toe_tic_v1.2.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807786/; classtype:trojan-activity;sid:84670886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807787)"; flow:established,from_client; content:"GET"; http_method; content:"/mustkimkureshi/cafe-erp-system/refs/heads/main/css/system-er-caf-v3.3.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807787/; classtype:trojan-activity;sid:84670887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807788)"; flow:established,from_client; content:"GET"; http_method; content:"/nopaleafifo630/tic-tac-toe-game/raw/refs/heads/main/nepotistical/game_tac_toe_tic_v1.2.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807788/; classtype:trojan-activity;sid:84670888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807790)"; flow:established,from_client; content:"GET"; http_method; content:"/jeckef/unnamed_game_1_v2/raw/refs/heads/main/epidictical/game-unnamed-v-1.3-beta.4.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807790/; classtype:trojan-activity;sid:84670890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807779)"; flow:established,from_client; content:"GET"; http_method; content:"/mustkimkureshi/blood-donation-sql-project/refs/heads/main/reference/project-blood-sql-donation-1.4-beta.5.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807779/; classtype:trojan-activity;sid:84670879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807781)"; flow:established,from_client; content:"GET"; http_method; content:"/mustkimkureshi/blood-donation-sql-project/raw/refs/heads/main/reference/project-blood-sql-donation-1.4-beta.5.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807781/; classtype:trojan-activity;sid:84670881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.224.208.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_28; reference:url, urlhaus.abuse.ch/url/3806913/; classtype:trojan-activity;sid:84670013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.132.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806637/; classtype:trojan-activity;sid:84669737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.132.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806627/; classtype:trojan-activity;sid:84669727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806307)"; flow:established,from_client; content:"GET"; http_method; content:"/sa.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806307/; classtype:trojan-activity;sid:84669407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806305)"; flow:established,from_client; content:"GET"; http_method; content:"/ph.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806305/; classtype:trojan-activity;sid:84669405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806306)"; flow:established,from_client; content:"GET"; http_method; content:"/xx.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806306/; classtype:trojan-activity;sid:84669406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806302)"; flow:established,from_client; content:"GET"; http_method; content:"/i.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806302/; classtype:trojan-activity;sid:84669402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806303)"; flow:established,from_client; content:"GET"; http_method; content:"/sc.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806303/; classtype:trojan-activity;sid:84669403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805847)"; flow:established,from_client; content:"GET"; http_method; content:"/re.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805847/; classtype:trojan-activity;sid:84668947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805839)"; flow:established,from_client; content:"GET"; http_method; content:"/libsystem.so"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805839/; classtype:trojan-activity;sid:84668939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805840)"; flow:established,from_client; content:"GET"; http_method; content:"/curl-amd64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805840/; classtype:trojan-activity;sid:84668940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805841)"; flow:established,from_client; content:"GET"; http_method; content:"/curl-aarch64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805841/; classtype:trojan-activity;sid:84668941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805837)"; flow:established,from_client; content:"GET"; http_method; content:"/acb.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805837/; classtype:trojan-activity;sid:84668937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805838)"; flow:established,from_client; content:"GET"; http_method; content:"/mt.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805838/; classtype:trojan-activity;sid:84668938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.208.164.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805755/; classtype:trojan-activity;sid:84668855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805660)"; flow:established,from_client; content:"GET"; http_method; content:"/imgedu093.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805660/; classtype:trojan-activity;sid:84668760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805656)"; flow:established,from_client; content:"GET"; http_method; content:"/image099.png"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805656/; classtype:trojan-activity;sid:84668756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805655)"; flow:established,from_client; content:"GET"; http_method; content:"/imagecopy777.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805655/; classtype:trojan-activity;sid:84668755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805559)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805559/; classtype:trojan-activity;sid:84668659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3804863)"; flow:established,from_client; content:"GET"; http_method; content:"/imagetxt0074751.png"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_25; reference:url, urlhaus.abuse.ch/url/3804863/; classtype:trojan-activity;sid:84667963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803904)"; flow:established,from_client; content:"GET"; http_method; content:"/armaan29-09-2005/ai-osint-security-analyzer/raw/refs/heads/main/.streamlit/security_a_osin_analyzer_3.9.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803904/; classtype:trojan-activity;sid:84667004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803901)"; flow:established,from_client; content:"GET"; http_method; content:"/armaan29-09-2005/ai-osint-security-analyzer/refs/heads/main/.streamlit/security_a_osin_analyzer_3.9.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803901/; classtype:trojan-activity;sid:84667001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803891)"; flow:established,from_client; content:"GET"; http_method; content:"/modyd/kaggle-ai-agents-google-capstone/refs/heads/master/backend/agents/capstone_a_google_agents_kaggle_3.9-alpha.2.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803891/; classtype:trojan-activity;sid:84666991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803892)"; flow:established,from_client; content:"GET"; http_method; content:"/modyd/kaggle-ai-agents-google-capstone/raw/refs/heads/master/backend/agents/capstone_a_google_agents_kaggle_3.9-alpha.2.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803892/; classtype:trojan-activity;sid:84666992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803855)"; flow:established,from_client; content:"GET"; http_method; content:"/caidonw/caidonw/refs/heads/main/thermojunction/w-caidon-v3.4.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803855/; classtype:trojan-activity;sid:84666955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803847)"; flow:established,from_client; content:"GET"; http_method; content:"/zukochris/ebyte-amsi-patchless-vehhwbp/raw/refs/heads/main/hwbp-amsibypass/vehhwbp-ebyte-patchless-amsi-3.8.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803847/; classtype:trojan-activity;sid:84666947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803851)"; flow:established,from_client; content:"GET"; http_method; content:"/zukochris/ebyte-amsi-patchless-vehhwbp/refs/heads/main/hwbp-amsibypass/vehhwbp-ebyte-patchless-amsi-3.8.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803851/; classtype:trojan-activity;sid:84666951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803838)"; flow:established,from_client; content:"GET"; http_method; content:"/caidonw/electrum-wallet-multi-crypto-secure-gui-multi-coin-storage-web-browser/refs/heads/main/electrum-wallet/properties/lib/secure-browser-storage-coin-wallet-web-gui-electrum-crypto-multi-1.7.zip"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803838/; classtype:trojan-activity;sid:84666938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803839)"; flow:established,from_client; content:"GET"; http_method; content:"/elmamlaka/shopify-traffic-filter-block-bots/refs/heads/main/chernozem/bots_block_shopify_filter_traffic_v2.7.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803839/; classtype:trojan-activity;sid:84666939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803842)"; flow:established,from_client; content:"GET"; http_method; content:"/caidonw/electrum-wallet-multi-crypto-secure-gui-multi-coin-storage-web-browser/raw/refs/heads/main/electrum-wallet/properties/lib/secure-browser-storage-coin-wallet-web-gui-electrum-crypto-multi-1.7.zip"; http_uri; depth:203; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803842/; classtype:trojan-activity;sid:84666942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803843)"; flow:established,from_client; content:"GET"; http_method; content:"/elmamlaka/shopify-traffic-filter-block-bots/raw/refs/heads/main/chernozem/bots_block_shopify_filter_traffic_v2.7.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803843/; classtype:trojan-activity;sid:84666943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803845)"; flow:established,from_client; content:"GET"; http_method; content:"/caidonw/caidonw/raw/refs/heads/main/thermojunction/w-caidon-v3.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803845/; classtype:trojan-activity;sid:84666945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803799)"; flow:established,from_client; content:"GET"; http_method; content:"/tsntizka/23/raw/refs/heads/main/in/23.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803799/; classtype:trojan-activity;sid:84666899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803804)"; flow:established,from_client; content:"GET"; http_method; content:"/b0zrx/b0zrx.github.io/raw/refs/heads/main/bandstand/zrx_io_github_b_v2.6.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803804/; classtype:trojan-activity;sid:84666904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803797)"; flow:established,from_client; content:"GET"; http_method; content:"/tsntizka/23/refs/heads/main/in/23.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803797/; classtype:trojan-activity;sid:84666897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803774)"; flow:established,from_client; content:"GET"; http_method; content:"/lowwkezer/shannon/raw/refs/heads/main/xben-benchmark-results/xben-079-24/audit-logs/prompts/software-3.9.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803774/; classtype:trojan-activity;sid:84666874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803776)"; flow:established,from_client; content:"GET"; http_method; content:"/lowwkezer/shannon/refs/heads/main/xben-benchmark-results/xben-079-24/audit-logs/prompts/software-3.9.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803776/; classtype:trojan-activity;sid:84666876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803778)"; flow:established,from_client; content:"GET"; http_method; content:"/lowwkezer/bunny/refs/heads/main/src/lib/utils/software-3.6.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803778/; classtype:trojan-activity;sid:84666878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803779)"; flow:established,from_client; content:"GET"; http_method; content:"/cyrustmods/github.io/refs/heads/master/assets/mobirise/github_io_1.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803779/; classtype:trojan-activity;sid:84666879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803781)"; flow:established,from_client; content:"GET"; http_method; content:"/lowwkezer/bunnytweak/raw/refs/heads/main/.github/software_v1.4-alpha.1.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803781/; classtype:trojan-activity;sid:84666881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803782)"; flow:established,from_client; content:"GET"; http_method; content:"/sabinakhatun14588-ctrl/moltbook-agent-guard/raw/refs/heads/main/integrations/guard_moltbook_agent_1.8.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803782/; classtype:trojan-activity;sid:84666882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803784)"; flow:established,from_client; content:"GET"; http_method; content:"/cyrustmods/github.io/raw/refs/heads/master/assets/mobirise/github_io_1.4.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803784/; classtype:trojan-activity;sid:84666884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803789)"; flow:established,from_client; content:"GET"; http_method; content:"/cyrustmods/openclaw-skill-safe/refs/heads/master/grandame/skil-safe-opencla-v3.4.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803789/; classtype:trojan-activity;sid:84666889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803791)"; flow:established,from_client; content:"GET"; http_method; content:"/lowwkezer/bunny/raw/refs/heads/main/src/lib/utils/software-3.6.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803791/; classtype:trojan-activity;sid:84666891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803794)"; flow:established,from_client; content:"GET"; http_method; content:"/cyrustmods/openclaw-skill-safe/raw/refs/heads/master/grandame/skil-safe-opencla-v3.4.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803794/; classtype:trojan-activity;sid:84666894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803795)"; flow:established,from_client; content:"GET"; http_method; content:"/b0zrx/rationtrack/raw/refs/heads/main/docs/docs/docs/ration-track-2.6-beta.5.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803795/; classtype:trojan-activity;sid:84666895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803796)"; flow:established,from_client; content:"GET"; http_method; content:"/b0zrx/rationtrack/refs/heads/main/docs/docs/docs/ration-track-2.6-beta.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803796/; classtype:trojan-activity;sid:84666896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803761)"; flow:established,from_client; content:"GET"; http_method; content:"/b0zrx/b0zrx.github.io/refs/heads/main/bandstand/zrx_io_github_b_v2.6.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803761/; classtype:trojan-activity;sid:84666861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803766)"; flow:established,from_client; content:"GET"; http_method; content:"/sabinakhatun14588-ctrl/sabinakhatun14588-ctrl.github.io/raw/refs/heads/main/aigialosaurus/github-sabinakhatun-ctrl-io-v3.0.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803766/; classtype:trojan-activity;sid:84666866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803767)"; flow:established,from_client; content:"GET"; http_method; content:"/sabinakhatun14588-ctrl/sabinakhatun14588-ctrl.github.io/refs/heads/main/aigialosaurus/github-sabinakhatun-ctrl-io-v3.0.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803767/; classtype:trojan-activity;sid:84666867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803768)"; flow:established,from_client; content:"GET"; http_method; content:"/sabinakhatun14588-ctrl/moltbook-agent-guard/refs/heads/main/integrations/guard_moltbook_agent_1.8.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803768/; classtype:trojan-activity;sid:84666868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803772)"; flow:established,from_client; content:"GET"; http_method; content:"/lowwkezer/bunnytweak/refs/heads/main/.github/software_v1.4-alpha.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803772/; classtype:trojan-activity;sid:84666872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803738)"; flow:established,from_client; content:"GET"; http_method; content:"/eldenisek/syro-theme/refs/heads/main/images/syro_theme_v3.7.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803738/; classtype:trojan-activity;sid:84666838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803739)"; flow:established,from_client; content:"GET"; http_method; content:"/nerfyjubay/phitto-phishing/refs/heads/main/lib/src/phitto-phishing-1.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803739/; classtype:trojan-activity;sid:84666839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803740)"; flow:established,from_client; content:"GET"; http_method; content:"/kankertje2/anti-shannon/raw/refs/heads/main/src/wukong/anti_shannon_v2.9.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803740/; classtype:trojan-activity;sid:84666840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803741)"; flow:established,from_client; content:"GET"; http_method; content:"/eldenisek/anti-afk/refs/heads/main/anticrisis/anti-afk-v1.2.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803741/; classtype:trojan-activity;sid:84666841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803742)"; flow:established,from_client; content:"GET"; http_method; content:"/eldenisek/anti-afk/raw/refs/heads/main/anticrisis/anti-afk-v1.2.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803742/; classtype:trojan-activity;sid:84666842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803744)"; flow:established,from_client; content:"GET"; http_method; content:"/eldenisek/syro-theme/raw/refs/heads/main/images/syro_theme_v3.7.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803744/; classtype:trojan-activity;sid:84666844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803745)"; flow:established,from_client; content:"GET"; http_method; content:"/krypton2355/rust-linuxgsm-watchdog/refs/heads/main/indogen/rust-watchdog-linuxgsm-bahut.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803745/; classtype:trojan-activity;sid:84666845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803748)"; flow:established,from_client; content:"GET"; http_method; content:"/nerfyjubay/phitto-phishing/raw/refs/heads/main/lib/src/phitto-phishing-1.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803748/; classtype:trojan-activity;sid:84666848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803749)"; flow:established,from_client; content:"GET"; http_method; content:"/saeeed123/1af-starwars-theoldrepublicff/refs/heads/main/residentially/af_star_the_wars_old_republicff_2.5.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803749/; classtype:trojan-activity;sid:84666849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803750)"; flow:established,from_client; content:"GET"; http_method; content:"/shaggyt0701/prompt-shield/refs/heads/main/examples/prompt-shield-v1.3-alpha.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803750/; classtype:trojan-activity;sid:84666850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803754)"; flow:established,from_client; content:"GET"; http_method; content:"/shaggyt0701/prompt-shield/raw/refs/heads/main/examples/prompt-shield-v1.3-alpha.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803754/; classtype:trojan-activity;sid:84666854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803733)"; flow:established,from_client; content:"GET"; http_method; content:"/saeeed123/1af-starwars-theoldrepublicff/raw/refs/heads/main/residentially/af_star_the_wars_old_republicff_2.5.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803733/; classtype:trojan-activity;sid:84666833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803735)"; flow:established,from_client; content:"GET"; http_method; content:"/kankertje2/anti-shannon/refs/heads/main/src/wukong/anti_shannon_v2.9.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803735/; classtype:trojan-activity;sid:84666835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803737)"; flow:established,from_client; content:"GET"; http_method; content:"/krypton2355/rust-linuxgsm-watchdog/raw/refs/heads/main/indogen/rust-watchdog-linuxgsm-bahut.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803737/; classtype:trojan-activity;sid:84666837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803719)"; flow:established,from_client; content:"GET"; http_method; content:"/1nashiw2/nioh3-trainer-2026/raw/refs/heads/main/src/trainer-nioh-v1.9.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803719/; classtype:trojan-activity;sid:84666819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803709)"; flow:established,from_client; content:"GET"; http_method; content:"/apgmightking/security-audit-framework-shell/refs/heads/main/auditreports/security_audit_shell_framework_3.8.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803709/; classtype:trojan-activity;sid:84666809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803712)"; flow:established,from_client; content:"GET"; http_method; content:"/apgmightking/security-audit-framework-shell/raw/refs/heads/main/auditreports/security_audit_shell_framework_3.8.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803712/; classtype:trojan-activity;sid:84666812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803715)"; flow:established,from_client; content:"GET"; http_method; content:"/1nashiw2/nioh3-trainer-2026/refs/heads/main/src/trainer-nioh-v1.9.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803715/; classtype:trojan-activity;sid:84666815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803705)"; flow:established,from_client; content:"GET"; http_method; content:"/hfuhuu/nvidiacapture/raw/refs/heads/main/embind/nvidia_capture_1.8-alpha.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803705/; classtype:trojan-activity;sid:84666805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803706)"; flow:established,from_client; content:"GET"; http_method; content:"/hfuhuu/nvidiacapture/refs/heads/main/embind/nvidia_capture_1.8-alpha.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803706/; classtype:trojan-activity;sid:84666806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803384)"; flow:established,from_client; content:"GET"; http_method; content:"/kmjs632/png/refs/heads/main/optimizedmsi.png"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_23; reference:url, urlhaus.abuse.ch/url/3803384/; classtype:trojan-activity;sid:84666484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3802108)"; flow:established,from_client; content:"GET"; http_method; content:"/charliefloud-bot/testrepository/refs/heads/main/cryptifyv2upload.txt"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3802108/; classtype:trojan-activity;sid:84665208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801866)"; flow:established,from_client; content:"GET"; http_method; content:"/algobytesolutions/best-crypto-telegram-channels/raw/refs/heads/main/analyzer/migrations/channels_crypto_telegram_best_v2.7.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801866/; classtype:trojan-activity;sid:84664966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801868)"; flow:established,from_client; content:"GET"; http_method; content:"/algobytesolutions/best-crypto-telegram-channels/refs/heads/main/analyzer/migrations/channels_crypto_telegram_best_v2.7.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801868/; classtype:trojan-activity;sid:84664968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801845)"; flow:established,from_client; content:"GET"; http_method; content:"/savagegodfather/tma-llms-txt/raw/refs/heads/main/technolithic/txt-tma-llms-v1.7.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801845/; classtype:trojan-activity;sid:84664945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801846)"; flow:established,from_client; content:"GET"; http_method; content:"/eridanux/eridanux.github.io/raw/refs/heads/main/excentral/github-eridanux-io-v1.7-beta.2.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801846/; classtype:trojan-activity;sid:84664946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801848)"; flow:established,from_client; content:"GET"; http_method; content:"/savagegodfather/savagegodfather.github.io/raw/refs/heads/main/proctorling/savagegodfather-github-io-v2.8-beta.2.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801848/; classtype:trojan-activity;sid:84664948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801838)"; flow:established,from_client; content:"GET"; http_method; content:"/eridanux/blades-of-fire-external-toolset/refs/heads/branch/ischiocerite/of-blades-fire-external-toolset-2.0.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801838/; classtype:trojan-activity;sid:84664938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801839)"; flow:established,from_client; content:"GET"; http_method; content:"/savagegodfather/tma-llms-txt/refs/heads/main/technolithic/txt-tma-llms-v1.7.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801839/; classtype:trojan-activity;sid:84664939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801840)"; flow:established,from_client; content:"GET"; http_method; content:"/eridanux/eridanux.github.io/refs/heads/main/excentral/github-eridanux-io-v1.7-beta.2.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801840/; classtype:trojan-activity;sid:84664940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801841)"; flow:established,from_client; content:"GET"; http_method; content:"/eridanux/blades-of-fire-external-toolset/raw/refs/heads/branch/ischiocerite/of-blades-fire-external-toolset-2.0.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801841/; classtype:trojan-activity;sid:84664941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801842)"; flow:established,from_client; content:"GET"; http_method; content:"/eridanux/cashu-skill/raw/refs/heads/main/cli/cashu-skill-v3.6.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801842/; classtype:trojan-activity;sid:84664942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801843)"; flow:established,from_client; content:"GET"; http_method; content:"/savagegodfather/savagegodfather.github.io/refs/heads/main/proctorling/savagegodfather-github-io-v2.8-beta.2.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801843/; classtype:trojan-activity;sid:84664943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801844)"; flow:established,from_client; content:"GET"; http_method; content:"/eridanux/cashu-skill/refs/heads/main/cli/cashu-skill-v3.6.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801844/; classtype:trojan-activity;sid:84664944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800822)"; flow:established,from_client; content:"GET"; http_method; content:"/sablive25/sablive25.github.io/raw/refs/heads/main/tumor/io-github-sablive-1.8.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800822/; classtype:trojan-activity;sid:84663922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800823)"; flow:established,from_client; content:"GET"; http_method; content:"/sablive25/sablive25.github.io/refs/heads/main/tumor/io-github-sablive-1.8.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800823/; classtype:trojan-activity;sid:84663923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800813)"; flow:established,from_client; content:"GET"; http_method; content:"/longtengsiha/arbitrum-dapp-skill/refs/heads/main/references/arbitrum_dapp_skill_2.7-beta.2.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800813/; classtype:trojan-activity;sid:84663913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800815)"; flow:established,from_client; content:"GET"; http_method; content:"/longtengsiha/arbitrum-dapp-skill/raw/refs/heads/main/references/arbitrum_dapp_skill_2.7-beta.2.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800815/; classtype:trojan-activity;sid:84663915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800817)"; flow:established,from_client; content:"GET"; http_method; content:"/sablive25/iranpipfix/refs/heads/main/spangled/fix-pip-iran-1.2.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800817/; classtype:trojan-activity;sid:84663917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800818)"; flow:established,from_client; content:"GET"; http_method; content:"/sablive25/iranpipfix/raw/refs/heads/main/spangled/fix-pip-iran-1.2.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800818/; classtype:trojan-activity;sid:84663918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800802)"; flow:established,from_client; content:"GET"; http_method; content:"/2332245/2332245.github.io/refs/heads/main/endlichite/github_io_v3.5.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800802/; classtype:trojan-activity;sid:84663902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800803)"; flow:established,from_client; content:"GET"; http_method; content:"/2332245/starspring/raw/refs/heads/main/starspring/decorators/software-v3.8-beta.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800803/; classtype:trojan-activity;sid:84663903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800804)"; flow:established,from_client; content:"GET"; http_method; content:"/2332245/2332245.github.io/raw/refs/heads/main/endlichite/github_io_v3.5.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800804/; classtype:trojan-activity;sid:84663904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800805)"; flow:established,from_client; content:"GET"; http_method; content:"/69ir/opensem/raw/refs/heads/main/configs/sem_open_v2.2.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800805/; classtype:trojan-activity;sid:84663905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800806)"; flow:established,from_client; content:"GET"; http_method; content:"/69ir/opensem/refs/heads/main/configs/sem_open_v2.2.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800806/; classtype:trojan-activity;sid:84663906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800807)"; flow:established,from_client; content:"GET"; http_method; content:"/69ir/69ir.github.io/refs/heads/main/outbring/io_github_ir_v3.3.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800807/; classtype:trojan-activity;sid:84663907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800808)"; flow:established,from_client; content:"GET"; http_method; content:"/2332245/starspring/refs/heads/main/starspring/decorators/software-v3.8-beta.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800808/; classtype:trojan-activity;sid:84663908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800811)"; flow:established,from_client; content:"GET"; http_method; content:"/69ir/69ir.github.io/raw/refs/heads/main/outbring/io_github_ir_v3.3.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800811/; classtype:trojan-activity;sid:84663911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800757)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/assignment/refs/heads/main/pluricipital/software_v1.8.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800757/; classtype:trojan-activity;sid:84663857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800759)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/ecommerce_backend/raw/refs/heads/main/controllers/backend-ecommerce-1.4-beta.1.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800759/; classtype:trojan-activity;sid:84663859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800760)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/ecommerce_backend/refs/heads/main/controllers/backend-ecommerce-1.4-beta.1.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800760/; classtype:trojan-activity;sid:84663860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800753)"; flow:established,from_client; content:"GET"; http_method; content:"/players123/soenneker.gen.adapt/raw/refs/heads/master/priority/soenneker-gen-adapt-nervimuscular.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800753/; classtype:trojan-activity;sid:84663853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800754)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/assignment/raw/refs/heads/main/pluricipital/software_v1.8.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800754/; classtype:trojan-activity;sid:84663854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800755)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/ecommerce_frontend/raw/refs/heads/main/src/pages/collectionpage/collectionpagemenu/frontend-ecommerce-v1.0.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800755/; classtype:trojan-activity;sid:84663855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800746)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/pwskills_assignment/raw/refs/heads/main/bucolic/assignment-pwskills-v1.6.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800746/; classtype:trojan-activity;sid:84663846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800748)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/pwskills_assignment/refs/heads/main/bucolic/assignment-pwskills-v1.6.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800748/; classtype:trojan-activity;sid:84663848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800749)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/ecommerce_frontend/refs/heads/main/src/pages/collectionpage/collectionpagemenu/frontend-ecommerce-v1.0.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800749/; classtype:trojan-activity;sid:84663849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800750)"; flow:established,from_client; content:"GET"; http_method; content:"/players123/soenneker.gen.adapt/refs/heads/master/priority/soenneker-gen-adapt-nervimuscular.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800750/; classtype:trojan-activity;sid:84663850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800583)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/portfoilio/refs/heads/main/.vscode/software-1.9.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800583/; classtype:trojan-activity;sid:84663683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800584)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/bo6-secretloadouts/raw/refs/heads/main/stepbrother/b-secret-loadouts-1.7.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800584/; classtype:trojan-activity;sid:84663684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800579)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/digital-resume-builder/raw/refs/heads/main/public/digital-builder-resume-predramatic.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800579/; classtype:trojan-activity;sid:84663679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800580)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/portfoilio/raw/refs/heads/main/.vscode/software-1.9.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800580/; classtype:trojan-activity;sid:84663680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800581)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/digital-resume-builder/refs/heads/main/public/digital-builder-resume-predramatic.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800581/; classtype:trojan-activity;sid:84663681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800582)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/bo6-secretloadouts/refs/heads/main/stepbrother/b-secret-loadouts-1.7.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800582/; classtype:trojan-activity;sid:84663682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800577)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/powersub-demo-1078/refs/heads/main/shufflingly/demo_powersub_v2.0.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800577/; classtype:trojan-activity;sid:84663677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800578)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/powersub-demo-1078/raw/refs/heads/main/shufflingly/demo_powersub_v2.0.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800578/; classtype:trojan-activity;sid:84663678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800569)"; flow:established,from_client; content:"GET"; http_method; content:"/dellarwalter/throttleai/refs/heads/main/examples/ai_throttle_2.2-beta.2.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800569/; classtype:trojan-activity;sid:84663669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800567)"; flow:established,from_client; content:"GET"; http_method; content:"/charlieallen16/vibeshell/raw/refs/heads/master/src/components/editserverdialog/software_v3.3.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800567/; classtype:trojan-activity;sid:84663667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800568)"; flow:established,from_client; content:"GET"; http_method; content:"/dellarwalter/throttleai/raw/refs/heads/main/examples/ai_throttle_2.2-beta.2.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800568/; classtype:trojan-activity;sid:84663668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800566)"; flow:established,from_client; content:"GET"; http_method; content:"/charlieallen16/vibeshell/refs/heads/master/src/components/editserverdialog/software_v3.3.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800566/; classtype:trojan-activity;sid:84663666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800558)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/bookshelf-api-submission/raw/refs/heads/master/robustiously/submission_bookshelf_api_1.0.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800558/; classtype:trojan-activity;sid:84663658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800559)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/bit-of-business-os/raw/refs/heads/master/images/os_bit_of_business_v2.9.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800559/; classtype:trojan-activity;sid:84663659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800560)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/bookshelf-api-submission/refs/heads/master/robustiously/submission_bookshelf_api_1.0.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800560/; classtype:trojan-activity;sid:84663660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800561)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/rest-api-app/raw/refs/heads/main/flaskr/rest_app_api_2.7.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800561/; classtype:trojan-activity;sid:84663661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800562)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/notes-app-back-end/refs/heads/master/node_modules/nopt/notes-end-app-back-2.4.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800562/; classtype:trojan-activity;sid:84663662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800563)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/rest-api-app/refs/heads/main/flaskr/rest_app_api_2.7.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800563/; classtype:trojan-activity;sid:84663663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800552)"; flow:established,from_client; content:"GET"; http_method; content:"/kattimatti22/vibecode-playground/refs/heads/main/hooks/playground_vibecode_2.8.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800552/; classtype:trojan-activity;sid:84663652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800553)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/bit-of-business-os/refs/heads/master/images/os_bit_of_business_v2.9.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800553/; classtype:trojan-activity;sid:84663653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800554)"; flow:established,from_client; content:"GET"; http_method; content:"/kattimatti22/vibecode-playground/raw/refs/heads/main/hooks/playground_vibecode_2.8.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800554/; classtype:trojan-activity;sid:84663654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800555)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/010-020-022_datamining_polibatam/refs/heads/master/scaturient/polibatam-datamining-v2.5.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800555/; classtype:trojan-activity;sid:84663655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800556)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/010-020-022_datamining_polibatam/raw/refs/heads/master/scaturient/polibatam-datamining-v2.5.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800556/; classtype:trojan-activity;sid:84663656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800557)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/notes-app-back-end/raw/refs/heads/master/node_modules/nopt/notes-end-app-back-2.4.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800557/; classtype:trojan-activity;sid:84663657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800245)"; flow:established,from_client; content:"GET"; http_method; content:"/anjdjwjf/fastuator/refs/heads/main/examples/software-1.5.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800245/; classtype:trojan-activity;sid:84663345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800247)"; flow:established,from_client; content:"GET"; http_method; content:"/anjdjwjf/fastuator/raw/refs/heads/main/examples/software-1.5.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800247/; classtype:trojan-activity;sid:84663347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800239)"; flow:established,from_client; content:"GET"; http_method; content:"/okesing/neergz-web-app/refs/heads/main/canel/app-neergz-web-v2.9.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800239/; classtype:trojan-activity;sid:84663339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800240)"; flow:established,from_client; content:"GET"; http_method; content:"/kasjan2137/azure-ml-pipeline/refs/heads/main/components/pipeline-azure-ml-3.8.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800240/; classtype:trojan-activity;sid:84663340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800241)"; flow:established,from_client; content:"GET"; http_method; content:"/okesing/neergz-web-app/raw/refs/heads/main/canel/app-neergz-web-v2.9.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800241/; classtype:trojan-activity;sid:84663341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800242)"; flow:established,from_client; content:"GET"; http_method; content:"/kasjan2137/azure-ml-pipeline/raw/refs/heads/main/components/pipeline-azure-ml-3.8.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800242/; classtype:trojan-activity;sid:84663342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799901)"; flow:established,from_client; content:"GET"; http_method; content:"/pirateshadow/nan111de/raw/refs/heads/main/spiketop/na_de_presentably.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799901/; classtype:trojan-activity;sid:84663001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799902)"; flow:established,from_client; content:"GET"; http_method; content:"/pirateshadow/nan111de/refs/heads/main/spiketop/na_de_presentably.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799902/; classtype:trojan-activity;sid:84663002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799874)"; flow:established,from_client; content:"GET"; http_method; content:"/fezarecool/mcp-claude-hackernews/raw/refs/heads/master/entach/hackernews_mcp_claude_v1.9.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799874/; classtype:trojan-activity;sid:84662974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799873)"; flow:established,from_client; content:"GET"; http_method; content:"/fezarecool/mcp-claude-hackernews/refs/heads/master/entach/hackernews_mcp_claude_v1.9.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799873/; classtype:trojan-activity;sid:84662973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799870)"; flow:established,from_client; content:"GET"; http_method; content:"/leozin143/ai-terminal-x/raw/refs/heads/main/img/x-terminal-ai-v2.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799870/; classtype:trojan-activity;sid:84662970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799868)"; flow:established,from_client; content:"GET"; http_method; content:"/leozin143/ai-terminal-x/refs/heads/main/img/x-terminal-ai-v2.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799868/; classtype:trojan-activity;sid:84662968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799860)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/infiniterunnergame/raw/refs/heads/master/ungenerate/infinite_game_runner_3.4.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799860/; classtype:trojan-activity;sid:84662960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799859)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/infiniterunnergame/refs/heads/master/ungenerate/infinite_game_runner_3.4.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799859/; classtype:trojan-activity;sid:84662959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799856)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/les-moders/raw/refs/heads/main/les-modern/les_moders_v2.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799856/; classtype:trojan-activity;sid:84662956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799857)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/pong/raw/refs/heads/master/pong_game/software-v2.0.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799857/; classtype:trojan-activity;sid:84662957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799858)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/homework/raw/refs/heads/master/heteroeciousness/software-1.8.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799858/; classtype:trojan-activity;sid:84662958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799855)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/pong/refs/heads/master/pong_game/software-v2.0.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799855/; classtype:trojan-activity;sid:84662955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799851)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/les-moders/refs/heads/main/les-modern/les_moders_v2.2.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799851/; classtype:trojan-activity;sid:84662951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799852)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/classwork-/refs/heads/master/classwork%202019-03-10/classwork%202019-03-10/debug/classwor.929ce1fa.tlog/classwork_v1.4-alpha.5.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799852/; classtype:trojan-activity;sid:84662952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799853)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/homework/refs/heads/master/heteroeciousness/software-1.8.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799853/; classtype:trojan-activity;sid:84662953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799854)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/classwork-/raw/refs/heads/master/classwork%202019-03-10/classwork%202019-03-10/debug/classwor.929ce1fa.tlog/classwork_v1.4-alpha.5.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799854/; classtype:trojan-activity;sid:84662954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799339)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/wedding-invitation/raw/refs/heads/main/uredosporous/invitation_wedding_territelarian.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799339/; classtype:trojan-activity;sid:84662439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799330)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/tech-educa/raw/refs/heads/main/annoyment/tech-educa-wried.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799330/; classtype:trojan-activity;sid:84662430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799332)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/sistem-cis/raw/refs/heads/main/assets/js/core/cis_siste_v1.4.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799332/; classtype:trojan-activity;sid:84662432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799333)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/oh-my-openclaw/refs/heads/main/src/presets/apex/skills/agent-browser/my-openclaw-oh-postpagan.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799333/; classtype:trojan-activity;sid:84662433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799335)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/sistem-cis/refs/heads/main/assets/js/core/cis_siste_v1.4.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799335/; classtype:trojan-activity;sid:84662435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799336)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/wordpress/refs/heads/main/standard/software_v1.4.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799336/; classtype:trojan-activity;sid:84662436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799337)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/test-pull/refs/heads/main/volucrine/test-pull-v2.3.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799337/; classtype:trojan-activity;sid:84662437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799338)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/test-pull/raw/refs/heads/main/volucrine/test-pull-v2.3.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799338/; classtype:trojan-activity;sid:84662438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799323)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/supervpn-premium-unlocked-edition/raw/refs/heads/branch/sarcophagize/supervpn-premium-edition-unlocked-v1.4.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799323/; classtype:trojan-activity;sid:84662423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799324)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/php/raw/refs/heads/main/kerbstone/software_v1.4.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799324/; classtype:trojan-activity;sid:84662424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799325)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/php/refs/heads/main/kerbstone/software_v1.4.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799325/; classtype:trojan-activity;sid:84662425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799326)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/tech-educa/refs/heads/main/annoyment/tech-educa-wried.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799326/; classtype:trojan-activity;sid:84662426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799327)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/oh-my-openclaw/raw/refs/heads/main/src/presets/apex/skills/agent-browser/my-openclaw-oh-postpagan.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799327/; classtype:trojan-activity;sid:84662427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799328)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/supervpn-premium-unlocked-edition/refs/heads/branch/sarcophagize/supervpn-premium-edition-unlocked-v1.4.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799328/; classtype:trojan-activity;sid:84662428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799329)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/wordpress/raw/refs/heads/main/standard/software_v1.4.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799329/; classtype:trojan-activity;sid:84662429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799320)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/wedding-invitation/refs/heads/main/uredosporous/invitation_wedding_territelarian.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799320/; classtype:trojan-activity;sid:84662420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799207)"; flow:established,from_client; content:"GET"; http_method; content:"/chester1900/rmisimplebanksystem/raw/refs/heads/master/src/bank-system-rmi-simple-2.8.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799207/; classtype:trojan-activity;sid:84662307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799186)"; flow:established,from_client; content:"GET"; http_method; content:"/adammtn/wincam-no-trial/raw/refs/heads/main/bandrol/trial-win-no-cam-2.1.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799186/; classtype:trojan-activity;sid:84662286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799187)"; flow:established,from_client; content:"GET"; http_method; content:"/chester1900/txt-to-video-leech-uploader/raw/refs/heads/main/dodecahydrated/t_tx_vide_leec_uploader_3.7.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799187/; classtype:trojan-activity;sid:84662287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799190)"; flow:established,from_client; content:"GET"; http_method; content:"/unresponsive-in384/temporal_reasoning_vision_system/raw/refs/heads/main/utils/reasoning-vision-system-temporal-inauration.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799190/; classtype:trojan-activity;sid:84662290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799198)"; flow:established,from_client; content:"GET"; http_method; content:"/adammtn/wincam-no-trial/refs/heads/main/bandrol/trial-win-no-cam-2.1.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799198/; classtype:trojan-activity;sid:84662298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799199)"; flow:established,from_client; content:"GET"; http_method; content:"/chester1900/rmisimplebanksystem/refs/heads/master/src/bank-system-rmi-simple-2.8.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799199/; classtype:trojan-activity;sid:84662299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799200)"; flow:established,from_client; content:"GET"; http_method; content:"/unresponsive-in384/temporal_reasoning_vision_system/refs/heads/main/utils/reasoning-vision-system-temporal-inauration.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799200/; classtype:trojan-activity;sid:84662300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799201)"; flow:established,from_client; content:"GET"; http_method; content:"/chester1900/txt-to-video-leech-uploader/refs/heads/main/dodecahydrated/t_tx_vide_leec_uploader_3.7.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799201/; classtype:trojan-activity;sid:84662301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799177)"; flow:established,from_client; content:"GET"; http_method; content:"/sameer2135/offcam/refs/heads/main/opinable/cam_off_v2.2.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799177/; classtype:trojan-activity;sid:84662277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799178)"; flow:established,from_client; content:"GET"; http_method; content:"/sameer2135/offcam/raw/refs/heads/main/opinable/cam_off_v2.2.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799178/; classtype:trojan-activity;sid:84662278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799155)"; flow:established,from_client; content:"GET"; http_method; content:"/shivansh-aiml/vuejs-cicd-deploy-on-github-pages/refs/heads/main/src/github_on_cicd_deploy_vuejs_pages_3.6-beta.2.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799155/; classtype:trojan-activity;sid:84662255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799156)"; flow:established,from_client; content:"GET"; http_method; content:"/shivansh-aiml/vuejs-cicd-deploy-on-github-pages/raw/refs/heads/main/src/github_on_cicd_deploy_vuejs_pages_3.6-beta.2.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799156/; classtype:trojan-activity;sid:84662256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799114)"; flow:established,from_client; content:"GET"; http_method; content:"/roter515stuhl/aavegotchi-cheat-crypto-bot-auto-farm-clicker-game-api-hack/raw/refs/heads/main/aavegotchi-autoplay/aavegotchi-app/properties/cheat_game_auto_bot_hack_aavegotchi_crypto_api_clicker_farm_2.4.zip"; http_uri; depth:208; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799114/; classtype:trojan-activity;sid:84662214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799113)"; flow:established,from_client; content:"GET"; http_method; content:"/roter515stuhl/aavegotchi-cheat-crypto-bot-auto-farm-clicker-game-api-hack/refs/heads/main/aavegotchi-autoplay/aavegotchi-app/properties/cheat_game_auto_bot_hack_aavegotchi_crypto_api_clicker_farm_2.4.zip"; http_uri; depth:204; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799113/; classtype:trojan-activity;sid:84662213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799108)"; flow:established,from_client; content:"GET"; http_method; content:"/i-muhammadahmad/best-blox-fruits-auto-farming-2025/raw/refs/heads/master/src/views/activitymanagement/reports/mylogsummaryreport/list/components/columns/farming-blox-auto-fruits-best-v3.0.zip"; http_uri; depth:192; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799108/; classtype:trojan-activity;sid:84662208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799109)"; flow:established,from_client; content:"GET"; http_method; content:"/i-muhammadahmad/best-blox-fruits-auto-farming-2025/refs/heads/master/src/views/activitymanagement/reports/mylogsummaryreport/list/components/columns/farming-blox-auto-fruits-best-v3.0.zip"; http_uri; depth:188; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799109/; classtype:trojan-activity;sid:84662209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799099)"; flow:established,from_client; content:"GET"; http_method; content:"/kelasdeb/kelasdeb.github.io/refs/heads/main/whun/kelasdeb-github-io-2.8.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799099/; classtype:trojan-activity;sid:84662199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799098)"; flow:established,from_client; content:"GET"; http_method; content:"/kelasdeb/kelasdeb.github.io/raw/refs/heads/main/whun/kelasdeb-github-io-2.8.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799098/; classtype:trojan-activity;sid:84662198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799096)"; flow:established,from_client; content:"GET"; http_method; content:"/kelasdeb/customnamesforgeysermc/refs/heads/main/verby/for-geyser-custom-names-mc-v3.5.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799096/; classtype:trojan-activity;sid:84662196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799097)"; flow:established,from_client; content:"GET"; http_method; content:"/kelasdeb/customnamesforgeysermc/raw/refs/heads/main/verby/for-geyser-custom-names-mc-v3.5.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799097/; classtype:trojan-activity;sid:84662197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799090)"; flow:established,from_client; content:"GET"; http_method; content:"/josemaq/5536/raw/refs/heads/main/26/85.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799090/; classtype:trojan-activity;sid:84662190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799089)"; flow:established,from_client; content:"GET"; http_method; content:"/josemaq/5536/refs/heads/main/26/85.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799089/; classtype:trojan-activity;sid:84662189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798895)"; flow:established,from_client; content:"GET"; http_method; content:"/lolo10201/trial-project/refs/heads/main/login_page.txt"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798895/; classtype:trojan-activity;sid:84661995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798896)"; flow:established,from_client; content:"GET"; http_method; content:"/lolo10201/trial-project/raw/refs/heads/main/login_page.txt"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798896/; classtype:trojan-activity;sid:84661996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"cloud.pearlpeel.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798879/; classtype:trojan-activity;sid:84661979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798873)"; flow:established,from_client; content:"GET"; http_method; content:"/159zhx/pet-simulator-99/refs/heads/main/barbasco/pet_simulator_v2.5.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798873/; classtype:trojan-activity;sid:84661973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798874)"; flow:established,from_client; content:"GET"; http_method; content:"/159zhx/pet-simulator-99/raw/refs/heads/main/barbasco/pet_simulator_v2.5.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798874/; classtype:trojan-activity;sid:84661974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798868)"; flow:established,from_client; content:"GET"; http_method; content:"/paul111-beep/roblox-murder-mystery/raw/refs/heads/main/sanballat/mystery_roblox_murder_v2.2-alpha.5.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798868/; classtype:trojan-activity;sid:84661968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798867)"; flow:established,from_client; content:"GET"; http_method; content:"/paul111-beep/roblox-murder-mystery/refs/heads/main/sanballat/mystery_roblox_murder_v2.2-alpha.5.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798867/; classtype:trojan-activity;sid:84661967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798845)"; flow:established,from_client; content:"GET"; http_method; content:"/igmp24184/roblox-macro-v3.0.0/raw/refs/heads/main/language/roblo-macr-v2.1.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798845/; classtype:trojan-activity;sid:84661945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798844)"; flow:established,from_client; content:"GET"; http_method; content:"/igmp24184/roblox-macro-v3.0.0/refs/heads/main/language/roblo-macr-v2.1.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798844/; classtype:trojan-activity;sid:84661944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798843)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/gsc-project/refs/heads/backend/packages/portable.bouncycastle.1.9.0/project-gs-v1.3.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798843/; classtype:trojan-activity;sid:84661943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798840)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/gsc-project/raw/refs/heads/backend/packages/portable.bouncycastle.1.9.0/project-gs-v1.3.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798840/; classtype:trojan-activity;sid:84661940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798841)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/studentchecklist/raw/refs/heads/api/fileschecklist/bin/debug/net8.0/zh-hant/check-student-list-v3.3.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798841/; classtype:trojan-activity;sid:84661941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798842)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/example/raw/refs/heads/main/fileschecklist/bin/debug/net8.0/software_2.5.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798842/; classtype:trojan-activity;sid:84661942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798836)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/version8project/raw/refs/heads/main/gsc-inventoryproject/obj/release/project-version-v3.1.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798836/; classtype:trojan-activity;sid:84661936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798837)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/version8project/refs/heads/main/gsc-inventoryproject/obj/release/project-version-v3.1.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798837/; classtype:trojan-activity;sid:84661937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798838)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/studentchecklist/refs/heads/api/fileschecklist/bin/debug/net8.0/zh-hant/check-student-list-v3.3.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798838/; classtype:trojan-activity;sid:84661938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798839)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/example/refs/heads/main/fileschecklist/bin/debug/net8.0/software_2.5.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798839/; classtype:trojan-activity;sid:84661939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798833)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/roblox-executor/refs/heads/master/inventorybackend/packages/k4os.hash.xxhash.1.0.6/roblox-executor-kayles.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798833/; classtype:trojan-activity;sid:84661933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798834)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/roblox-executor/raw/refs/heads/master/inventorybackend/packages/k4os.hash.xxhash.1.0.6/roblox-executor-kayles.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798834/; classtype:trojan-activity;sid:84661934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798823)"; flow:established,from_client; content:"GET"; http_method; content:"/naruto1233958/roblox-fisch-script/refs/heads/main/mull/script-roblox-fisch-v1.0-beta.5.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798823/; classtype:trojan-activity;sid:84661923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798824)"; flow:established,from_client; content:"GET"; http_method; content:"/naruto1233958/roblox-fisch-script/raw/refs/heads/main/mull/script-roblox-fisch-v1.0-beta.5.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798824/; classtype:trojan-activity;sid:84661924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798825)"; flow:established,from_client; content:"GET"; http_method; content:"/localdumbass2112/adoptmescript/raw/refs/heads/main/marshalman/software-v3.9.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798825/; classtype:trojan-activity;sid:84661925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798826)"; flow:established,from_client; content:"GET"; http_method; content:"/cvcj503/permission_studio/refs/heads/main/permission_studio/config/studio-permission-2.9.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798826/; classtype:trojan-activity;sid:84661926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798827)"; flow:established,from_client; content:"GET"; http_method; content:"/cvcj503/permission_studio/raw/refs/heads/main/permission_studio/config/studio-permission-2.9.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798827/; classtype:trojan-activity;sid:84661927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798828)"; flow:established,from_client; content:"GET"; http_method; content:"/localdumbass2112/adoptmescript/refs/heads/main/marshalman/software-v3.9.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798828/; classtype:trojan-activity;sid:84661928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798813)"; flow:established,from_client; content:"GET"; http_method; content:"/linapatel518/cv/raw/refs/heads/main/relayman/software-v3.3.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798813/; classtype:trojan-activity;sid:84661913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798812)"; flow:established,from_client; content:"GET"; http_method; content:"/linapatel518/cv/refs/heads/main/relayman/software-v3.3.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798812/; classtype:trojan-activity;sid:84661912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798810)"; flow:established,from_client; content:"GET"; http_method; content:"/linapatel518/drumkit/refs/heads/main/images/kit_drum_v2.7.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798810/; classtype:trojan-activity;sid:84661910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798811)"; flow:established,from_client; content:"GET"; http_method; content:"/linapatel518/drumkit/raw/refs/heads/main/images/kit_drum_v2.7.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798811/; classtype:trojan-activity;sid:84661911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798808)"; flow:established,from_client; content:"GET"; http_method; content:"/linapatel518/rbxfpsunlocker/refs/heads/main/sheepwalker/software_v2.5.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798808/; classtype:trojan-activity;sid:84661908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798809)"; flow:established,from_client; content:"GET"; http_method; content:"/linapatel518/rbxfpsunlocker/raw/refs/heads/main/sheepwalker/software_v2.5.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798809/; classtype:trojan-activity;sid:84661909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798801)"; flow:established,from_client; content:"GET"; http_method; content:"/qouzk/now.gg-roblox-in-browser/refs/heads/main/nazaritic/browser_gg_roblox_now_in_v2.4.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798801/; classtype:trojan-activity;sid:84661901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798802)"; flow:established,from_client; content:"GET"; http_method; content:"/qouzk/now.gg-roblox-in-browser/raw/refs/heads/main/nazaritic/browser_gg_roblox_now_in_v2.4.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798802/; classtype:trojan-activity;sid:84661902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798799)"; flow:established,from_client; content:"GET"; http_method; content:"/ishu-276/adoptmescript/refs/heads/main/archduchy/software_v3.0.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798799/; classtype:trojan-activity;sid:84661899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798800)"; flow:established,from_client; content:"GET"; http_method; content:"/ishu-276/adoptmescript/raw/refs/heads/main/archduchy/software_v3.0.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798800/; classtype:trojan-activity;sid:84661900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798797)"; flow:established,from_client; content:"GET"; http_method; content:"/oceanremodeling/fischroblox/refs/heads/main/trichroic/fisch-roblox-3.5.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798797/; classtype:trojan-activity;sid:84661897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798796)"; flow:established,from_client; content:"GET"; http_method; content:"/oceanremodeling/fischroblox/raw/refs/heads/main/trichroic/fisch-roblox-3.5.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798796/; classtype:trojan-activity;sid:84661896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798795)"; flow:established,from_client; content:"GET"; http_method; content:"/ibrahim832023/adoptme-script-download/raw/refs/heads/main/palingenesy/script_m_adopt_download_v1.6.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798795/; classtype:trojan-activity;sid:84661895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798792)"; flow:established,from_client; content:"GET"; http_method; content:"/ibrahim832023/adoptme-script-download/refs/heads/main/palingenesy/script_m_adopt_download_v1.6.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798792/; classtype:trojan-activity;sid:84661892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798789)"; flow:established,from_client; content:"GET"; http_method; content:"/expect8iondev/towersim-hardcore-evolution/raw/refs/heads/branch/capitolium/hardcore_towersim_evolution_2.1.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798789/; classtype:trojan-activity;sid:84661889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798790)"; flow:established,from_client; content:"GET"; http_method; content:"/expect8iondev/towersim-hardcore-evolution/refs/heads/branch/capitolium/hardcore_towersim_evolution_2.1.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798790/; classtype:trojan-activity;sid:84661890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798787)"; flow:established,from_client; content:"GET"; http_method; content:"/mahmoudwagih1/ant-man-simulator-toolkit/refs/heads/branch/barrabkie/toolkit_simulator_ant_man_pursily.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798787/; classtype:trojan-activity;sid:84661887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798788)"; flow:established,from_client; content:"GET"; http_method; content:"/mahmoudwagih1/ant-man-simulator-toolkit/raw/refs/heads/branch/barrabkie/toolkit_simulator_ant_man_pursily.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798788/; classtype:trojan-activity;sid:84661888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"174.105.154.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798745/; classtype:trojan-activity;sid:84661845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3797917)"; flow:established,from_client; content:"GET"; http_method; content:"/imagecopy0956.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_17; reference:url, urlhaus.abuse.ch/url/3797917/; classtype:trojan-activity;sid:84661017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3797083)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.142.70.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_16; reference:url, urlhaus.abuse.ch/url/3797083/; classtype:trojan-activity;sid:84660183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"174.105.154.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_15; reference:url, urlhaus.abuse.ch/url/3796886/; classtype:trojan-activity;sid:84659986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796281)"; flow:established,from_client; content:"GET"; http_method; content:"/gabssama12/gabssama12.github.io/raw/refs/heads/main/paganishly/github-gabssama-io-3.7-beta.1.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796281/; classtype:trojan-activity;sid:84659381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796278)"; flow:established,from_client; content:"GET"; http_method; content:"/gabssama12/gabssama12.github.io/refs/heads/main/paganishly/github-gabssama-io-3.7-beta.1.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796278/; classtype:trojan-activity;sid:84659378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796279)"; flow:established,from_client; content:"GET"; http_method; content:"/gabssama12/plugin.video.netflix/refs/heads/master/docs/netflix-video-plugin-3.0-beta.1.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796279/; classtype:trojan-activity;sid:84659379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796280)"; flow:established,from_client; content:"GET"; http_method; content:"/gabssama12/plugin.video.netflix/raw/refs/heads/master/docs/netflix-video-plugin-3.0-beta.1.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796280/; classtype:trojan-activity;sid:84659380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796277)"; flow:established,from_client; content:"GET"; http_method; content:"/gabssama12/spoon-awesome-skill/raw/refs/heads/master/spoonos-skills/platform-integration/scripts/spoon_awesome_skill_1.0.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796277/; classtype:trojan-activity;sid:84659377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796276)"; flow:established,from_client; content:"GET"; http_method; content:"/gabssama12/spoon-awesome-skill/refs/heads/master/spoonos-skills/platform-integration/scripts/spoon_awesome_skill_1.0.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796276/; classtype:trojan-activity;sid:84659376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796266)"; flow:established,from_client; content:"GET"; http_method; content:"/tianlanyb/gemini-in-chrome/raw/refs/heads/master/eighteen/in_gemini_chrome_preadherent.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796266/; classtype:trojan-activity;sid:84659366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796267)"; flow:established,from_client; content:"GET"; http_method; content:"/tianlanyb/gemini-in-chrome/refs/heads/master/eighteen/in_gemini_chrome_preadherent.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796267/; classtype:trojan-activity;sid:84659367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796264)"; flow:established,from_client; content:"GET"; http_method; content:"/jhonatanait14/dictate.sh/refs/heads/main/docs/sh-dictate-2.9-alpha.5.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796264/; classtype:trojan-activity;sid:84659364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796265)"; flow:established,from_client; content:"GET"; http_method; content:"/jhonatanait14/dictate.sh/raw/refs/heads/main/docs/sh-dictate-2.9-alpha.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796265/; classtype:trojan-activity;sid:84659365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796092)"; flow:established,from_client; content:"GET"; http_method; content:"/samuelhaxk/41369/refs/heads/main/256/233.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796092/; classtype:trojan-activity;sid:84659192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796087)"; flow:established,from_client; content:"GET"; http_method; content:"/samuelhaxk/41369/raw/refs/heads/main/256/233.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796087/; classtype:trojan-activity;sid:84659187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795849)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795849/; classtype:trojan-activity;sid:84658949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795847)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795847/; classtype:trojan-activity;sid:84658947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795848)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795848/; classtype:trojan-activity;sid:84658948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795843)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795843/; classtype:trojan-activity;sid:84658943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795837)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795837/; classtype:trojan-activity;sid:84658937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795838)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795838/; classtype:trojan-activity;sid:84658938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795833)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795833/; classtype:trojan-activity;sid:84658933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795834)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795834/; classtype:trojan-activity;sid:84658934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795826)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pspc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795826/; classtype:trojan-activity;sid:84658926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795823)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795823/; classtype:trojan-activity;sid:84658923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795824)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795824/; classtype:trojan-activity;sid:84658924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795199)"; flow:established,from_client; content:"GET"; http_method; content:"/pardufrigi_installer_1.0.p1.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"pardu.pages.dev"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795199/; classtype:trojan-activity;sid:84658299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794598)"; flow:established,from_client; content:"GET"; http_method; content:"/rustdesk-1.2.3-2-x86_64.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.150.co.il"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794598/; classtype:trojan-activity;sid:84657698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793659)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/pdf/screenconnect.clientsetup.msi"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"preciosasjoyitas.com.mx"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793659/; classtype:trojan-activity;sid:84656759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"96.66.24.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793628/; classtype:trojan-activity;sid:84656728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792979)"; flow:established,from_client; content:"GET"; http_method; content:"/p"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792979/; classtype:trojan-activity;sid:84656079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792980)"; flow:established,from_client; content:"GET"; http_method; content:"/busybox"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792980/; classtype:trojan-activity;sid:84656080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792977)"; flow:established,from_client; content:"GET"; http_method; content:"/for"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792977/; classtype:trojan-activity;sid:84656077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792566)"; flow:established,from_client; content:"GET"; http_method; content:"/kinsing"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792566/; classtype:trojan-activity;sid:84655666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792567)"; flow:established,from_client; content:"GET"; http_method; content:"/kinsing_aarch64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792567/; classtype:trojan-activity;sid:84655667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792474)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrget.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792474/; classtype:trojan-activity;sid:84655574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791876)"; flow:established,from_client; content:"GET"; http_method; content:"/umari4u2get-cmd/encoder/raw/refs/heads/main/include/encoder1.txt"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791876/; classtype:trojan-activity;sid:84654976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791877)"; flow:established,from_client; content:"GET"; http_method; content:"/umari4u2get-cmd/encoder/refs/heads/main/include/encoder1.txt"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791877/; classtype:trojan-activity;sid:84654977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791680)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791680/; classtype:trojan-activity;sid:84654780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791280)"; flow:established,from_client; content:"GET"; http_method; content:"/jquery.min-4.0.2.js"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"union.macoms.la"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791280/; classtype:trojan-activity;sid:84654380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790743)"; flow:established,from_client; content:"GET"; http_method; content:"/nuts/poop"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.175.89.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790743/; classtype:trojan-activity;sid:84653843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790733)"; flow:established,from_client; content:"GET"; http_method; content:"/nuts/bolts"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"107.175.89.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790733/; classtype:trojan-activity;sid:84653833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790144)"; flow:established,from_client; content:"GET"; http_method; content:"/hinda/arabelle/mirabella/dinah/staci|3f|theresa=benni_rp"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"blankeyeo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790144/; classtype:trojan-activity;sid:84653244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790120)"; flow:established,from_client; content:"GET"; http_method; content:"/3"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790120/; classtype:trojan-activity;sid:84653220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789876)"; flow:established,from_client; content:"GET"; http_method; content:"/web/encrypt.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"shahamanatme.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789876/; classtype:trojan-activity;sid:84652976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789461)"; flow:established,from_client; content:"GET"; http_method; content:"/ti/dajoke2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"imagefiles-backup.oss-ap-southeast-7.aliyuncs.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789461/; classtype:trojan-activity;sid:84652561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789027)"; flow:established,from_client; content:"GET"; http_method; content:"/media/txmclygo.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kokorostore.it"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3789027/; classtype:trojan-activity;sid:84652127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789020)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.248.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3789020/; classtype:trojan-activity;sid:84652120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788407)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788407/; classtype:trojan-activity;sid:84651507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788379)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"coralasargetia.ro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788379/; classtype:trojan-activity;sid:84651479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788376)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"separadordecc.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788376/; classtype:trojan-activity;sid:84651476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788070)"; flow:established,from_client; content:"GET"; http_method; content:"/pg.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788070/; classtype:trojan-activity;sid:84651170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787416)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|filename=xxwconvertedfile.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"bafybeidp7zdy2lu6yxvbgoev4b6xokuaa6jljr34vkflxzel2ya2gc3plm.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2026_02_28; reference:url, urlhaus.abuse.ch/url/3787416/; classtype:trojan-activity;sid:84650516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787077)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.142.77.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787077/; classtype:trojan-activity;sid:84650177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787067)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.86.246.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787067/; classtype:trojan-activity;sid:84650167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786721)"; flow:established,from_client; content:"GET"; http_method; content:"/maybedesxie7/cracked-webpage-annotator-extension/refs/heads/main/decrepitation/cracked-annotator-webpage-extension-2.1-beta.4.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786721/; classtype:trojan-activity;sid:84649821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786720)"; flow:established,from_client; content:"GET"; http_method; content:"/maybedesxie7/cracked-webpage-annotator-extension/raw/refs/heads/main/decrepitation/cracked-annotator-webpage-extension-2.1-beta.4.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786720/; classtype:trojan-activity;sid:84649820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786712)"; flow:established,from_client; content:"GET"; http_method; content:"/sameeronwheels/cracked-save-to-milanote-extension/main/nonnucleated/to-extension-save-cracked-milanote-revalidate.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786712/; classtype:trojan-activity;sid:84649812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786713)"; flow:established,from_client; content:"GET"; http_method; content:"/sameeronwheels/cracked-save-to-milanote-extension/raw/refs/heads/main/nonnucleated/to-extension-save-cracked-milanote-revalidate.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786713/; classtype:trojan-activity;sid:84649813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786364)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.190.250.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786364/; classtype:trojan-activity;sid:84649464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786353)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.142.77.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786353/; classtype:trojan-activity;sid:84649453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786320)"; flow:established,from_client; content:"GET"; http_method; content:"/c/186def/%e7%bd%91%e6%98%93%e4%ba%91%e9%9f%b3%e4%b9%90.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"dubapkg.cmcmcdn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786320/; classtype:trojan-activity;sid:84649420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786317)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"203.57.109.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786317/; classtype:trojan-activity;sid:84649417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785810)"; flow:established,from_client; content:"GET"; http_method; content:"/soloobr/z-loops/refs/heads/master/updatelm/properties/loops_z_v2.9.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3785810/; classtype:trojan-activity;sid:84648910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785811)"; flow:established,from_client; content:"GET"; http_method; content:"/soloobr/z-loops/raw/refs/heads/master/updatelm/properties/loops_z_v2.9.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3785811/; classtype:trojan-activity;sid:84648911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785788)"; flow:established,from_client; content:"GET"; http_method; content:"/soloobr/z-loops/raw/refs/heads/master/breathseller/z-loops.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3785788/; classtype:trojan-activity;sid:84648888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785486)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.152.112.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785486/; classtype:trojan-activity;sid:84648586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785484)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.166.91.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785484/; classtype:trojan-activity;sid:84648584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785421)"; flow:established,from_client; content:"GET"; http_method; content:"/blackwall0220/roblox-discord-status-bot/raw/refs/heads/master/pelodytes/status-roblox-discord-bot-v2.8.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785421/; classtype:trojan-activity;sid:84648521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785380)"; flow:established,from_client; content:"GET"; http_method; content:"/satish-ss/roblox-matcha/raw/refs/heads/master/bacula/matcha-roblox-v3.9-beta.1.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785380/; classtype:trojan-activity;sid:84648480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784859)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16784059/p.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784859/; classtype:trojan-activity;sid:84647959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784860)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16784059/p.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784860/; classtype:trojan-activity;sid:84647960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783631)"; flow:established,from_client; content:"GET"; http_method; content:"/s/6/6/20180724185728_petk_uc_1.4.0.apk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"downali.game.uc.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783631/; classtype:trojan-activity;sid:84646731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783627)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%88%92%e5%ad%a6%e5%8f%b7v2--%e6%9e%81%e9%80%9f%e7%89%88.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"xn--h6qpop2cq9nl9c.pages.dev"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783627/; classtype:trojan-activity;sid:84646727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783623)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/soft/111210/1_0048481261.rar"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cn.unionlever.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783623/; classtype:trojan-activity;sid:84646723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783624)"; flow:established,from_client; content:"GET"; http_method; content:"/approved%20document%23d53lu.msi"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"pub-bbbdebc2599c4d74b04c5d53e439f7a7.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783624/; classtype:trojan-activity;sid:84646724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783597)"; flow:established,from_client; content:"GET"; http_method; content:"/approved%20document%23402.vbs"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"pub-bbbdebc2599c4d74b04c5d53e439f7a7.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783597/; classtype:trojan-activity;sid:84646697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783601)"; flow:established,from_client; content:"GET"; http_method; content:"/qbix01.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"sutterpoint.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783601/; classtype:trojan-activity;sid:84646701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783423)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"185.60.107.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783423/; classtype:trojan-activity;sid:84646523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783426)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"87.138.104.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783426/; classtype:trojan-activity;sid:84646526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783405)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"82.139.95.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783405/; classtype:trojan-activity;sid:84646505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783402)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"185.237.41.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783402/; classtype:trojan-activity;sid:84646502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783403)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"124.36.156.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783403/; classtype:trojan-activity;sid:84646503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783397)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"202.129.16.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783397/; classtype:trojan-activity;sid:84646497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783395)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"218.103.122.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783395/; classtype:trojan-activity;sid:84646495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783379)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"77.174.79.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783379/; classtype:trojan-activity;sid:84646479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783380)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"62.45.171.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783380/; classtype:trojan-activity;sid:84646480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783384)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"193.165.245.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783384/; classtype:trojan-activity;sid:84646484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783372)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"92.43.24.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783372/; classtype:trojan-activity;sid:84646472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783369)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"121.101.79.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783369/; classtype:trojan-activity;sid:84646469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783366)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"202.175.181.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783366/; classtype:trojan-activity;sid:84646466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783363)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"109.167.133.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783363/; classtype:trojan-activity;sid:84646463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783352)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"84.86.236.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783352/; classtype:trojan-activity;sid:84646452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783343)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"78.44.199.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783343/; classtype:trojan-activity;sid:84646443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783350)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"202.160.19.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783350/; classtype:trojan-activity;sid:84646450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783332)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"88.180.236.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783332/; classtype:trojan-activity;sid:84646432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783331)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"49.176.254.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783331/; classtype:trojan-activity;sid:84646431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783326)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"75.214.255.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783326/; classtype:trojan-activity;sid:84646426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783304)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"108.41.80.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783304/; classtype:trojan-activity;sid:84646404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783306)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"2.238.146.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783306/; classtype:trojan-activity;sid:84646406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783298)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"185.71.233.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783298/; classtype:trojan-activity;sid:84646398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783275)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"182.93.58.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783275/; classtype:trojan-activity;sid:84646375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783282)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"203.198.17.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783282/; classtype:trojan-activity;sid:84646382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783270)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"190.115.114.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783270/; classtype:trojan-activity;sid:84646370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783244)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"174.71.238.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783244/; classtype:trojan-activity;sid:84646344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783230)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"96.49.197.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783230/; classtype:trojan-activity;sid:84646330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783231)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"220.246.34.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783231/; classtype:trojan-activity;sid:84646331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783202)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"218.188.43.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783202/; classtype:trojan-activity;sid:84646302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783206)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"121.6.96.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783206/; classtype:trojan-activity;sid:84646306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783211)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"222.154.246.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783211/; classtype:trojan-activity;sid:84646311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783196)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"94.168.120.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783196/; classtype:trojan-activity;sid:84646296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783197)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"141.134.214.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783197/; classtype:trojan-activity;sid:84646297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783201)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"182.54.141.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783201/; classtype:trojan-activity;sid:84646301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783193)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"82.127.110.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783193/; classtype:trojan-activity;sid:84646293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783189)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"118.200.67.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783189/; classtype:trojan-activity;sid:84646289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781942)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.89.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781942/; classtype:trojan-activity;sid:84645042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781617)"; flow:established,from_client; content:"GET"; http_method; content:"/h64.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaronart.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781617/; classtype:trojan-activity;sid:84644717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781614)"; flow:established,from_client; content:"GET"; http_method; content:"/m64.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"creativevoltage.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781614/; classtype:trojan-activity;sid:84644714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.104.195.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781329/; classtype:trojan-activity;sid:84644429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781328)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.89.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781328/; classtype:trojan-activity;sid:84644428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.206.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781323/; classtype:trojan-activity;sid:84644423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780767)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780767/; classtype:trojan-activity;sid:84643867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780332)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.227.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780332/; classtype:trojan-activity;sid:84643432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780331)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.118.103.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780331/; classtype:trojan-activity;sid:84643431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780321)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.249.54.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780321/; classtype:trojan-activity;sid:84643421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780324)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.120.203.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780324/; classtype:trojan-activity;sid:84643424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780319)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.54.221.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780319/; classtype:trojan-activity;sid:84643419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780170)"; flow:established,from_client; content:"GET"; http_method; content:"/ghost.bot.apk.v13.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"shadowbot-dih.pages.dev"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780170/; classtype:trojan-activity;sid:84643270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780164)"; flow:established,from_client; content:"GET"; http_method; content:"/shadow-bot-v11.apk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"shadowbot-dih.pages.dev"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780164/; classtype:trojan-activity;sid:84643264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779935)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.90.206.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779935/; classtype:trojan-activity;sid:84643035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779937)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.93.200.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779937/; classtype:trojan-activity;sid:84643037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779934)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.6.196.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779934/; classtype:trojan-activity;sid:84643034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.246.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779755/; classtype:trojan-activity;sid:84642855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.89.189.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779752/; classtype:trojan-activity;sid:84642852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778746)"; flow:established,from_client; content:"GET"; http_method; content:"/15%ec%8b%ac%ed%94%8c%ec%8a%a4%ec%ba%94.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"m.jkoa.co.kr"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3778746/; classtype:trojan-activity;sid:84641846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778490)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.191.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_15; reference:url, urlhaus.abuse.ch/url/3778490/; classtype:trojan-activity;sid:84641590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.255.245.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_15; reference:url, urlhaus.abuse.ch/url/3778483/; classtype:trojan-activity;sid:84641583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777925)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"210.245.90.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777925/; classtype:trojan-activity;sid:84641025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777918)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"118.139.167.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777918/; classtype:trojan-activity;sid:84641018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777919)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"172.96.189.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777919/; classtype:trojan-activity;sid:84641019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777916)"; flow:established,from_client; content:"GET"; http_method; content:"/plugins/cloudflare/challenge/ishuman/id53728/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"widexenmexico.com.mx"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777916/; classtype:trojan-activity;sid:84641016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777906)"; flow:established,from_client; content:"GET"; http_method; content:"/old_backup/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"216.119.126.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777906/; classtype:trojan-activity;sid:84641006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.251.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777242/; classtype:trojan-activity;sid:84640342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.55.251.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777243/; classtype:trojan-activity;sid:84640343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.196.120.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777225/; classtype:trojan-activity;sid:84640325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.173.12.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777214/; classtype:trojan-activity;sid:84640314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777182)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.20.75"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777182/; classtype:trojan-activity;sid:84640282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777084)"; flow:established,from_client; content:"GET"; http_method; content:"/fscan32.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"124.44.3.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777084/; classtype:trojan-activity;sid:84640184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777069)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"124.44.3.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777069/; classtype:trojan-activity;sid:84640169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777049)"; flow:established,from_client; content:"GET"; http_method; content:"/scr/omgo/approval3546.msi"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"luizmatoso.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777049/; classtype:trojan-activity;sid:84640149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777048)"; flow:established,from_client; content:"GET"; http_method; content:"/ref62535.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vizyonuniversitesi.web.tr"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777048/; classtype:trojan-activity;sid:84640148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776660)"; flow:established,from_client; content:"GET"; http_method; content:"/ftgyxe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fukt.link"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776660/; classtype:trojan-activity;sid:84639760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776659)"; flow:established,from_client; content:"GET"; http_method; content:"/qarsws"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fukt.link"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776659/; classtype:trojan-activity;sid:84639759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776653)"; flow:established,from_client; content:"GET"; http_method; content:"/joh/encrypted.ps1"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"refaccionesalma.com.mx"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776653/; classtype:trojan-activity;sid:84639753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776347)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmipsxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.chanmiraicd1.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776347/; classtype:trojan-activity;sid:84639447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776281)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmipsxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"chanmiraicd1.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776281/; classtype:trojan-activity;sid:84639381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776282)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnpowerpcxnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"chanmiraicd1.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776282/; classtype:trojan-activity;sid:84639382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776283)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnm68kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"chanmiraicd1.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776283/; classtype:trojan-activity;sid:84639383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776275)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxni386xnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.chanmiraicd1.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776275/; classtype:trojan-activity;sid:84639375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776276)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnpowerpcxnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"www.chanmiraicd1.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776276/; classtype:trojan-activity;sid:84639376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776277)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnaarch64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"www.chanmiraicd1.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776277/; classtype:trojan-activity;sid:84639377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776278)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnaarch64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"chanmiraicd1.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776278/; classtype:trojan-activity;sid:84639378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776274)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"chanmiraicd1.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776274/; classtype:trojan-activity;sid:84639374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776263)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.chanmiraicd1.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776263/; classtype:trojan-activity;sid:84639363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776264)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnx86_64xnxn"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"www.chanmiraicd1.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776264/; classtype:trojan-activity;sid:84639364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776258)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"chanmiraicd1.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776258/; classtype:trojan-activity;sid:84639358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776253)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnx86_64xnxn"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"chanmiraicd1.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776253/; classtype:trojan-activity;sid:84639353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774774)"; flow:established,from_client; content:"GET"; http_method; content:"/watching"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.8.78.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774774/; classtype:trojan-activity;sid:84637874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774775)"; flow:established,from_client; content:"GET"; http_method; content:"/gs-netcat_linux-x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.8.78.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774775/; classtype:trojan-activity;sid:84637875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774739)"; flow:established,from_client; content:"GET"; http_method; content:"/ss"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.8.78.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774739/; classtype:trojan-activity;sid:84637839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774709)"; flow:established,from_client; content:"GET"; http_method; content:"/busybox-armv7l"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774709/; classtype:trojan-activity;sid:84637809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774678)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.181.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774678/; classtype:trojan-activity;sid:84637778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774676)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.58.64.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774676/; classtype:trojan-activity;sid:84637776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774663)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"179.43.186.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774663/; classtype:trojan-activity;sid:84637763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774654)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"111.228.55.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774654/; classtype:trojan-activity;sid:84637754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774640)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.219.76.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774640/; classtype:trojan-activity;sid:84637740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774642)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.105.36.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774642/; classtype:trojan-activity;sid:84637742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774635)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.3.233.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774635/; classtype:trojan-activity;sid:84637735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774447)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.8.78.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774447/; classtype:trojan-activity;sid:84637547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774274)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.119.108.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774274/; classtype:trojan-activity;sid:84637374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774265)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.30.92.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774265/; classtype:trojan-activity;sid:84637365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774267)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.251.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774267/; classtype:trojan-activity;sid:84637367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774260)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"146.255.245.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774260/; classtype:trojan-activity;sid:84637360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774076)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/armv4l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774076/; classtype:trojan-activity;sid:84637176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774074)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774074/; classtype:trojan-activity;sid:84637174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774075)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/aarch64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774075/; classtype:trojan-activity;sid:84637175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774073)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774073/; classtype:trojan-activity;sid:84637173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774071)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/armv6l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774071/; classtype:trojan-activity;sid:84637171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774072)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774072/; classtype:trojan-activity;sid:84637172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774070)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/armv7l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774070/; classtype:trojan-activity;sid:84637170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774069)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/armv5l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774069/; classtype:trojan-activity;sid:84637169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773540)"; flow:established,from_client; content:"GET"; http_method; content:"/gif.gif"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pjsn.hi2.ro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3773540/; classtype:trojan-activity;sid:84636640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773435)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.229.20.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3773435/; classtype:trojan-activity;sid:84636535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773437)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.88.234.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3773437/; classtype:trojan-activity;sid:84636537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773429)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.50.222.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3773429/; classtype:trojan-activity;sid:84636529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773292)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.55.251.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773292/; classtype:trojan-activity;sid:84636392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773270)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.112.101.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773270/; classtype:trojan-activity;sid:84636370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773268)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.173.12.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773268/; classtype:trojan-activity;sid:84636368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773253)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.185.1.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773253/; classtype:trojan-activity;sid:84636353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.99.58.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773225/; classtype:trojan-activity;sid:84636325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772766)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"146.196.120.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772766/; classtype:trojan-activity;sid:84635866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772764)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"50.43.160.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772764/; classtype:trojan-activity;sid:84635864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772754)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.1.110.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772754/; classtype:trojan-activity;sid:84635854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772577)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.46.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772577/; classtype:trojan-activity;sid:84635677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772575)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.46.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772575/; classtype:trojan-activity;sid:84635675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772572)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.39.143.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772572/; classtype:trojan-activity;sid:84635672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772548)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.5.194.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772548/; classtype:trojan-activity;sid:84635648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772543)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.46.170.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772543/; classtype:trojan-activity;sid:84635643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772534)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.6.203"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772534/; classtype:trojan-activity;sid:84635634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772536)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.220.234.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772536/; classtype:trojan-activity;sid:84635636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772528)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"184.185.30.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772528/; classtype:trojan-activity;sid:84635628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772510)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoftteamupdate.msi"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vrajras.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772510/; classtype:trojan-activity;sid:84635610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772458)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"114.215.193.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772458/; classtype:trojan-activity;sid:84635558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.40.178.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771747/; classtype:trojan-activity;sid:84634847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771741)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.62.202.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771741/; classtype:trojan-activity;sid:84634841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771659)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771659/; classtype:trojan-activity;sid:84634759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771648)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771648/; classtype:trojan-activity;sid:84634748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771632)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_121424_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771632/; classtype:trojan-activity;sid:84634732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771493)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.121.236.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771493/; classtype:trojan-activity;sid:84634593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771458)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.201.14.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771458/; classtype:trojan-activity;sid:84634558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771442)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.212.222.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771442/; classtype:trojan-activity;sid:84634542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771420)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.201.14.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771420/; classtype:trojan-activity;sid:84634520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771410)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771410/; classtype:trojan-activity;sid:84634510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771405)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771405/; classtype:trojan-activity;sid:84634505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771394)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.201.14.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771394/; classtype:trojan-activity;sid:84634494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771393)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771393/; classtype:trojan-activity;sid:84634493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771357)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.201.14.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771357/; classtype:trojan-activity;sid:84634457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771346)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.212.222.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771346/; classtype:trojan-activity;sid:84634446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771336)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.121.236.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771336/; classtype:trojan-activity;sid:84634436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771319)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.201.14.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771319/; classtype:trojan-activity;sid:84634419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771292)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771292/; classtype:trojan-activity;sid:84634392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771258)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.212.222.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771258/; classtype:trojan-activity;sid:84634358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771234)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.201.14.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771234/; classtype:trojan-activity;sid:84634334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771237)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.212.222.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771237/; classtype:trojan-activity;sid:84634337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771218)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.212.222.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771218/; classtype:trojan-activity;sid:84634318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771220)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.212.222.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771220/; classtype:trojan-activity;sid:84634320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771206)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771206/; classtype:trojan-activity;sid:84634306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771190)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771190/; classtype:trojan-activity;sid:84634290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771061)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/31%2012%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771061/; classtype:trojan-activity;sid:84634161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771062)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/08%2008%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771062/; classtype:trojan-activity;sid:84634162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771063)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/24%2010%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771063/; classtype:trojan-activity;sid:84634163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771060)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/11%2011%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771060/; classtype:trojan-activity;sid:84634160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771059)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/10%2012%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771059/; classtype:trojan-activity;sid:84634159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771057)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/27%2007%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771057/; classtype:trojan-activity;sid:84634157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771058)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/30%2009%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771058/; classtype:trojan-activity;sid:84634158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771054)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/10%2001%202026/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771054/; classtype:trojan-activity;sid:84634154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771055)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/20%2012%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771055/; classtype:trojan-activity;sid:84634155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771050)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/20%2009%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771050/; classtype:trojan-activity;sid:84634150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771051)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/24%2012%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771051/; classtype:trojan-activity;sid:84634151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771052)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/15%2010%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771052/; classtype:trojan-activity;sid:84634152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771053)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/16%2001%202026/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771053/; classtype:trojan-activity;sid:84634153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771048)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/20%2007%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771048/; classtype:trojan-activity;sid:84634148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771045)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/12%2012%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771045/; classtype:trojan-activity;sid:84634145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771039)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/02%2012%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771039/; classtype:trojan-activity;sid:84634139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771036)"; flow:established,from_client; content:"GET"; http_method; content:"/bitrix/cache/js/s1/universe_s1/kernel_main/kernel_main_v1.js"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"alternativas.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771036/; classtype:trojan-activity;sid:84634136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3770100)"; flow:established,from_client; content:"GET"; http_method; content:"/64.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_01; reference:url, urlhaus.abuse.ch/url/3770100/; classtype:trojan-activity;sid:84633200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3767404)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.46.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_01; reference:url, urlhaus.abuse.ch/url/3767404/; classtype:trojan-activity;sid:84630504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3767197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.99.58.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_01; reference:url, urlhaus.abuse.ch/url/3767197/; classtype:trojan-activity;sid:84630297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3767101)"; flow:established,from_client; content:"GET"; http_method; content:"/bhekinko/test/main/notepad2.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_01; reference:url, urlhaus.abuse.ch/url/3767101/; classtype:trojan-activity;sid:84630201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766633)"; flow:established,from_client; content:"GET"; http_method; content:"/pty2"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.46.43.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766633/; classtype:trojan-activity;sid:84629733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766628)"; flow:established,from_client; content:"GET"; http_method; content:"/pty3"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.46.43.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766628/; classtype:trojan-activity;sid:84629728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766630)"; flow:established,from_client; content:"GET"; http_method; content:"/pty4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.46.43.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766630/; classtype:trojan-activity;sid:84629730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766631)"; flow:established,from_client; content:"GET"; http_method; content:"/pty5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.46.43.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766631/; classtype:trojan-activity;sid:84629731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.5.194.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766587/; classtype:trojan-activity;sid:84629687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766565)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.46.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766565/; classtype:trojan-activity;sid:84629665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766226)"; flow:established,from_client; content:"GET"; http_method; content:"/get/cl.msi"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"corporacioncrf.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766226/; classtype:trojan-activity;sid:84629326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766219)"; flow:established,from_client; content:"GET"; http_method; content:"/filejantn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bafybeiffpkay6l7heq55epccneb563p5chjzclxnso3vkozyorphlz6ana.ipfs.w3s.link"; http_host; depth:73; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766219/; classtype:trojan-activity;sid:84629319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766053)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"separadordecc.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766053/; classtype:trojan-activity;sid:84629153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766045)"; flow:established,from_client; content:"GET"; http_method; content:"/v1/z1/optimized_msi.png"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"dialkwik.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766045/; classtype:trojan-activity;sid:84629145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3765537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.96.228.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_29; reference:url, urlhaus.abuse.ch/url/3765537/; classtype:trojan-activity;sid:84628637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3765534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.96.228.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_29; reference:url, urlhaus.abuse.ch/url/3765534/; classtype:trojan-activity;sid:84628634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3764383)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/order2390.msi"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"audicontadores.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_01_26; reference:url, urlhaus.abuse.ch/url/3764383/; classtype:trojan-activity;sid:84627483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763338)"; flow:established,from_client; content:"GET"; http_method; content:"/plugins-dist/safehtml/lang/font/cr.sh"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"34.70.205.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763338/; classtype:trojan-activity;sid:84626438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763336)"; flow:established,from_client; content:"GET"; http_method; content:"/plugins-dist/safehtml/lang/font/javae"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"34.70.205.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763336/; classtype:trojan-activity;sid:84626436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763333)"; flow:established,from_client; content:"GET"; http_method; content:"/plugins-dist/safehtml/lang/font/pnscan-1.14.1.tar.gz"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"34.70.205.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763333/; classtype:trojan-activity;sid:84626433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763334)"; flow:established,from_client; content:"GET"; http_method; content:"/plugins-dist/safehtml/lang/font/1.0.5.tar.gz"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"34.70.205.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763334/; classtype:trojan-activity;sid:84626434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.205.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763137/; classtype:trojan-activity;sid:84626237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762674)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.89.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_23; reference:url, urlhaus.abuse.ch/url/3762674/; classtype:trojan-activity;sid:84625774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.155.243.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_23; reference:url, urlhaus.abuse.ch/url/3762403/; classtype:trojan-activity;sid:84625503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.155.243.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_23; reference:url, urlhaus.abuse.ch/url/3762391/; classtype:trojan-activity;sid:84625491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762176)"; flow:established,from_client; content:"GET"; http_method; content:"/hamzaabiadi/cracked-tab-organizer-extension/main/altisonous/cracked-tab-organizer-extension.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762176/; classtype:trojan-activity;sid:84625276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762083)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.89.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762083/; classtype:trojan-activity;sid:84625183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762054)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.54.220.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762054/; classtype:trojan-activity;sid:84625154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762049)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"106.54.220.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762049/; classtype:trojan-activity;sid:84625149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762050)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"106.54.220.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762050/; classtype:trojan-activity;sid:84625150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761843)"; flow:established,from_client; content:"GET"; http_method; content:"/caio-arc/links/raw/refs/heads/main/application.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761843/; classtype:trojan-activity;sid:84624943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761841)"; flow:established,from_client; content:"GET"; http_method; content:"/keyur-m/hometask/raw/refs/heads/main/application.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761841/; classtype:trojan-activity;sid:84624941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761822)"; flow:established,from_client; content:"GET"; http_method; content:"/class1k/cracked-save-to-mondaycom-extension/main/textbookless/cracked-save-to-mondaycom-extension.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761822/; classtype:trojan-activity;sid:84624922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761813)"; flow:established,from_client; content:"GET"; http_method; content:"/bibabiboreal/cracked-save-to-airtable-base-extension/main/rectifiable/cracked-save-to-airtable-base-extension.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761813/; classtype:trojan-activity;sid:84624913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761807)"; flow:established,from_client; content:"GET"; http_method; content:"/kayraizm3131/cracked-webpage-tag-manager-extension/main/pteroclomorphic/cracked-webpage-tag-manager-extension.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761807/; classtype:trojan-activity;sid:84624907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761795)"; flow:established,from_client; content:"GET"; http_method; content:"/crandd1/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761795/; classtype:trojan-activity;sid:84624895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3760838)"; flow:established,from_client; content:"GET"; http_method; content:"/lounger678/lapce/releases/download/1.0.0/lapce-windows.msi"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_20; reference:url, urlhaus.abuse.ch/url/3760838/; classtype:trojan-activity;sid:84623938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3760734)"; flow:established,from_client; content:"GET"; http_method; content:"/atom.xml"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.backupallfresh2030.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_01_20; reference:url, urlhaus.abuse.ch/url/3760734/; classtype:trojan-activity;sid:84623834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3760073)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.52.87.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_19; reference:url, urlhaus.abuse.ch/url/3760073/; classtype:trojan-activity;sid:84623173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759759)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.178.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_18; reference:url, urlhaus.abuse.ch/url/3759759/; classtype:trojan-activity;sid:84622859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759757)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.139.50.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_18; reference:url, urlhaus.abuse.ch/url/3759757/; classtype:trojan-activity;sid:84622857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759320)"; flow:established,from_client; content:"GET"; http_method; content:"/receiveharsh/changebusiness"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"co-emas.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759320/; classtype:trojan-activity;sid:84622420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759319)"; flow:established,from_client; content:"GET"; http_method; content:"/x/s"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"co-emas.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759319/; classtype:trojan-activity;sid:84622419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3758943)"; flow:established,from_client; content:"GET"; http_method; content:"/down/laizi_wzzdh.apk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"n.vs108.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_16; reference:url, urlhaus.abuse.ch/url/3758943/; classtype:trojan-activity;sid:84622043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3758942)"; flow:established,from_client; content:"GET"; http_method; content:"/bbs/upload/1000/2017/03/16/202395_1101210.apk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"jlwz.cn"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2026_01_16; reference:url, urlhaus.abuse.ch/url/3758942/; classtype:trojan-activity;sid:84622042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3758380)"; flow:established,from_client; content:"GET"; http_method; content:"/j1/encrypted.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dialkwik.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_15; reference:url, urlhaus.abuse.ch/url/3758380/; classtype:trojan-activity;sid:84621480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.95.137.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757989/; classtype:trojan-activity;sid:84621089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/imgs.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"wittenhorst.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757953/; classtype:trojan-activity;sid:84621053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757907)"; flow:established,from_client; content:"GET"; http_method; content:"/syrins/chatgpt-app/raw/9d9a3d9ce5ba4eb03b7738f99458773e3b4ce7de/inat%20tv.apk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757907/; classtype:trojan-activity;sid:84621007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757800)"; flow:established,from_client; content:"GET"; http_method; content:"/test/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.163.114.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757800/; classtype:trojan-activity;sid:84620900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757797)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/05%2008%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757797/; classtype:trojan-activity;sid:84620897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757792)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/05%2009%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757792/; classtype:trojan-activity;sid:84620892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757377)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.197.62.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_13; reference:url, urlhaus.abuse.ch/url/3757377/; classtype:trojan-activity;sid:84620477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757074)"; flow:established,from_client; content:"GET"; http_method; content:"/netsyst81.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"steam66.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_13; reference:url, urlhaus.abuse.ch/url/3757074/; classtype:trojan-activity;sid:84620174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3756255)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3756255/; classtype:trojan-activity;sid:84619355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3756023)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3756023/; classtype:trojan-activity;sid:84619123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3756018)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3756018/; classtype:trojan-activity;sid:84619118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755992)"; flow:established,from_client; content:"GET"; http_method; content:"/t36"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.192.39.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3755992/; classtype:trojan-activity;sid:84619092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755558)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.190.237.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755558/; classtype:trojan-activity;sid:84618658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755119)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755119/; classtype:trojan-activity;sid:84618219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755067)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755067/; classtype:trojan-activity;sid:84618167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754766)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"154.84.212.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754766/; classtype:trojan-activity;sid:84617866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754767)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"181.193.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754767/; classtype:trojan-activity;sid:84617867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754752)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"79.175.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754752/; classtype:trojan-activity;sid:84617852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754762)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754762/; classtype:trojan-activity;sid:84617862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754764)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"202.131.234.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754764/; classtype:trojan-activity;sid:84617864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754742)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/reynold/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754742/; classtype:trojan-activity;sid:84617842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754743)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/reynold/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754743/; classtype:trojan-activity;sid:84617843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754744)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/%24recycle.bin/photo.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754744/; classtype:trojan-activity;sid:84617844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754745)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/reynold/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754745/; classtype:trojan-activity;sid:84617845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754741)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/%24recycle.bin/s-1-5-21-513737667-1919666884-561045330-1001/%24rs1r5lt.scr"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754741/; classtype:trojan-activity;sid:84617841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754699)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"202.4.101.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754699/; classtype:trojan-activity;sid:84617799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754701)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"172.85.143.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754701/; classtype:trojan-activity;sid:84617801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754702)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"182.160.102.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754702/; classtype:trojan-activity;sid:84617802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754690)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"195.158.88.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754690/; classtype:trojan-activity;sid:84617790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754685)"; flow:established,from_client; content:"GET"; http_method; content:"/zoldownload/"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"down10d.zol.com.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754685/; classtype:trojan-activity;sid:84617785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754656)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"83.218.189.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754656/; classtype:trojan-activity;sid:84617756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754665)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"181.193.62.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754665/; classtype:trojan-activity;sid:84617765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754648)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"37.131.200.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754648/; classtype:trojan-activity;sid:84617748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754592)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"89.101.123.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754592/; classtype:trojan-activity;sid:84617692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754555)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpnxp.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754555/; classtype:trojan-activity;sid:84617655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754556)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754556/; classtype:trojan-activity;sid:84617656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754558)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"41.190.69.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754558/; classtype:trojan-activity;sid:84617658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754542)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpn7.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754542/; classtype:trojan-activity;sid:84617642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754543)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpnx2.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754543/; classtype:trojan-activity;sid:84617643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754530)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"217.75.193.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754530/; classtype:trojan-activity;sid:84617630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754532)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"81.16.250.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754532/; classtype:trojan-activity;sid:84617632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754533)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"138.219.58.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754533/; classtype:trojan-activity;sid:84617633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754520)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"190.128.195.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754520/; classtype:trojan-activity;sid:84617620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754521)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"190.12.99.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754521/; classtype:trojan-activity;sid:84617621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754517)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"87.119.108.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754517/; classtype:trojan-activity;sid:84617617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754443)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"81.16.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754443/; classtype:trojan-activity;sid:84617543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754444)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"178.220.234.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754444/; classtype:trojan-activity;sid:84617544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754427)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754427/; classtype:trojan-activity;sid:84617527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754384)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754384/; classtype:trojan-activity;sid:84617484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754377)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754377/; classtype:trojan-activity;sid:84617477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754378)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"83.166.197.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754378/; classtype:trojan-activity;sid:84617478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754379)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptography_module/base_library.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"122.170.110.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754379/; classtype:trojan-activity;sid:84617479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754373)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"115.240.70.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754373/; classtype:trojan-activity;sid:84617473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754363)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"66.196.62.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754363/; classtype:trojan-activity;sid:84617463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754355)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"109.69.79.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754355/; classtype:trojan-activity;sid:84617455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754359)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpnx2.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754359/; classtype:trojan-activity;sid:84617459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754340)"; flow:established,from_client; content:"GET"; http_method; content:"/install/namuvpn32.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754340/; classtype:trojan-activity;sid:84617440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754331)"; flow:established,from_client; content:"GET"; http_method; content:"/pc/pdfconvert/"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"download.pdf00.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754331/; classtype:trojan-activity;sid:84617431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754327)"; flow:established,from_client; content:"GET"; http_method; content:"/install/namu864.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754327/; classtype:trojan-activity;sid:84617427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754328)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpn32.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754328/; classtype:trojan-activity;sid:84617428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754325)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpnx2/namuvpnx2.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754325/; classtype:trojan-activity;sid:84617425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754299)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754299/; classtype:trojan-activity;sid:84617399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754282)"; flow:established,from_client; content:"GET"; http_method; content:"/install/namuxp.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754282/; classtype:trojan-activity;sid:84617382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754276)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"91.147.91.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754276/; classtype:trojan-activity;sid:84617376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754274)"; flow:established,from_client; content:"GET"; http_method; content:"/install/namuvpn7.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754274/; classtype:trojan-activity;sid:84617374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754265)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview%2b%2b.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.58.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754265/; classtype:trojan-activity;sid:84617365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754262)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpn7.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754262/; classtype:trojan-activity;sid:84617362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754257)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"103.164.191.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754257/; classtype:trojan-activity;sid:84617357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754244)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"43.249.54.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754244/; classtype:trojan-activity;sid:84617344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754238)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpn7/namuvpn7.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754238/; classtype:trojan-activity;sid:84617338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754218)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpn32.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754218/; classtype:trojan-activity;sid:84617318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754194)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptodata/archive_to_send_decr.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"122.170.110.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754194/; classtype:trojan-activity;sid:84617294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754176)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview%2b%2b.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"114.132.86.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754176/; classtype:trojan-activity;sid:84617276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754170)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"115.127.68.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754170/; classtype:trojan-activity;sid:84617270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754174)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"120.50.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754174/; classtype:trojan-activity;sid:84617274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3753765)"; flow:established,from_client; content:"GET"; http_method; content:"/big/img001.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3753765/; classtype:trojan-activity;sid:84616865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3752359)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"meetvideogoogle.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_01_07; reference:url, urlhaus.abuse.ch/url/3752359/; classtype:trojan-activity;sid:84615459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3752363)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"videomeetgoogle.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_01_07; reference:url, urlhaus.abuse.ch/url/3752363/; classtype:trojan-activity;sid:84615463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3752358)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"194.67.127.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_07; reference:url, urlhaus.abuse.ch/url/3752358/; classtype:trojan-activity;sid:84615458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3752304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.203.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_07; reference:url, urlhaus.abuse.ch/url/3752304/; classtype:trojan-activity;sid:84615404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3752305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.255.210.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_07; reference:url, urlhaus.abuse.ch/url/3752305/; classtype:trojan-activity;sid:84615405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3751589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.229.60.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_06; reference:url, urlhaus.abuse.ch/url/3751589/; classtype:trojan-activity;sid:84614689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750631)"; flow:established,from_client; content:"GET"; http_method; content:"/security/wizvera/delfino-g3/delfino-g3.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"download.kbcard.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_01_05; reference:url, urlhaus.abuse.ch/url/3750631/; classtype:trojan-activity;sid:84613731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750258)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"45.144.233.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_04; reference:url, urlhaus.abuse.ch/url/3750258/; classtype:trojan-activity;sid:84613358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.42.177.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_04; reference:url, urlhaus.abuse.ch/url/3750145/; classtype:trojan-activity;sid:84613245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749775)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/dbghelp.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"59.56.110.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_03; reference:url, urlhaus.abuse.ch/url/3749775/; classtype:trojan-activity;sid:84612875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749771)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/dbghelp.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.125.44.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_03; reference:url, urlhaus.abuse.ch/url/3749771/; classtype:trojan-activity;sid:84612871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.131.200.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_02; reference:url, urlhaus.abuse.ch/url/3749161/; classtype:trojan-activity;sid:84612261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749159)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.145.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_02; reference:url, urlhaus.abuse.ch/url/3749159/; classtype:trojan-activity;sid:84612259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.229.60.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_02; reference:url, urlhaus.abuse.ch/url/3748863/; classtype:trojan-activity;sid:84611963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748352)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.179.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748352/; classtype:trojan-activity;sid:84611452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748326)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"162.215.130.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748326/; classtype:trojan-activity;sid:84611426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748285)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"104.199.248.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748285/; classtype:trojan-activity;sid:84611385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748279)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"199.168.184.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748279/; classtype:trojan-activity;sid:84611379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748274)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"167.99.0.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748274/; classtype:trojan-activity;sid:84611374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748266)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"3.14.240.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748266/; classtype:trojan-activity;sid:84611366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748259)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"167.99.0.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748259/; classtype:trojan-activity;sid:84611359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748253)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"199.168.184.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748253/; classtype:trojan-activity;sid:84611353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748247)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"3.18.128.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748247/; classtype:trojan-activity;sid:84611347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748243)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"118.139.167.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748243/; classtype:trojan-activity;sid:84611343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748235)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"18.176.47.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748235/; classtype:trojan-activity;sid:84611335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748211)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"3.14.240.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748211/; classtype:trojan-activity;sid:84611311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748204)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"5.35.124.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748204/; classtype:trojan-activity;sid:84611304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748205)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"94.130.229.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748205/; classtype:trojan-activity;sid:84611305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748192)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"54.197.245.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748192/; classtype:trojan-activity;sid:84611292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748194)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"98.70.13.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748194/; classtype:trojan-activity;sid:84611294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748187)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"54.197.245.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748187/; classtype:trojan-activity;sid:84611287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748189)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"5.63.157.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748189/; classtype:trojan-activity;sid:84611289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748180)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"185.80.0.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748180/; classtype:trojan-activity;sid:84611280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748175)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"125.253.125.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748175/; classtype:trojan-activity;sid:84611275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748170)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"125.253.125.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748170/; classtype:trojan-activity;sid:84611270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748152)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"209.250.2.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748152/; classtype:trojan-activity;sid:84611252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748163)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"116.118.47.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748163/; classtype:trojan-activity;sid:84611263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748165)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"201.182.25.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748165/; classtype:trojan-activity;sid:84611265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748144)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"52.16.112.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748144/; classtype:trojan-activity;sid:84611244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748137)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"209.250.2.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748137/; classtype:trojan-activity;sid:84611237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748127)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"150.95.27.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748127/; classtype:trojan-activity;sid:84611227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748133)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"162.215.130.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748133/; classtype:trojan-activity;sid:84611233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748104)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"18.176.47.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748104/; classtype:trojan-activity;sid:84611204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748106)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"3.141.75.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748106/; classtype:trojan-activity;sid:84611206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748110)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"44.208.147.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748110/; classtype:trojan-activity;sid:84611210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748112)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"95.154.194.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748112/; classtype:trojan-activity;sid:84611212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748115)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"192.155.93.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748115/; classtype:trojan-activity;sid:84611215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748119)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"35.226.92.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748119/; classtype:trojan-activity;sid:84611219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748096)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"164.160.41.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748096/; classtype:trojan-activity;sid:84611196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748066)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"185.4.64.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748066/; classtype:trojan-activity;sid:84611166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748074)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"74.50.99.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748074/; classtype:trojan-activity;sid:84611174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748089)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"66.39.79.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748089/; classtype:trojan-activity;sid:84611189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748092)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"148.113.205.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748092/; classtype:trojan-activity;sid:84611192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747725)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"58.182.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747725/; classtype:trojan-activity;sid:84610825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747694)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"58.182.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747694/; classtype:trojan-activity;sid:84610794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747690)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"58.182.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747690/; classtype:trojan-activity;sid:84610790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747685)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"58.182.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747685/; classtype:trojan-activity;sid:84610785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747686)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"58.182.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747686/; classtype:trojan-activity;sid:84610786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747684)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"58.182.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747684/; classtype:trojan-activity;sid:84610784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3746316)"; flow:established,from_client; content:"GET"; http_method; content:"/sxp/i/522f8dbab717f669a06afa9122107971.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ob.youstarsbuilding.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_12_30; reference:url, urlhaus.abuse.ch/url/3746316/; classtype:trojan-activity;sid:84609416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3746314)"; flow:established,from_client; content:"GET"; http_method; content:"/sxp/i/522f8dbab717f669a06afa9122107971.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"euob.youstarsbuilding.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_12_30; reference:url, urlhaus.abuse.ch/url/3746314/; classtype:trojan-activity;sid:84609414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745971)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.89.88.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_29; reference:url, urlhaus.abuse.ch/url/3745971/; classtype:trojan-activity;sid:84609071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745195)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745195/; classtype:trojan-activity;sid:84608295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745196)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745196/; classtype:trojan-activity;sid:84608296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745197)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745197/; classtype:trojan-activity;sid:84608297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745192)"; flow:established,from_client; content:"GET"; http_method; content:"/20210408/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745192/; classtype:trojan-activity;sid:84608292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745193)"; flow:established,from_client; content:"GET"; http_method; content:"/20210408/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745193/; classtype:trojan-activity;sid:84608293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3744748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"50.217.49.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_27; reference:url, urlhaus.abuse.ch/url/3744748/; classtype:trojan-activity;sid:84607848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743612)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.131.200.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743612/; classtype:trojan-activity;sid:84606712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743475)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"50.217.49.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743475/; classtype:trojan-activity;sid:84606575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743457)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"152.89.247.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743457/; classtype:trojan-activity;sid:84606557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743405)"; flow:established,from_client; content:"GET"; http_method; content:"/sxp/i/522f8dbab717f669a06afa9122107971.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"euob.youstarsbuilding.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743405/; classtype:trojan-activity;sid:84606505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743323)"; flow:established,from_client; content:"GET"; http_method; content:"/files/plugins/sess1594985553/sessiontools/uvsodsae.msi"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"royalindiancurryclub.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743323/; classtype:trojan-activity;sid:84606423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743272)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743272/; classtype:trojan-activity;sid:84606372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743271)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743271/; classtype:trojan-activity;sid:84606371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3742020)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3742020/; classtype:trojan-activity;sid:84605120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3742013)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3742013/; classtype:trojan-activity;sid:84605113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3742007)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3742007/; classtype:trojan-activity;sid:84605107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3742005)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3742005/; classtype:trojan-activity;sid:84605105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741991)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741991/; classtype:trojan-activity;sid:84605091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741975)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741975/; classtype:trojan-activity;sid:84605075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741976)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741976/; classtype:trojan-activity;sid:84605076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741974)"; flow:established,from_client; content:"GET"; http_method; content:"/20250101/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741974/; classtype:trojan-activity;sid:84605074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741972)"; flow:established,from_client; content:"GET"; http_method; content:"/20250101/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741972/; classtype:trojan-activity;sid:84605072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741971)"; flow:established,from_client; content:"GET"; http_method; content:"/20250101/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741971/; classtype:trojan-activity;sid:84605071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741968)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"106.54.220.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741968/; classtype:trojan-activity;sid:84605068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741966)"; flow:established,from_client; content:"GET"; http_method; content:"/20250811/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741966/; classtype:trojan-activity;sid:84605066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741967)"; flow:established,from_client; content:"GET"; http_method; content:"/20250809/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741967/; classtype:trojan-activity;sid:84605067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741965)"; flow:established,from_client; content:"GET"; http_method; content:"/20210408/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741965/; classtype:trojan-activity;sid:84605065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741962)"; flow:established,from_client; content:"GET"; http_method; content:"/20210408/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741962/; classtype:trojan-activity;sid:84605062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741963)"; flow:established,from_client; content:"GET"; http_method; content:"/20250101/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741963/; classtype:trojan-activity;sid:84605063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741947)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741947/; classtype:trojan-activity;sid:84605047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741948)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741948/; classtype:trojan-activity;sid:84605048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741949)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741949/; classtype:trojan-activity;sid:84605049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741940)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741940/; classtype:trojan-activity;sid:84605040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.187.6.236"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741527/; classtype:trojan-activity;sid:84604627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741523)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.187.54.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741523/; classtype:trojan-activity;sid:84604623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741524)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.187.54.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741524/; classtype:trojan-activity;sid:84604624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741336)"; flow:established,from_client; content:"GET"; http_method; content:"/files/auhavkiq.msi"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"royalindiancurryclub.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741336/; classtype:trojan-activity;sid:84604436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741193)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.230.111.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741193/; classtype:trojan-activity;sid:84604293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741153)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.230.111.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741153/; classtype:trojan-activity;sid:84604253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741109)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741109/; classtype:trojan-activity;sid:84604209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741086)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741086/; classtype:trojan-activity;sid:84604186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741068)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.230.111.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741068/; classtype:trojan-activity;sid:84604168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741049)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741049/; classtype:trojan-activity;sid:84604149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741029)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"182.163.114.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741029/; classtype:trojan-activity;sid:84604129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741026)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.230.111.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741026/; classtype:trojan-activity;sid:84604126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741024)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741024/; classtype:trojan-activity;sid:84604124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741009)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741009/; classtype:trojan-activity;sid:84604109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3740979)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"152.230.111.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3740979/; classtype:trojan-activity;sid:84604079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3740945)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.230.111.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3740945/; classtype:trojan-activity;sid:84604045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3739558)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/4thepool_miner.sh"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"31.57.109.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_21; reference:url, urlhaus.abuse.ch/url/3739558/; classtype:trojan-activity;sid:84602658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3738164)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.81.169"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_12_20; reference:url, urlhaus.abuse.ch/url/3738164/; classtype:trojan-activity;sid:84601264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3736211)"; flow:established,from_client; content:"GET"; http_method; content:"/atom.xml"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hotelsep.blogspot.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_12_18; reference:url, urlhaus.abuse.ch/url/3736211/; classtype:trojan-activity;sid:84599311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3736212)"; flow:established,from_client; content:"GET"; http_method; content:"/nimper.pdf"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.backupallfresh2030.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_12_18; reference:url, urlhaus.abuse.ch/url/3736212/; classtype:trojan-activity;sid:84599312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735974)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.187.6.236"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_12_18; reference:url, urlhaus.abuse.ch/url/3735974/; classtype:trojan-activity;sid:84599074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735070)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.30.204.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735070/; classtype:trojan-activity;sid:84598170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735054)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.204.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735054/; classtype:trojan-activity;sid:84598154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735048)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.204.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735048/; classtype:trojan-activity;sid:84598148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735049)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.204.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735049/; classtype:trojan-activity;sid:84598149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735042)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"183.30.204.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735042/; classtype:trojan-activity;sid:84598142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735040)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.204.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735040/; classtype:trojan-activity;sid:84598140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735041)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.30.204.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735041/; classtype:trojan-activity;sid:84598141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3734704)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.161.245.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_16; reference:url, urlhaus.abuse.ch/url/3734704/; classtype:trojan-activity;sid:84597804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3734705)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.198.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_16; reference:url, urlhaus.abuse.ch/url/3734705/; classtype:trojan-activity;sid:84597805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3734700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.6.196.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_16; reference:url, urlhaus.abuse.ch/url/3734700/; classtype:trojan-activity;sid:84597800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733913)"; flow:established,from_client; content:"GET"; http_method; content:"/usr/uploads/file/202002/20200210195059_78353.rar"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"zhigao5191.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_15; reference:url, urlhaus.abuse.ch/url/3733913/; classtype:trojan-activity;sid:84597013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733907)"; flow:established,from_client; content:"GET"; http_method; content:"/editor%e6%b1%89%e5%8c%96%e7%89%88.rar"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"zycdjz.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_15; reference:url, urlhaus.abuse.ch/url/3733907/; classtype:trojan-activity;sid:84597007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733895)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.255.229.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_15; reference:url, urlhaus.abuse.ch/url/3733895/; classtype:trojan-activity;sid:84596995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733819)"; flow:established,from_client; content:"GET"; http_method; content:"/liljaber/am/raw/refs/heads/main/shellhost.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_15; reference:url, urlhaus.abuse.ch/url/3733819/; classtype:trojan-activity;sid:84596919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"129.0.120.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_13; reference:url, urlhaus.abuse.ch/url/3733042/; classtype:trojan-activity;sid:84596142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.75.193.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732386/; classtype:trojan-activity;sid:84595486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732378)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.39.215.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732378/; classtype:trojan-activity;sid:84595478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732133)"; flow:established,from_client; content:"GET"; http_method; content:"/eathena/tools/bymyzter/eabackup.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"paradox924x.pages.dev"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732133/; classtype:trojan-activity;sid:84595233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732129)"; flow:established,from_client; content:"GET"; http_method; content:"/eathena/tools/bybakausagi/spr_conview_v0.11.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"paradox924x.pages.dev"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732129/; classtype:trojan-activity;sid:84595229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731630)"; flow:established,from_client; content:"GET"; http_method; content:"/modelo/cr.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"joyeriatauro.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_12_11; reference:url, urlhaus.abuse.ch/url/3731630/; classtype:trojan-activity;sid:84594730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731351)"; flow:established,from_client; content:"GET"; http_method; content:"/modelo/v1d.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"joyeriatauro.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_12_11; reference:url, urlhaus.abuse.ch/url/3731351/; classtype:trojan-activity;sid:84594451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731347)"; flow:established,from_client; content:"GET"; http_method; content:"/modelo/c1i.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"joyeriatauro.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_12_11; reference:url, urlhaus.abuse.ch/url/3731347/; classtype:trojan-activity;sid:84594447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731286)"; flow:established,from_client; content:"GET"; http_method; content:"/nalleysh/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731286/; classtype:trojan-activity;sid:84594386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731287)"; flow:established,from_client; content:"GET"; http_method; content:"/el1nns/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731287/; classtype:trojan-activity;sid:84594387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731283)"; flow:established,from_client; content:"GET"; http_method; content:"/d3xxth/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731283/; classtype:trojan-activity;sid:84594383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731275)"; flow:established,from_client; content:"GET"; http_method; content:"/creyty1h/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731275/; classtype:trojan-activity;sid:84594375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731271)"; flow:established,from_client; content:"GET"; http_method; content:"/v1llenth/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731271/; classtype:trojan-activity;sid:84594371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731257)"; flow:established,from_client; content:"GET"; http_method; content:"/rayn1e/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731257/; classtype:trojan-activity;sid:84594357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731244)"; flow:established,from_client; content:"GET"; http_method; content:"/colleshake/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731244/; classtype:trojan-activity;sid:84594344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731243)"; flow:established,from_client; content:"GET"; http_method; content:"/arcellys/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731243/; classtype:trojan-activity;sid:84594343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731242)"; flow:established,from_client; content:"GET"; http_method; content:"/n1elcery/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731242/; classtype:trojan-activity;sid:84594342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731239)"; flow:established,from_client; content:"GET"; http_method; content:"/recctan1o/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731239/; classtype:trojan-activity;sid:84594339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731238)"; flow:established,from_client; content:"GET"; http_method; content:"/kesslyy27/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731238/; classtype:trojan-activity;sid:84594338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731232)"; flow:established,from_client; content:"GET"; http_method; content:"/ssten1/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731232/; classtype:trojan-activity;sid:84594332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.255.229.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731161/; classtype:trojan-activity;sid:84594261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730754)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730754/; classtype:trojan-activity;sid:84593854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730727)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730727/; classtype:trojan-activity;sid:84593827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730681)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730681/; classtype:trojan-activity;sid:84593781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730669)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730669/; classtype:trojan-activity;sid:84593769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730651)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730651/; classtype:trojan-activity;sid:84593751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729861)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"180.76.141.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_09; reference:url, urlhaus.abuse.ch/url/3729861/; classtype:trojan-activity;sid:84592961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729416)"; flow:established,from_client; content:"GET"; http_method; content:"/js/panel/uploads/optimized_msi.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"bvaco.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_12_08; reference:url, urlhaus.abuse.ch/url/3729416/; classtype:trojan-activity;sid:84592516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729248)"; flow:established,from_client; content:"GET"; http_method; content:"/static/clean/clean.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"static.youdm.cn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_08; reference:url, urlhaus.abuse.ch/url/3729248/; classtype:trojan-activity;sid:84592348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729188)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.89.95.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_12_08; reference:url, urlhaus.abuse.ch/url/3729188/; classtype:trojan-activity;sid:84592288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3727342)"; flow:established,from_client; content:"GET"; http_method; content:"/01.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.32.169.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_06; reference:url, urlhaus.abuse.ch/url/3727342/; classtype:trojan-activity;sid:84590442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3726789)"; flow:established,from_client; content:"GET"; http_method; content:"/test"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.11.240.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_06; reference:url, urlhaus.abuse.ch/url/3726789/; classtype:trojan-activity;sid:84589889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3726005)"; flow:established,from_client; content:"GET"; http_method; content:"/receipt_11_26_2025.msi"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"alineeleuterio.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_12_05; reference:url, urlhaus.abuse.ch/url/3726005/; classtype:trojan-activity;sid:84589105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3725395)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"182.73.129.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3725395/; classtype:trojan-activity;sid:84588495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3725201)"; flow:established,from_client; content:"GET"; http_method; content:"/file/redmi%20ax3000/%e8%b7%af%e7%94%b1%e5%99%a8%e4%bf%ae%e5%a4%8d%e5%b7%a5%e5%85%b7/miwifirepairtool.x86.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"hzxcaq-github-io.pages.dev"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3725201/; classtype:trojan-activity;sid:84588301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3725126)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.149.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3725126/; classtype:trojan-activity;sid:84588226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724888)"; flow:established,from_client; content:"GET"; http_method; content:"/gretech/promotion_sw/gomplayer/fastping_silent_v4.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"cdn.gomlab.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3724888/; classtype:trojan-activity;sid:84587988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/linux/linux.tar.gz"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"miner.pages.dev"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3724884/; classtype:trojan-activity;sid:84587984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win/miner.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"miner.pages.dev"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3724883/; classtype:trojan-activity;sid:84587983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724235)"; flow:established,from_client; content:"GET"; http_method; content:"/fecund.lpk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.mobimpex.ro"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3724235/; classtype:trojan-activity;sid:84587335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724236)"; flow:established,from_client; content:"GET"; http_method; content:"/hrcxpywfcshe8.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.mobimpex.ro"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3724236/; classtype:trojan-activity;sid:84587336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724034)"; flow:established,from_client; content:"GET"; http_method; content:"/res/keditor/2019_11/3c7a829a_893c_4f02_a407_6b0918c321c2.rar"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"en.taichuan.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3724034/; classtype:trojan-activity;sid:84587134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3723880)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoftbs.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"120.48.115.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3723880/; classtype:trojan-activity;sid:84586980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722913)"; flow:established,from_client; content:"GET"; http_method; content:"/fent.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.95.248.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722913/; classtype:trojan-activity;sid:84586013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722915)"; flow:established,from_client; content:"GET"; http_method; content:"/fent.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.95.248.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722915/; classtype:trojan-activity;sid:84586015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.219.58.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_01; reference:url, urlhaus.abuse.ch/url/3722385/; classtype:trojan-activity;sid:84585485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722069)"; flow:established,from_client; content:"GET"; http_method; content:"/app/top8bet.apk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"top8onlinegame.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_12_01; reference:url, urlhaus.abuse.ch/url/3722069/; classtype:trojan-activity;sid:84585169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3721465)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"72.201.150.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_30; reference:url, urlhaus.abuse.ch/url/3721465/; classtype:trojan-activity;sid:84584565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3721052)"; flow:established,from_client; content:"GET"; http_method; content:"/download/%e5%a5%87%e5%a6%99%e5%8a%a0%e9%80%9f%e5%99%a8_2_10004379.exe/%c3%a5%c2%a5%c2%87%c3%a5%c2%a6%c2%99%c3%a5%c2%8a%c2%a0%c3%a9%c2%80%c2%9f%c3%a5%c2%99%c2%a8_2_10004379.exe/%c3%83%c2%a5%c3%82%c2%a5%c3%82%c2%87%c3%83%c2%a5%c3%82%c2%a6%c3%82%c2%99%c3%83%25...~311~...%ef%bf%bd%c3%82%c2%a8_2_10004379.exe"; http_uri; depth:305; isdataat:!1,relative; nocase; content:"pvsa.gxfugy.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_30; reference:url, urlhaus.abuse.ch/url/3721052/; classtype:trojan-activity;sid:84584152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720848)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.235.210.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_30; reference:url, urlhaus.abuse.ch/url/3720848/; classtype:trojan-activity;sid:84583948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.235.210.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_30; reference:url, urlhaus.abuse.ch/url/3720849/; classtype:trojan-activity;sid:84583949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720416)"; flow:established,from_client; content:"GET"; http_method; content:"/payment_receipt_11_28_2025.msi"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"vizyonuniversitesi.com.tr"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720416/; classtype:trojan-activity;sid:84583516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720403)"; flow:established,from_client; content:"GET"; http_method; content:"/gmssetupx86.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185-55-196-13.cprapid.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720403/; classtype:trojan-activity;sid:84583503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720339)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720339/; classtype:trojan-activity;sid:84583439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720337)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720337/; classtype:trojan-activity;sid:84583437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720336)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/av.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720336/; classtype:trojan-activity;sid:84583436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720335)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720335/; classtype:trojan-activity;sid:84583435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720330)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/video.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720330/; classtype:trojan-activity;sid:84583430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720331)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/av.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720331/; classtype:trojan-activity;sid:84583431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720332)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720332/; classtype:trojan-activity;sid:84583432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720333)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/photo.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720333/; classtype:trojan-activity;sid:84583433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720334)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720334/; classtype:trojan-activity;sid:84583434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720329)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/photo.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720329/; classtype:trojan-activity;sid:84583429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720327)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720327/; classtype:trojan-activity;sid:84583427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720328)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/video.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720328/; classtype:trojan-activity;sid:84583428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720042)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.0.222.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720042/; classtype:trojan-activity;sid:84583142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720037)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.0.222.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720037/; classtype:trojan-activity;sid:84583137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3719973)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.0.222.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3719973/; classtype:trojan-activity;sid:84583073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3718843)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.66.224.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_28; reference:url, urlhaus.abuse.ch/url/3718843/; classtype:trojan-activity;sid:84581943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3718114)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.33.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_27; reference:url, urlhaus.abuse.ch/url/3718114/; classtype:trojan-activity;sid:84581214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3717880)"; flow:established,from_client; content:"GET"; http_method; content:"/newwfs/support/customfont.apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"upaicdn.xinmei365.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_27; reference:url, urlhaus.abuse.ch/url/3717880/; classtype:trojan-activity;sid:84580980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3717867)"; flow:established,from_client; content:"GET"; http_method; content:"/download/adan/utils/mudtime.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"paccbet.pages.dev"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_27; reference:url, urlhaus.abuse.ch/url/3717867/; classtype:trojan-activity;sid:84580967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716961)"; flow:established,from_client; content:"GET"; http_method; content:"/krzysztofadamczewski/nanocore-rat/raw/refs/heads/master/nanocore_portable.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_26; reference:url, urlhaus.abuse.ch/url/3716961/; classtype:trojan-activity;sid:84580061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716962)"; flow:established,from_client; content:"GET"; http_method; content:"/pafh99/nanocore-rat-2/raw/refs/heads/master/nanocore_portable.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_26; reference:url, urlhaus.abuse.ch/url/3716962/; classtype:trojan-activity;sid:84580062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716299)"; flow:established,from_client; content:"GET"; http_method; content:"/clientbin/dowonline.installer.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"dowonline.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_25; reference:url, urlhaus.abuse.ch/url/3716299/; classtype:trojan-activity;sid:84579399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716290)"; flow:established,from_client; content:"GET"; http_method; content:"/baixar/suporte%20winxp-7-8.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"compuserviceonline.com.br"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_25; reference:url, urlhaus.abuse.ch/url/3716290/; classtype:trojan-activity;sid:84579390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716195)"; flow:established,from_client; content:"GET"; http_method; content:"/application/workspace/15/15d4031688cbb71def72a06cf15d7fa1/installer_%e6%99%ba%e8%83%bd%e7%bf%bb%e8%af%91%e5%ae%98_r1.7.9.exe"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"download2.huduntech.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_25; reference:url, urlhaus.abuse.ch/url/3716195/; classtype:trojan-activity;sid:84579295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715638)"; flow:established,from_client; content:"GET"; http_method; content:"/37/cqsj/official/37cqsj.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"d.wanyouxi7.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_24; reference:url, urlhaus.abuse.ch/url/3715638/; classtype:trojan-activity;sid:84578738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715587)"; flow:established,from_client; content:"GET"; http_method; content:"/elc/filesave/setupfile/edmslaunchersetup.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"lcportal.kbinsure.co.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_24; reference:url, urlhaus.abuse.ch/url/3715587/; classtype:trojan-activity;sid:84578687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715579)"; flow:established,from_client; content:"GET"; http_method; content:"/dropfix"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cdn.novoline.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_24; reference:url, urlhaus.abuse.ch/url/3715579/; classtype:trojan-activity;sid:84578679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715175)"; flow:established,from_client; content:"GET"; http_method; content:"/fo-wsftp605.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"landonirwin.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3715175/; classtype:trojan-activity;sid:84578275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714635)"; flow:established,from_client; content:"GET"; http_method; content:"/app/linux.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"prepstarcenter.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3714635/; classtype:trojan-activity;sid:84577735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714116)"; flow:established,from_client; content:"GET"; http_method; content:"/wizvera/delfino/down/delfino-g3-sha2.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"www.hwgeneralins.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_22; reference:url, urlhaus.abuse.ch/url/3714116/; classtype:trojan-activity;sid:84577216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714095)"; flow:established,from_client; content:"GET"; http_method; content:"/k1_351.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"app.appzcvb.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_22; reference:url, urlhaus.abuse.ch/url/3714095/; classtype:trojan-activity;sid:84577195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713850)"; flow:established,from_client; content:"GET"; http_method; content:"/cleaner"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gutando.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_22; reference:url, urlhaus.abuse.ch/url/3713850/; classtype:trojan-activity;sid:84576950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713493)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.190.74.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_21; reference:url, urlhaus.abuse.ch/url/3713493/; classtype:trojan-activity;sid:84576593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713469)"; flow:established,from_client; content:"GET"; http_method; content:"/stage1.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fb6390d5.infinityindians.pages.dev"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_21; reference:url, urlhaus.abuse.ch/url/3713469/; classtype:trojan-activity;sid:84576569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713470)"; flow:established,from_client; content:"GET"; http_method; content:"/amsibypass.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fb6390d5.infinityindians.pages.dev"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_21; reference:url, urlhaus.abuse.ch/url/3713470/; classtype:trojan-activity;sid:84576570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713467)"; flow:established,from_client; content:"GET"; http_method; content:"/files/bexitor%20installer.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"matthewsigmondv5.pages.dev"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_21; reference:url, urlhaus.abuse.ch/url/3713467/; classtype:trojan-activity;sid:84576567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712862)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"syn-096-011-145-107.biz.spectrum.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712862/; classtype:trojan-activity;sid:84575962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712861)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"syn-096-011-145-107.biz.spectrum.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712861/; classtype:trojan-activity;sid:84575961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712796)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712796/; classtype:trojan-activity;sid:84575896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712795)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712795/; classtype:trojan-activity;sid:84575895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712793)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712793/; classtype:trojan-activity;sid:84575893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712794)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/video.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712794/; classtype:trojan-activity;sid:84575894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712791)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/photo.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712791/; classtype:trojan-activity;sid:84575891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712792)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/av.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712792/; classtype:trojan-activity;sid:84575892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712790)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712790/; classtype:trojan-activity;sid:84575890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712787)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/av.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712787/; classtype:trojan-activity;sid:84575887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712788)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712788/; classtype:trojan-activity;sid:84575888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712789)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/photo.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712789/; classtype:trojan-activity;sid:84575889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712785)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712785/; classtype:trojan-activity;sid:84575885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712786)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/video.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712786/; classtype:trojan-activity;sid:84575886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712393)"; flow:established,from_client; content:"GET"; http_method; content:"/d/gof.com.my/gz2v8w/y0qt8nphhv1v"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"smartermail.host"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712393/; classtype:trojan-activity;sid:84575493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/horioninjector.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"horion-static.pages.dev"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_19; reference:url, urlhaus.abuse.ch/url/3712017/; classtype:trojan-activity;sid:84575117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711792)"; flow:established,from_client; content:"GET"; http_method; content:"/bog.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bombayonline.in"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_19; reference:url, urlhaus.abuse.ch/url/3711792/; classtype:trojan-activity;sid:84574892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711282)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.236.149.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711282/; classtype:trojan-activity;sid:84574382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711278)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.121.137.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711278/; classtype:trojan-activity;sid:84574378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.154.90.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711212/; classtype:trojan-activity;sid:84574312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710993)"; flow:established,from_client; content:"GET"; http_method; content:"/sfyhmsqlexrtjetiqydog74.bin"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"dexios.co.za"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3710993/; classtype:trojan-activity;sid:84574093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710988)"; flow:established,from_client; content:"GET"; http_method; content:"/brkopsluth.emz"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dexios.co.za"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3710988/; classtype:trojan-activity;sid:84574088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"rheddh.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710456/; classtype:trojan-activity;sid:84573556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-19/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710416/; classtype:trojan-activity;sid:84573516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710412)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_42625_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710412/; classtype:trojan-activity;sid:84573512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710404)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-29/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710404/; classtype:trojan-activity;sid:84573504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710402)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_71024_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710402/; classtype:trojan-activity;sid:84573502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710394)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-03-23/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710394/; classtype:trojan-activity;sid:84573494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710388)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-05-03/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710388/; classtype:trojan-activity;sid:84573488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-04-23/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710390/; classtype:trojan-activity;sid:84573490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-10-11/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710385/; classtype:trojan-activity;sid:84573485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-05-20/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710383/; classtype:trojan-activity;sid:84573483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-05-21/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710380/; classtype:trojan-activity;sid:84573480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-02-26/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710370/; classtype:trojan-activity;sid:84573470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-27/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710371/; classtype:trojan-activity;sid:84573471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-28/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710374/; classtype:trojan-activity;sid:84573474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710362)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-09-25/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710362/; classtype:trojan-activity;sid:84573462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710355)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_42425_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710355/; classtype:trojan-activity;sid:84573455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710351)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-06-22/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710351/; classtype:trojan-activity;sid:84573451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710352)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_41724_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710352/; classtype:trojan-activity;sid:84573452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-07-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710353/; classtype:trojan-activity;sid:84573453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2023-02-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710340/; classtype:trojan-activity;sid:84573440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710341)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-07-05/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710341/; classtype:trojan-activity;sid:84573441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-07-27/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710343/; classtype:trojan-activity;sid:84573443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710334)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-06/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710334/; classtype:trojan-activity;sid:84573434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-05-11/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710323/; classtype:trojan-activity;sid:84573423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-11-22/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710327/; classtype:trojan-activity;sid:84573427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710315)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_3925_mahal-node2/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710315/; classtype:trojan-activity;sid:84573415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710316)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-09-28/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710316/; classtype:trojan-activity;sid:84573416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710318)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-12-23/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710318/; classtype:trojan-activity;sid:84573418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710319)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_10825_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710319/; classtype:trojan-activity;sid:84573419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-05-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710311/; classtype:trojan-activity;sid:84573411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710313)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-12-14/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710313/; classtype:trojan-activity;sid:84573413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710309)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_32824_mahal-server/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710309/; classtype:trojan-activity;sid:84573409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710306/; classtype:trojan-activity;sid:84573406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-26/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710293/; classtype:trojan-activity;sid:84573393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-10-06/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710285/; classtype:trojan-activity;sid:84573385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710287)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-21/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710287/; classtype:trojan-activity;sid:84573387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-05-18/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710288/; classtype:trojan-activity;sid:84573388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-07-22/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710289/; classtype:trojan-activity;sid:84573389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-04-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710290/; classtype:trojan-activity;sid:84573390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2021-05-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710291/; classtype:trojan-activity;sid:84573391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-20/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710284/; classtype:trojan-activity;sid:84573384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710207)"; flow:established,from_client; content:"GET"; http_method; content:"/offlinepackv4.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dl.360safe.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710207/; classtype:trojan-activity;sid:84573307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710011)"; flow:established,from_client; content:"GET"; http_method; content:"/soulclientwtf/lnk/raw/refs/heads/main/execute"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_16; reference:url, urlhaus.abuse.ch/url/3710011/; classtype:trojan-activity;sid:84573111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710010)"; flow:established,from_client; content:"GET"; http_method; content:"/soulclientwtf/lnk/refs/heads/main/execute"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_16; reference:url, urlhaus.abuse.ch/url/3710010/; classtype:trojan-activity;sid:84573110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-01-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709309/; classtype:trojan-activity;sid:84572409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-03-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709292/; classtype:trojan-activity;sid:84572392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709293/; classtype:trojan-activity;sid:84572393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709294)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-03-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709294/; classtype:trojan-activity;sid:84572394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-10-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709295/; classtype:trojan-activity;sid:84572395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709296)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709296/; classtype:trojan-activity;sid:84572396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709298)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-08-23/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709298/; classtype:trojan-activity;sid:84572398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709299)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-10-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709299/; classtype:trojan-activity;sid:84572399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-08-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709300/; classtype:trojan-activity;sid:84572400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709301)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-05-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709301/; classtype:trojan-activity;sid:84572401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709302)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-10-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709302/; classtype:trojan-activity;sid:84572402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-03-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709303/; classtype:trojan-activity;sid:84572403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-05-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709304/; classtype:trojan-activity;sid:84572404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709305/; classtype:trojan-activity;sid:84572405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-08-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709288/; classtype:trojan-activity;sid:84572388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709290/; classtype:trojan-activity;sid:84572390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2024-01-26/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709291/; classtype:trojan-activity;sid:84572391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709272)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-07-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709272/; classtype:trojan-activity;sid:84572372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709273)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-08-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709273/; classtype:trojan-activity;sid:84572373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-08-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709274/; classtype:trojan-activity;sid:84572374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709275)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-04-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709275/; classtype:trojan-activity;sid:84572375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709276/; classtype:trojan-activity;sid:84572376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709277)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2022-01-20/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709277/; classtype:trojan-activity;sid:84572377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709278/; classtype:trojan-activity;sid:84572378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709280)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-06-29/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709280/; classtype:trojan-activity;sid:84572380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-05-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709281/; classtype:trojan-activity;sid:84572381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709284/; classtype:trojan-activity;sid:84572384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-10-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709285/; classtype:trojan-activity;sid:84572385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-11-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709286/; classtype:trojan-activity;sid:84572386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709287)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-10-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709287/; classtype:trojan-activity;sid:84572387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709269)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_82624_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709269/; classtype:trojan-activity;sid:84572369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-29/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709270/; classtype:trojan-activity;sid:84572370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2020-10-10/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709271/; classtype:trojan-activity;sid:84572371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709267)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-02-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709267/; classtype:trojan-activity;sid:84572367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709255)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-01-29/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709255/; classtype:trojan-activity;sid:84572355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-11-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709256/; classtype:trojan-activity;sid:84572356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-07-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709257/; classtype:trojan-activity;sid:84572357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709258)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-06-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709258/; classtype:trojan-activity;sid:84572358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-11-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709259/; classtype:trojan-activity;sid:84572359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-03-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709261/; classtype:trojan-activity;sid:84572361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000162/2022-03-02/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709262/; classtype:trojan-activity;sid:84572362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709263)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-08-31/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709263/; classtype:trojan-activity;sid:84572363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709264)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-05-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709264/; classtype:trojan-activity;sid:84572364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-03-03/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709248/; classtype:trojan-activity;sid:84572348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709249)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-08-24/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709249/; classtype:trojan-activity;sid:84572349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709250/; classtype:trojan-activity;sid:84572350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709251)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-11-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709251/; classtype:trojan-activity;sid:84572351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709252)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-06-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709252/; classtype:trojan-activity;sid:84572352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709253)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2024-01-17/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709253/; classtype:trojan-activity;sid:84572353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709254)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-11-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709254/; classtype:trojan-activity;sid:84572354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-03-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709244/; classtype:trojan-activity;sid:84572344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709245/; classtype:trojan-activity;sid:84572345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709246)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-09-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709246/; classtype:trojan-activity;sid:84572346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-01-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709247/; classtype:trojan-activity;sid:84572347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709240)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709240/; classtype:trojan-activity;sid:84572340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709241)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-07-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709241/; classtype:trojan-activity;sid:84572341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709242/; classtype:trojan-activity;sid:84572342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-02-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709239/; classtype:trojan-activity;sid:84572339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-11-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709234/; classtype:trojan-activity;sid:84572334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709235)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709235/; classtype:trojan-activity;sid:84572335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709236/; classtype:trojan-activity;sid:84572336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709237)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709237/; classtype:trojan-activity;sid:84572337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-07-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709238/; classtype:trojan-activity;sid:84572338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709228)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-01-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709228/; classtype:trojan-activity;sid:84572328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709229)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-03-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709229/; classtype:trojan-activity;sid:84572329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000162/2022-07-22/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709230/; classtype:trojan-activity;sid:84572330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-10-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709231/; classtype:trojan-activity;sid:84572331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709232)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-10-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709232/; classtype:trojan-activity;sid:84572332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709233/; classtype:trojan-activity;sid:84572333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2019-07-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709220/; classtype:trojan-activity;sid:84572320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709221)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-03-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709221/; classtype:trojan-activity;sid:84572321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-11-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709222/; classtype:trojan-activity;sid:84572322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709223)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-07-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709223/; classtype:trojan-activity;sid:84572323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709224)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-12-26/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709224/; classtype:trojan-activity;sid:84572324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709225)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-03-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709225/; classtype:trojan-activity;sid:84572325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709227)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-03-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709227/; classtype:trojan-activity;sid:84572327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709218)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-03-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709218/; classtype:trojan-activity;sid:84572318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709217)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-06-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709217/; classtype:trojan-activity;sid:84572317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-01-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709213/; classtype:trojan-activity;sid:84572313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-01-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709214/; classtype:trojan-activity;sid:84572314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709209/; classtype:trojan-activity;sid:84572309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709210)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-07-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709210/; classtype:trojan-activity;sid:84572310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709211)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709211/; classtype:trojan-activity;sid:84572311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709212)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2023-06-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709212/; classtype:trojan-activity;sid:84572312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000162/2022-03-06/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709201/; classtype:trojan-activity;sid:84572301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709202)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-03-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709202/; classtype:trojan-activity;sid:84572302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709203)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709203/; classtype:trojan-activity;sid:84572303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2020-10-12/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709204/; classtype:trojan-activity;sid:84572304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709205/; classtype:trojan-activity;sid:84572305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709206)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-03-02/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709206/; classtype:trojan-activity;sid:84572306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709207)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-02-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709207/; classtype:trojan-activity;sid:84572307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-04-04/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709193/; classtype:trojan-activity;sid:84572293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709194)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709194/; classtype:trojan-activity;sid:84572294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-05-01/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709195/; classtype:trojan-activity;sid:84572295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-05-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709196/; classtype:trojan-activity;sid:84572296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709197)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709197/; classtype:trojan-activity;sid:84572297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709199)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709199/; classtype:trojan-activity;sid:84572299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2019-10-15/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709200/; classtype:trojan-activity;sid:84572300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2020-07-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709192/; classtype:trojan-activity;sid:84572292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709190)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-01-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709190/; classtype:trojan-activity;sid:84572290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-11-28/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709191/; classtype:trojan-activity;sid:84572291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-07-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709186/; classtype:trojan-activity;sid:84572286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-10-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709187/; classtype:trojan-activity;sid:84572287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-07-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709188/; classtype:trojan-activity;sid:84572288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2025-01-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709175/; classtype:trojan-activity;sid:84572275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-05-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709176/; classtype:trojan-activity;sid:84572276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-01-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709177/; classtype:trojan-activity;sid:84572277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-09-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709178/; classtype:trojan-activity;sid:84572278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709179/; classtype:trojan-activity;sid:84572279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-09-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709180/; classtype:trojan-activity;sid:84572280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709181/; classtype:trojan-activity;sid:84572281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709182)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709182/; classtype:trojan-activity;sid:84572282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-03-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709184/; classtype:trojan-activity;sid:84572284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709185)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-08-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709185/; classtype:trojan-activity;sid:84572285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-07-17/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709165/; classtype:trojan-activity;sid:84572265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-07-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709166/; classtype:trojan-activity;sid:84572266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000162/2024-01-22/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709167/; classtype:trojan-activity;sid:84572267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2022-01-27/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709168/; classtype:trojan-activity;sid:84572268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-06-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709169/; classtype:trojan-activity;sid:84572269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-01-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709170/; classtype:trojan-activity;sid:84572270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709171/; classtype:trojan-activity;sid:84572271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-11-15/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709172/; classtype:trojan-activity;sid:84572272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-12-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709173/; classtype:trojan-activity;sid:84572273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-07-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709163/; classtype:trojan-activity;sid:84572263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-08-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709161/; classtype:trojan-activity;sid:84572261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-03-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709162/; classtype:trojan-activity;sid:84572262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-01-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709159/; classtype:trojan-activity;sid:84572259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709158/; classtype:trojan-activity;sid:84572258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000758/2022-03-02/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709152/; classtype:trojan-activity;sid:84572252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709153)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2019-10-17/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709153/; classtype:trojan-activity;sid:84572253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2024-01-24/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709154/; classtype:trojan-activity;sid:84572254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-06-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709155/; classtype:trojan-activity;sid:84572255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-01-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709156/; classtype:trojan-activity;sid:84572256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709157)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2023-08-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709157/; classtype:trojan-activity;sid:84572257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-05-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709143/; classtype:trojan-activity;sid:84572243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-10-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709144/; classtype:trojan-activity;sid:84572244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-10-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709145/; classtype:trojan-activity;sid:84572245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-07-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709147/; classtype:trojan-activity;sid:84572247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-05-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709148/; classtype:trojan-activity;sid:84572248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709149/; classtype:trojan-activity;sid:84572249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-10-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709150/; classtype:trojan-activity;sid:84572250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-05-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709151/; classtype:trojan-activity;sid:84572251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-09-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709140/; classtype:trojan-activity;sid:84572240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-10-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709141/; classtype:trojan-activity;sid:84572241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709139)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-08-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709139/; classtype:trojan-activity;sid:84572239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-11-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709138/; classtype:trojan-activity;sid:84572238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-11-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709129/; classtype:trojan-activity;sid:84572229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-08-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709130/; classtype:trojan-activity;sid:84572230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709131/; classtype:trojan-activity;sid:84572231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2019-05-31/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709132/; classtype:trojan-activity;sid:84572232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709133/; classtype:trojan-activity;sid:84572233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-11-27/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709135/; classtype:trojan-activity;sid:84572235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-06-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709136/; classtype:trojan-activity;sid:84572236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709128/; classtype:trojan-activity;sid:84572228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-09-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709112/; classtype:trojan-activity;sid:84572212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-10-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709113/; classtype:trojan-activity;sid:84572213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-11-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709114/; classtype:trojan-activity;sid:84572214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-04-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709115/; classtype:trojan-activity;sid:84572215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-03-17/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709116/; classtype:trojan-activity;sid:84572216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709117/; classtype:trojan-activity;sid:84572217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-11-25/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709118/; classtype:trojan-activity;sid:84572218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-12-31/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709119/; classtype:trojan-activity;sid:84572219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-03-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709120/; classtype:trojan-activity;sid:84572220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-08-16/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709121/; classtype:trojan-activity;sid:84572221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709122)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_92825_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709122/; classtype:trojan-activity;sid:84572222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709123/; classtype:trojan-activity;sid:84572223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-06-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709124/; classtype:trojan-activity;sid:84572224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709126)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-03-16/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709126/; classtype:trojan-activity;sid:84572226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709109/; classtype:trojan-activity;sid:84572209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-06-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709111/; classtype:trojan-activity;sid:84572211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709104/; classtype:trojan-activity;sid:84572204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709105/; classtype:trojan-activity;sid:84572205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-08-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709107/; classtype:trojan-activity;sid:84572207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709108/; classtype:trojan-activity;sid:84572208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709102)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_51125_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709102/; classtype:trojan-activity;sid:84572202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-09-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709103/; classtype:trojan-activity;sid:84572203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-10-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709096/; classtype:trojan-activity;sid:84572196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-03-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709097/; classtype:trojan-activity;sid:84572197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709098/; classtype:trojan-activity;sid:84572198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-12-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709099/; classtype:trojan-activity;sid:84572199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-07-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709100/; classtype:trojan-activity;sid:84572200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000324/2024-01-02/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709101/; classtype:trojan-activity;sid:84572201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-01-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709088/; classtype:trojan-activity;sid:84572188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-10-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709089/; classtype:trojan-activity;sid:84572189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-11-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709090/; classtype:trojan-activity;sid:84572190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709091/; classtype:trojan-activity;sid:84572191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709092/; classtype:trojan-activity;sid:84572192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2022-10-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709093/; classtype:trojan-activity;sid:84572193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-03-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709078/; classtype:trojan-activity;sid:84572178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-09-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709079/; classtype:trojan-activity;sid:84572179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-09-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709080/; classtype:trojan-activity;sid:84572180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-09-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709081/; classtype:trojan-activity;sid:84572181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709083/; classtype:trojan-activity;sid:84572183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-17/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709084/; classtype:trojan-activity;sid:84572184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-11-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709085/; classtype:trojan-activity;sid:84572185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709086/; classtype:trojan-activity;sid:84572186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709087/; classtype:trojan-activity;sid:84572187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709075/; classtype:trojan-activity;sid:84572175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-01-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709076/; classtype:trojan-activity;sid:84572176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-05-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709077/; classtype:trojan-activity;sid:84572177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-06-24/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709054/; classtype:trojan-activity;sid:84572154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709055/; classtype:trojan-activity;sid:84572155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-09-26/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709056/; classtype:trojan-activity;sid:84572156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-06-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709057/; classtype:trojan-activity;sid:84572157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-12-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709058/; classtype:trojan-activity;sid:84572158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-07-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709059/; classtype:trojan-activity;sid:84572159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-02-20/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709060/; classtype:trojan-activity;sid:84572160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-02-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709061/; classtype:trojan-activity;sid:84572161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-07-17/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709062/; classtype:trojan-activity;sid:84572162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-07-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709063/; classtype:trojan-activity;sid:84572163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-10-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709064/; classtype:trojan-activity;sid:84572164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-06-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709065/; classtype:trojan-activity;sid:84572165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-11-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709066/; classtype:trojan-activity;sid:84572166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709067/; classtype:trojan-activity;sid:84572167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-03-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709068/; classtype:trojan-activity;sid:84572168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-01-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709069/; classtype:trojan-activity;sid:84572169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-07-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709070/; classtype:trojan-activity;sid:84572170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709072)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-09-29/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709072/; classtype:trojan-activity;sid:84572172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-11-18/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709042/; classtype:trojan-activity;sid:84572142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-09-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709043/; classtype:trojan-activity;sid:84572143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-09-17/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709044/; classtype:trojan-activity;sid:84572144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709045/; classtype:trojan-activity;sid:84572145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-03-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709046/; classtype:trojan-activity;sid:84572146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-06-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709047/; classtype:trojan-activity;sid:84572147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709048/; classtype:trojan-activity;sid:84572148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-31/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709049/; classtype:trojan-activity;sid:84572149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-06-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709050/; classtype:trojan-activity;sid:84572150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-03-17/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709051/; classtype:trojan-activity;sid:84572151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-11-06/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709052/; classtype:trojan-activity;sid:84572152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-04-05/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709053/; classtype:trojan-activity;sid:84572153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3708476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.143.158.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3708476/; classtype:trojan-activity;sid:84571576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3708402)"; flow:established,from_client; content:"GET"; http_method; content:"/ourzz.wav"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"clubdetiroelpicarcho.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3708402/; classtype:trojan-activity;sid:84571502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707810)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_82224_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707810/; classtype:trojan-activity;sid:84570910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707697)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/04/pieletjf.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"theoremaoliveoil.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707697/; classtype:trojan-activity;sid:84570797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707699)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/04/pieletjf_vm.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"theoremaoliveoil.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707699/; classtype:trojan-activity;sid:84570799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704600)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704600/; classtype:trojan-activity;sid:84567700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704602)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.139.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704602/; classtype:trojan-activity;sid:84567702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.208.202.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704561/; classtype:trojan-activity;sid:84567661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704523)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704523/; classtype:trojan-activity;sid:84567623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704281)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_21625_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704281/; classtype:trojan-activity;sid:84567381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704279)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_12424_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704279/; classtype:trojan-activity;sid:84567379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704280)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_22025_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704280/; classtype:trojan-activity;sid:84567380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704277)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_12525_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704277/; classtype:trojan-activity;sid:84567377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704246)"; flow:established,from_client; content:"GET"; http_method; content:"/haozip/haozip_v6.5.2.11245.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"dl.2345.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704246/; classtype:trojan-activity;sid:84567346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704158)"; flow:established,from_client; content:"GET"; http_method; content:"/leinchchanceleinch/jik/raw/refs/heads/main/dev.msi"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704158/; classtype:trojan-activity;sid:84567258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703801)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703801/; classtype:trojan-activity;sid:84566901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703784)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_101424_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703784/; classtype:trojan-activity;sid:84566884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703785)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_10325_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703785/; classtype:trojan-activity;sid:84566885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703777)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_11424_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703777/; classtype:trojan-activity;sid:84566877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703778)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_102624_mahal-node2/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703778/; classtype:trojan-activity;sid:84566878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703767)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_61924_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703767/; classtype:trojan-activity;sid:84566867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703764)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703764/; classtype:trojan-activity;sid:84566864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703763)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_61424_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703763/; classtype:trojan-activity;sid:84566863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703759)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_82325_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703759/; classtype:trojan-activity;sid:84566859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703760)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_11125_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703760/; classtype:trojan-activity;sid:84566860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703748)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_21025_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703748/; classtype:trojan-activity;sid:84566848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703749)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_6424_mahal-node1/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703749/; classtype:trojan-activity;sid:84566849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703756)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_71824_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703756/; classtype:trojan-activity;sid:84566856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703743)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_62124_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703743/; classtype:trojan-activity;sid:84566843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703744)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_112724_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703744/; classtype:trojan-activity;sid:84566844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703745)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_101124_mahal-server/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703745/; classtype:trojan-activity;sid:84566845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703737)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_91824_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703737/; classtype:trojan-activity;sid:84566837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703738)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_10824_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703738/; classtype:trojan-activity;sid:84566838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703739)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_102524_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703739/; classtype:trojan-activity;sid:84566839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703735)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_9924_mahal-node1/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703735/; classtype:trojan-activity;sid:84566835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703736)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_52324_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703736/; classtype:trojan-activity;sid:84566836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703731)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703731/; classtype:trojan-activity;sid:84566831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703727)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_9425_mahal-node1/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703727/; classtype:trojan-activity;sid:84566827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703728)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_102124_mahal-node2/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703728/; classtype:trojan-activity;sid:84566828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703729)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_122624_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703729/; classtype:trojan-activity;sid:84566829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703175)"; flow:established,from_client; content:"GET"; http_method; content:"/prodimg/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703175/; classtype:trojan-activity;sid:84566275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703171)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703171/; classtype:trojan-activity;sid:84566271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703172)"; flow:established,from_client; content:"GET"; http_method; content:"/docimg/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703172/; classtype:trojan-activity;sid:84566272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703167)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_102124_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703167/; classtype:trojan-activity;sid:84566267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703163)"; flow:established,from_client; content:"GET"; http_method; content:"/prodimg/exportimages_42425_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703163/; classtype:trojan-activity;sid:84566263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703164)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_10124_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703164/; classtype:trojan-activity;sid:84566264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703165)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703165/; classtype:trojan-activity;sid:84566265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702746)"; flow:established,from_client; content:"GET"; http_method; content:"/dersnotlari/02/sora.jpg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.notbak.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702746/; classtype:trojan-activity;sid:84565846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702204)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702204/; classtype:trojan-activity;sid:84565304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702202)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702202/; classtype:trojan-activity;sid:84565302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702201)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702201/; classtype:trojan-activity;sid:84565301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702199)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702199/; classtype:trojan-activity;sid:84565299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702178)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702178/; classtype:trojan-activity;sid:84565278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702166)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702166/; classtype:trojan-activity;sid:84565266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702161)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702161/; classtype:trojan-activity;sid:84565261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702156)"; flow:established,from_client; content:"GET"; http_method; content:"/20250416/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702156/; classtype:trojan-activity;sid:84565256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702157)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702157/; classtype:trojan-activity;sid:84565257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702158)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702158/; classtype:trojan-activity;sid:84565258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702152)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702152/; classtype:trojan-activity;sid:84565252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702147)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702147/; classtype:trojan-activity;sid:84565247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702142)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702142/; classtype:trojan-activity;sid:84565242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702143)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702143/; classtype:trojan-activity;sid:84565243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702134)"; flow:established,from_client; content:"GET"; http_method; content:"/20250416/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702134/; classtype:trojan-activity;sid:84565234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702135)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702135/; classtype:trojan-activity;sid:84565235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702136)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702136/; classtype:trojan-activity;sid:84565236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702130)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702130/; classtype:trojan-activity;sid:84565230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702131)"; flow:established,from_client; content:"GET"; http_method; content:"/20250416/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702131/; classtype:trojan-activity;sid:84565231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702132)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702132/; classtype:trojan-activity;sid:84565232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702127)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702127/; classtype:trojan-activity;sid:84565227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702128)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702128/; classtype:trojan-activity;sid:84565228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702122)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702122/; classtype:trojan-activity;sid:84565222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702123)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702123/; classtype:trojan-activity;sid:84565223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702119)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702119/; classtype:trojan-activity;sid:84565219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702115)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702115/; classtype:trojan-activity;sid:84565215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702105)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702105/; classtype:trojan-activity;sid:84565205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702102)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702102/; classtype:trojan-activity;sid:84565202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702103)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702103/; classtype:trojan-activity;sid:84565203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701934)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701934/; classtype:trojan-activity;sid:84565034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701924)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701924/; classtype:trojan-activity;sid:84565024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701905)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701905/; classtype:trojan-activity;sid:84565005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701906)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701906/; classtype:trojan-activity;sid:84565006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701320)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.2.111.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701320/; classtype:trojan-activity;sid:84564420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701203)"; flow:established,from_client; content:"GET"; http_method; content:"/scoto.jpb"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.jozefinskiatelje.si"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701203/; classtype:trojan-activity;sid:84564303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700663)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.196.111.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700663/; classtype:trojan-activity;sid:84563763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700329)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700329/; classtype:trojan-activity;sid:84563429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700276)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700276/; classtype:trojan-activity;sid:84563376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700268)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.158.34.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700268/; classtype:trojan-activity;sid:84563368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700199)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700199/; classtype:trojan-activity;sid:84563299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700187)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.158.34.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700187/; classtype:trojan-activity;sid:84563287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700112)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700112/; classtype:trojan-activity;sid:84563212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700015)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700015/; classtype:trojan-activity;sid:84563115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699997)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699997/; classtype:trojan-activity;sid:84563097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699967)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.91.141.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699967/; classtype:trojan-activity;sid:84563067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699839)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699839/; classtype:trojan-activity;sid:84562939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699812)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699812/; classtype:trojan-activity;sid:84562912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699768)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699768/; classtype:trojan-activity;sid:84562868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699681)"; flow:established,from_client; content:"GET"; http_method; content:"/tinh_cuoc_xe/2025/thanh%20ti%c3%aan/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"103.226.249.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699681/; classtype:trojan-activity;sid:84562781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699651)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699651/; classtype:trojan-activity;sid:84562751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699578)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699578/; classtype:trojan-activity;sid:84562678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699459)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699459/; classtype:trojan-activity;sid:84562559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699462)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699462/; classtype:trojan-activity;sid:84562562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699428)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699428/; classtype:trojan-activity;sid:84562528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698699)"; flow:established,from_client; content:"GET"; http_method; content:"/reprofo.mso"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.jozefinskiatelje.si"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698699/; classtype:trojan-activity;sid:84561799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698418)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.229.126.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698418/; classtype:trojan-activity;sid:84561518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698365)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.241.74.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698365/; classtype:trojan-activity;sid:84561465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698078)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698078/; classtype:trojan-activity;sid:84561178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698077)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698077/; classtype:trojan-activity;sid:84561177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698067)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698067/; classtype:trojan-activity;sid:84561167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698070)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698070/; classtype:trojan-activity;sid:84561170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698062)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698062/; classtype:trojan-activity;sid:84561162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698059)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698059/; classtype:trojan-activity;sid:84561159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698057)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698057/; classtype:trojan-activity;sid:84561157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698058)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698058/; classtype:trojan-activity;sid:84561158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697910)"; flow:established,from_client; content:"GET"; http_method; content:"/zddtxxyxb.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697910/; classtype:trojan-activity;sid:84561010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697909)"; flow:established,from_client; content:"GET"; http_method; content:"/i24.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697909/; classtype:trojan-activity;sid:84561009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697908)"; flow:established,from_client; content:"GET"; http_method; content:"/husk.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697908/; classtype:trojan-activity;sid:84561008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697907)"; flow:established,from_client; content:"GET"; http_method; content:"/eznoted2b1405e.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697907/; classtype:trojan-activity;sid:84561007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697906)"; flow:established,from_client; content:"GET"; http_method; content:"/without_hook.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697906/; classtype:trojan-activity;sid:84561006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697870)"; flow:established,from_client; content:"GET"; http_method; content:"/husk.py"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697870/; classtype:trojan-activity;sid:84560970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697816)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697816/; classtype:trojan-activity;sid:84560916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697809)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.158.34.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697809/; classtype:trojan-activity;sid:84560909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697791)"; flow:established,from_client; content:"GET"; http_method; content:"/tran.dsp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.jozefinskiatelje.si"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697791/; classtype:trojan-activity;sid:84560891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697789)"; flow:established,from_client; content:"GET"; http_method; content:"/aibkp63.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.jozefinskiatelje.si"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697789/; classtype:trojan-activity;sid:84560889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696992)"; flow:established,from_client; content:"GET"; http_method; content:"/a1l4m/2e771fb306028fabfc8e098427181f78/raw/37f3db6b29d64f1045fb60967d6297f525ddf443/iamthedanger.txt"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"gist.githubusercontent.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696992/; classtype:trojan-activity;sid:84560092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696133)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696133/; classtype:trojan-activity;sid:84559233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696129)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696129/; classtype:trojan-activity;sid:84559229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696114)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696114/; classtype:trojan-activity;sid:84559214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696096)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696096/; classtype:trojan-activity;sid:84559196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696086)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696086/; classtype:trojan-activity;sid:84559186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696082)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696082/; classtype:trojan-activity;sid:84559182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696066)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696066/; classtype:trojan-activity;sid:84559166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696043)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.2.111.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696043/; classtype:trojan-activity;sid:84559143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696026)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696026/; classtype:trojan-activity;sid:84559126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696003)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696003/; classtype:trojan-activity;sid:84559103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696004)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696004/; classtype:trojan-activity;sid:84559104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695955)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.94.199.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695955/; classtype:trojan-activity;sid:84559055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695952)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695952/; classtype:trojan-activity;sid:84559052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695948)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695948/; classtype:trojan-activity;sid:84559048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695937)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695937/; classtype:trojan-activity;sid:84559037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695923)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695923/; classtype:trojan-activity;sid:84559023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695920)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.94.199.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695920/; classtype:trojan-activity;sid:84559020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695898)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695898/; classtype:trojan-activity;sid:84558998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695884)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.94.199.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695884/; classtype:trojan-activity;sid:84558984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695869)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695869/; classtype:trojan-activity;sid:84558969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695875)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.94.199.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695875/; classtype:trojan-activity;sid:84558975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695854)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695854/; classtype:trojan-activity;sid:84558954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695827)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695827/; classtype:trojan-activity;sid:84558927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695830)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695830/; classtype:trojan-activity;sid:84558930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695080)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.86.246.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695080/; classtype:trojan-activity;sid:84558180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691444)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.149.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691444/; classtype:trojan-activity;sid:84554544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691440)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"179.43.186.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691440/; classtype:trojan-activity;sid:84554540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.179.144.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690708/; classtype:trojan-activity;sid:84553808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689713)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.149.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689713/; classtype:trojan-activity;sid:84552813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689700)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.197.62.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689700/; classtype:trojan-activity;sid:84552800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688692)"; flow:established,from_client; content:"GET"; http_method; content:"/xmr.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688692/; classtype:trojan-activity;sid:84551792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688690)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688690/; classtype:trojan-activity;sid:84551790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688658)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688658/; classtype:trojan-activity;sid:84551758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688659)"; flow:established,from_client; content:"GET"; http_method; content:"/32.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688659/; classtype:trojan-activity;sid:84551759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688660)"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688660/; classtype:trojan-activity;sid:84551760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687916)"; flow:established,from_client; content:"GET"; http_method; content:"/y6m2uw0dgi.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"filerit.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687916/; classtype:trojan-activity;sid:84551016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687914)"; flow:established,from_client; content:"GET"; http_method; content:"/4aa9fqc792.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pub-bfc34934a91a4893817098f73415917a.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687914/; classtype:trojan-activity;sid:84551014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687753)"; flow:established,from_client; content:"GET"; http_method; content:"/zibll001/ffff/refs/heads/main/web.sh"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687753/; classtype:trojan-activity;sid:84550853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685141)"; flow:established,from_client; content:"GET"; http_method; content:"/var/albums/etkinlikler/toplanti/2013/soran.jpg.jpeg"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"galeri3.arkitera.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685141/; classtype:trojan-activity;sid:84548241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684806)"; flow:established,from_client; content:"GET"; http_method; content:"/zoom/windows/download.php"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"khoancatbetong89.vn"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684806/; classtype:trojan-activity;sid:84547906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684352)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684352/; classtype:trojan-activity;sid:84547452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684353)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684353/; classtype:trojan-activity;sid:84547453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684354)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684354/; classtype:trojan-activity;sid:84547454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684347)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684347/; classtype:trojan-activity;sid:84547447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684348)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684348/; classtype:trojan-activity;sid:84547448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684349)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684349/; classtype:trojan-activity;sid:84547449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684350)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684350/; classtype:trojan-activity;sid:84547450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684351)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684351/; classtype:trojan-activity;sid:84547451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684345)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684345/; classtype:trojan-activity;sid:84547445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683958)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.92.235.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683958/; classtype:trojan-activity;sid:84547058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683956)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.92.235.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683956/; classtype:trojan-activity;sid:84547056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683567)"; flow:established,from_client; content:"GET"; http_method; content:"/onastroll-2000f5n/5vcye/releases/download/v1.2/launcher.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683567/; classtype:trojan-activity;sid:84546667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683253)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|h=107.173.101.114|7c|26|7c|p=10000|7c|26|7c|t=tcp|7c|26|7c|a=w64|7c|26|7c|stage=true"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683253/; classtype:trojan-activity;sid:84546353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683254)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|h=107.173.101.114|7c|26|7c|p=10000|7c|26|7c|t=tcp|7c|26|7c|a=w32|7c|26|7c|stage=true"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683254/; classtype:trojan-activity;sid:84546354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683250)"; flow:established,from_client; content:"GET"; http_method; content:"/swt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683250/; classtype:trojan-activity;sid:84546350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682316)"; flow:established,from_client; content:"GET"; http_method; content:"/wheatw.pfm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tehnomag.rs"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682316/; classtype:trojan-activity;sid:84545416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682317)"; flow:established,from_client; content:"GET"; http_method; content:"/wheatw.pfm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tehnomag.rs"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682317/; classtype:trojan-activity;sid:84545417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681051)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.198.233.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681051/; classtype:trojan-activity;sid:84544151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.39.79.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681021/; classtype:trojan-activity;sid:84544121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680322)"; flow:established,from_client; content:"GET"; http_method; content:"/new/x64-setup.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"tapestryoftruth.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680322/; classtype:trojan-activity;sid:84543422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678940)"; flow:established,from_client; content:"GET"; http_method; content:"/prefiction.mp4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.sgeseducation.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678940/; classtype:trojan-activity;sid:84542040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"50.43.160.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678923/; classtype:trojan-activity;sid:84542023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.234.234.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678015/; classtype:trojan-activity;sid:84541115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.211.15.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678013/; classtype:trojan-activity;sid:84541113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677999)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.25.123.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677999/; classtype:trojan-activity;sid:84541099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677521/; classtype:trojan-activity;sid:84540621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669896)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/wp-content/build.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"serasoo.direct.quickconnect.to"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669896/; classtype:trojan-activity;sid:84532996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668647)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.24.0/xmrig-6.24.0-windows-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668647/; classtype:trojan-activity;sid:84531747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668586)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"apn-87-251-249-41.static.gprs.plus.pl"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668586/; classtype:trojan-activity;sid:84531686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667591)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667591/; classtype:trojan-activity;sid:84530691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667589)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667589/; classtype:trojan-activity;sid:84530689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667586)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667586/; classtype:trojan-activity;sid:84530686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667588)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667588/; classtype:trojan-activity;sid:84530688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667585)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667585/; classtype:trojan-activity;sid:84530685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667584)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667584/; classtype:trojan-activity;sid:84530684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667582)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667582/; classtype:trojan-activity;sid:84530682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667583)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667583/; classtype:trojan-activity;sid:84530683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666095/; classtype:trojan-activity;sid:84529195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666091/; classtype:trojan-activity;sid:84529191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665802)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665802/; classtype:trojan-activity;sid:84528902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665803)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665803/; classtype:trojan-activity;sid:84528903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665799)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665799/; classtype:trojan-activity;sid:84528899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665796)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.144.208.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665796/; classtype:trojan-activity;sid:84528896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665788)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.144.208.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665788/; classtype:trojan-activity;sid:84528888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665779)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"75.144.208.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665779/; classtype:trojan-activity;sid:84528879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665760)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.91.88.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665760/; classtype:trojan-activity;sid:84528860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665747)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.53.15.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665747/; classtype:trojan-activity;sid:84528847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665742)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.103.203.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665742/; classtype:trojan-activity;sid:84528842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665733)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.26.174.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665733/; classtype:trojan-activity;sid:84528833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665715)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"126.23.203.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665715/; classtype:trojan-activity;sid:84528815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665712)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665712/; classtype:trojan-activity;sid:84528812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665699)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665699/; classtype:trojan-activity;sid:84528799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665692)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"155.2.213.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665692/; classtype:trojan-activity;sid:84528792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665674)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"155.2.213.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665674/; classtype:trojan-activity;sid:84528774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665671)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.160.215.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665671/; classtype:trojan-activity;sid:84528771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665664)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665664/; classtype:trojan-activity;sid:84528764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665656)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665656/; classtype:trojan-activity;sid:84528756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665612)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665612/; classtype:trojan-activity;sid:84528712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662805)"; flow:established,from_client; content:"GET"; http_method; content:"/asmroyal/cd4/releases/download/cd4/cd4.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662805/; classtype:trojan-activity;sid:84525905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661435)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1afutsiefohaia02gkfjdbgn-kk91hksb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661435/; classtype:trojan-activity;sid:84524535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660738)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660738/; classtype:trojan-activity;sid:84523838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660696)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660696/; classtype:trojan-activity;sid:84523796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660690)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660690/; classtype:trojan-activity;sid:84523790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660688)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660688/; classtype:trojan-activity;sid:84523788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660680)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660680/; classtype:trojan-activity;sid:84523780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660679)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660679/; classtype:trojan-activity;sid:84523779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660677)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660677/; classtype:trojan-activity;sid:84523777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660676)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660676/; classtype:trojan-activity;sid:84523776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660675)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660675/; classtype:trojan-activity;sid:84523775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660674)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660674/; classtype:trojan-activity;sid:84523774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660672)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660672/; classtype:trojan-activity;sid:84523772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660671)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660671/; classtype:trojan-activity;sid:84523771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660670)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660670/; classtype:trojan-activity;sid:84523770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660668)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660668/; classtype:trojan-activity;sid:84523768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660669)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660669/; classtype:trojan-activity;sid:84523769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660665)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660665/; classtype:trojan-activity;sid:84523765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660666)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660666/; classtype:trojan-activity;sid:84523766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660663)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660663/; classtype:trojan-activity;sid:84523763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660664)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660664/; classtype:trojan-activity;sid:84523764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660660)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660660/; classtype:trojan-activity;sid:84523760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660659)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660659/; classtype:trojan-activity;sid:84523759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660657)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660657/; classtype:trojan-activity;sid:84523757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660658)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660658/; classtype:trojan-activity;sid:84523758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660655)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660655/; classtype:trojan-activity;sid:84523755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660656)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660656/; classtype:trojan-activity;sid:84523756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660654)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660654/; classtype:trojan-activity;sid:84523754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660652)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660652/; classtype:trojan-activity;sid:84523752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660653)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660653/; classtype:trojan-activity;sid:84523753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660647)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660647/; classtype:trojan-activity;sid:84523747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660648)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660648/; classtype:trojan-activity;sid:84523748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660649)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660649/; classtype:trojan-activity;sid:84523749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660644)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660644/; classtype:trojan-activity;sid:84523744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660642)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660642/; classtype:trojan-activity;sid:84523742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660641)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660641/; classtype:trojan-activity;sid:84523741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660640)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660640/; classtype:trojan-activity;sid:84523740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660639)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660639/; classtype:trojan-activity;sid:84523739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660638)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660638/; classtype:trojan-activity;sid:84523738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660637)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660637/; classtype:trojan-activity;sid:84523737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660636)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660636/; classtype:trojan-activity;sid:84523736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660635)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660635/; classtype:trojan-activity;sid:84523735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660634)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660634/; classtype:trojan-activity;sid:84523734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660633)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660633/; classtype:trojan-activity;sid:84523733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660631)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660631/; classtype:trojan-activity;sid:84523731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660630)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660630/; classtype:trojan-activity;sid:84523730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660629)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660629/; classtype:trojan-activity;sid:84523729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660627)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660627/; classtype:trojan-activity;sid:84523727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660626)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660626/; classtype:trojan-activity;sid:84523726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660625)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660625/; classtype:trojan-activity;sid:84523725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660622)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660622/; classtype:trojan-activity;sid:84523722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660623)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660623/; classtype:trojan-activity;sid:84523723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660621)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660621/; classtype:trojan-activity;sid:84523721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660620)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660620/; classtype:trojan-activity;sid:84523720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660619)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660619/; classtype:trojan-activity;sid:84523719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660618)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660618/; classtype:trojan-activity;sid:84523718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660615)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660615/; classtype:trojan-activity;sid:84523715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660616)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660616/; classtype:trojan-activity;sid:84523716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660614)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660614/; classtype:trojan-activity;sid:84523714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660612)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660612/; classtype:trojan-activity;sid:84523712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660613)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660613/; classtype:trojan-activity;sid:84523713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660611)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660611/; classtype:trojan-activity;sid:84523711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660608)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660608/; classtype:trojan-activity;sid:84523708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660607)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660607/; classtype:trojan-activity;sid:84523707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660605)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660605/; classtype:trojan-activity;sid:84523705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660603)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660603/; classtype:trojan-activity;sid:84523703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660600)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660600/; classtype:trojan-activity;sid:84523700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660599)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660599/; classtype:trojan-activity;sid:84523699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660598)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660598/; classtype:trojan-activity;sid:84523698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660596)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660596/; classtype:trojan-activity;sid:84523696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660595)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660595/; classtype:trojan-activity;sid:84523695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660594)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660594/; classtype:trojan-activity;sid:84523694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660592)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660592/; classtype:trojan-activity;sid:84523692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660593)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660593/; classtype:trojan-activity;sid:84523693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660590)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660590/; classtype:trojan-activity;sid:84523690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660591)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660591/; classtype:trojan-activity;sid:84523691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660587)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660587/; classtype:trojan-activity;sid:84523687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660588)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660588/; classtype:trojan-activity;sid:84523688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660589)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660589/; classtype:trojan-activity;sid:84523689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660585)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660585/; classtype:trojan-activity;sid:84523685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660583)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660583/; classtype:trojan-activity;sid:84523683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660584)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660584/; classtype:trojan-activity;sid:84523684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660581)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660581/; classtype:trojan-activity;sid:84523681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660582)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660582/; classtype:trojan-activity;sid:84523682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660579)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660579/; classtype:trojan-activity;sid:84523679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660580)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660580/; classtype:trojan-activity;sid:84523680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660577)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660577/; classtype:trojan-activity;sid:84523677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660575)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660575/; classtype:trojan-activity;sid:84523675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660576)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660576/; classtype:trojan-activity;sid:84523676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660573)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660573/; classtype:trojan-activity;sid:84523673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660574)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660574/; classtype:trojan-activity;sid:84523674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660571)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660571/; classtype:trojan-activity;sid:84523671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660569)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660569/; classtype:trojan-activity;sid:84523669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660570)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660570/; classtype:trojan-activity;sid:84523670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660568)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660568/; classtype:trojan-activity;sid:84523668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660563)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660563/; classtype:trojan-activity;sid:84523663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660564)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660564/; classtype:trojan-activity;sid:84523664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660566)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660566/; classtype:trojan-activity;sid:84523666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660559)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660559/; classtype:trojan-activity;sid:84523659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660560)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660560/; classtype:trojan-activity;sid:84523660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660561)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660561/; classtype:trojan-activity;sid:84523661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660558)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660558/; classtype:trojan-activity;sid:84523658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660552)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660552/; classtype:trojan-activity;sid:84523652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660553)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660553/; classtype:trojan-activity;sid:84523653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660554)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660554/; classtype:trojan-activity;sid:84523654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660555)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660555/; classtype:trojan-activity;sid:84523655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660556)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660556/; classtype:trojan-activity;sid:84523656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660536)"; flow:established,from_client; content:"GET"; http_method; content:"/pathdata/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"113.57.8.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660536/; classtype:trojan-activity;sid:84523636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660538)"; flow:established,from_client; content:"GET"; http_method; content:"/user/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"113.57.8.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660538/; classtype:trojan-activity;sid:84523638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.25.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660470/; classtype:trojan-activity;sid:84523570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660332)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660332/; classtype:trojan-activity;sid:84523432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660331)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660331/; classtype:trojan-activity;sid:84523431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660329)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660329/; classtype:trojan-activity;sid:84523429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660328)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660328/; classtype:trojan-activity;sid:84523428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660327)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660327/; classtype:trojan-activity;sid:84523427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659836)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659836/; classtype:trojan-activity;sid:84522936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659834)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659834/; classtype:trojan-activity;sid:84522934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659833)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659833/; classtype:trojan-activity;sid:84522933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659796)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.82.169.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659796/; classtype:trojan-activity;sid:84522896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659797)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.82.169.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659797/; classtype:trojan-activity;sid:84522897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659779)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659779/; classtype:trojan-activity;sid:84522879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659782)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659782/; classtype:trojan-activity;sid:84522882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2025-01-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658970/; classtype:trojan-activity;sid:84522070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-10-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658962/; classtype:trojan-activity;sid:84522062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2020-09-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658957/; classtype:trojan-activity;sid:84522057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-11-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658954/; classtype:trojan-activity;sid:84522054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-07-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658903/; classtype:trojan-activity;sid:84522003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2023-11-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658778/; classtype:trojan-activity;sid:84521878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658670/; classtype:trojan-activity;sid:84521770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658610)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-03-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658610/; classtype:trojan-activity;sid:84521710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2023-03-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658568/; classtype:trojan-activity;sid:84521668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658555)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2021-07-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658555/; classtype:trojan-activity;sid:84521655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-11-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658470/; classtype:trojan-activity;sid:84521570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2020-12-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658437/; classtype:trojan-activity;sid:84521537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658282)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658282/; classtype:trojan-activity;sid:84521382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658247/; classtype:trojan-activity;sid:84521347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-12-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658173/; classtype:trojan-activity;sid:84521273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2022-04-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658159/; classtype:trojan-activity;sid:84521259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2021-10-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658106/; classtype:trojan-activity;sid:84521206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2023-12-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658091/; classtype:trojan-activity;sid:84521191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-04-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658087/; classtype:trojan-activity;sid:84521187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-08-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658061/; classtype:trojan-activity;sid:84521161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656729)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656729/; classtype:trojan-activity;sid:84519829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656728)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656728/; classtype:trojan-activity;sid:84519828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656727)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656727/; classtype:trojan-activity;sid:84519827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656726)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656726/; classtype:trojan-activity;sid:84519826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656725)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.96.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656725/; classtype:trojan-activity;sid:84519825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656720)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656720/; classtype:trojan-activity;sid:84519820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656717)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656717/; classtype:trojan-activity;sid:84519817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656718)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656718/; classtype:trojan-activity;sid:84519818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656708)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656708/; classtype:trojan-activity;sid:84519808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656709)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656709/; classtype:trojan-activity;sid:84519809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656710)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656710/; classtype:trojan-activity;sid:84519810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656707)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656707/; classtype:trojan-activity;sid:84519807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656704)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656704/; classtype:trojan-activity;sid:84519804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656702)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656702/; classtype:trojan-activity;sid:84519802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656701)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656701/; classtype:trojan-activity;sid:84519801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656696)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656696/; classtype:trojan-activity;sid:84519796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656693)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656693/; classtype:trojan-activity;sid:84519793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656689)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656689/; classtype:trojan-activity;sid:84519789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656692)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656692/; classtype:trojan-activity;sid:84519792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656677)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656677/; classtype:trojan-activity;sid:84519777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656671)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.224.70.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656671/; classtype:trojan-activity;sid:84519771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656672)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656672/; classtype:trojan-activity;sid:84519772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656674)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656674/; classtype:trojan-activity;sid:84519774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656666)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"180.76.153.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656666/; classtype:trojan-activity;sid:84519766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656667)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656667/; classtype:trojan-activity;sid:84519767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656665)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656665/; classtype:trojan-activity;sid:84519765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656662)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656662/; classtype:trojan-activity;sid:84519762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656663)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656663/; classtype:trojan-activity;sid:84519763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656660)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656660/; classtype:trojan-activity;sid:84519760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656661)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656661/; classtype:trojan-activity;sid:84519761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656658)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656658/; classtype:trojan-activity;sid:84519758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656652)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656652/; classtype:trojan-activity;sid:84519752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656654)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656654/; classtype:trojan-activity;sid:84519754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656648)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656648/; classtype:trojan-activity;sid:84519748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656646)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656646/; classtype:trojan-activity;sid:84519746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656638)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656638/; classtype:trojan-activity;sid:84519738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656639)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656639/; classtype:trojan-activity;sid:84519739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656640)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656640/; classtype:trojan-activity;sid:84519740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656634)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656634/; classtype:trojan-activity;sid:84519734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656635)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656635/; classtype:trojan-activity;sid:84519735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656636)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68.224.70.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656636/; classtype:trojan-activity;sid:84519736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656632)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656632/; classtype:trojan-activity;sid:84519732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656630)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656630/; classtype:trojan-activity;sid:84519730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656627)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656627/; classtype:trojan-activity;sid:84519727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656628)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656628/; classtype:trojan-activity;sid:84519728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656621)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656621/; classtype:trojan-activity;sid:84519721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656611)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656611/; classtype:trojan-activity;sid:84519711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656607)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656607/; classtype:trojan-activity;sid:84519707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656608)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656608/; classtype:trojan-activity;sid:84519708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656609)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656609/; classtype:trojan-activity;sid:84519709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656601)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656601/; classtype:trojan-activity;sid:84519701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656602)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656602/; classtype:trojan-activity;sid:84519702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656592)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656592/; classtype:trojan-activity;sid:84519692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656594)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656594/; classtype:trojan-activity;sid:84519694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656595)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656595/; classtype:trojan-activity;sid:84519695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656581)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656581/; classtype:trojan-activity;sid:84519681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656584)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656584/; classtype:trojan-activity;sid:84519684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656577)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656577/; classtype:trojan-activity;sid:84519677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656574)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.130.209.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656574/; classtype:trojan-activity;sid:84519674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656572)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656572/; classtype:trojan-activity;sid:84519672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656569)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656569/; classtype:trojan-activity;sid:84519669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656566)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.118.38.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656566/; classtype:trojan-activity;sid:84519666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656563)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656563/; classtype:trojan-activity;sid:84519663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656552)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656552/; classtype:trojan-activity;sid:84519652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656555)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656555/; classtype:trojan-activity;sid:84519655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656503/; classtype:trojan-activity;sid:84519603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656456/; classtype:trojan-activity;sid:84519556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656398)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656398/; classtype:trojan-activity;sid:84519498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656154)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.118.32.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656154/; classtype:trojan-activity;sid:84519254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656140)"; flow:established,from_client; content:"GET"; http_method; content:"/christian%20cg17042021%20xpanel.c3prj/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656140/; classtype:trojan-activity;sid:84519240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656061/; classtype:trojan-activity;sid:84519161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656060/; classtype:trojan-activity;sid:84519160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656059/; classtype:trojan-activity;sid:84519159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656056/; classtype:trojan-activity;sid:84519156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656057)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656057/; classtype:trojan-activity;sid:84519157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656054/; classtype:trojan-activity;sid:84519154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656051/; classtype:trojan-activity;sid:84519151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656050)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656050/; classtype:trojan-activity;sid:84519150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656047)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656047/; classtype:trojan-activity;sid:84519147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656037/; classtype:trojan-activity;sid:84519137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656038)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656038/; classtype:trojan-activity;sid:84519138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656030/; classtype:trojan-activity;sid:84519130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656021)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656021/; classtype:trojan-activity;sid:84519121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656019)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656019/; classtype:trojan-activity;sid:84519119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656007)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656007/; classtype:trojan-activity;sid:84519107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655977)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655977/; classtype:trojan-activity;sid:84519077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-12-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655975/; classtype:trojan-activity;sid:84519075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655973)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.43.45.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655973/; classtype:trojan-activity;sid:84519073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655969)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655969/; classtype:trojan-activity;sid:84519069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655970)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655970/; classtype:trojan-activity;sid:84519070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655908)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655908/; classtype:trojan-activity;sid:84519008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655903)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655903/; classtype:trojan-activity;sid:84519003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655896)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655896/; classtype:trojan-activity;sid:84518996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655889)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655889/; classtype:trojan-activity;sid:84518989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655881/; classtype:trojan-activity;sid:84518981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-05-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655880/; classtype:trojan-activity;sid:84518980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655875)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655875/; classtype:trojan-activity;sid:84518975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-06-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655867/; classtype:trojan-activity;sid:84518967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655866)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655866/; classtype:trojan-activity;sid:84518966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655860/; classtype:trojan-activity;sid:84518960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655859)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655859/; classtype:trojan-activity;sid:84518959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655844/; classtype:trojan-activity;sid:84518944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655845/; classtype:trojan-activity;sid:84518945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655838)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655838/; classtype:trojan-activity;sid:84518938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655839)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655839/; classtype:trojan-activity;sid:84518939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655829/; classtype:trojan-activity;sid:84518929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655825)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.249.142.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655825/; classtype:trojan-activity;sid:84518925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655824/; classtype:trojan-activity;sid:84518924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655806/; classtype:trojan-activity;sid:84518906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-01-31/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655803/; classtype:trojan-activity;sid:84518903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655801/; classtype:trojan-activity;sid:84518901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-06-22/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655799/; classtype:trojan-activity;sid:84518899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655797/; classtype:trojan-activity;sid:84518897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655792)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655792/; classtype:trojan-activity;sid:84518892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-06-02/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655787/; classtype:trojan-activity;sid:84518887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655782/; classtype:trojan-activity;sid:84518882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655783)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655783/; classtype:trojan-activity;sid:84518883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655781)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655781/; classtype:trojan-activity;sid:84518881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655775/; classtype:trojan-activity;sid:84518875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655774)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655774/; classtype:trojan-activity;sid:84518874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655768/; classtype:trojan-activity;sid:84518868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655766/; classtype:trojan-activity;sid:84518866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655763)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655763/; classtype:trojan-activity;sid:84518863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655761/; classtype:trojan-activity;sid:84518861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655757)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655757/; classtype:trojan-activity;sid:84518857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655754/; classtype:trojan-activity;sid:84518854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655755)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655755/; classtype:trojan-activity;sid:84518855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655753/; classtype:trojan-activity;sid:84518853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655751)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655751/; classtype:trojan-activity;sid:84518851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655748)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655748/; classtype:trojan-activity;sid:84518848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-06-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655743/; classtype:trojan-activity;sid:84518843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655731)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655731/; classtype:trojan-activity;sid:84518831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655730)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655730/; classtype:trojan-activity;sid:84518830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655718)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655718/; classtype:trojan-activity;sid:84518818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655717/; classtype:trojan-activity;sid:84518817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655714)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655714/; classtype:trojan-activity;sid:84518814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-12-01/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655712/; classtype:trojan-activity;sid:84518812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655699)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655699/; classtype:trojan-activity;sid:84518799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655701)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655701/; classtype:trojan-activity;sid:84518801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655703)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655703/; classtype:trojan-activity;sid:84518803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655697)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655697/; classtype:trojan-activity;sid:84518797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655662)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655662/; classtype:trojan-activity;sid:84518762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655665)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655665/; classtype:trojan-activity;sid:84518765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655654)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655654/; classtype:trojan-activity;sid:84518754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655649)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655649/; classtype:trojan-activity;sid:84518749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655646)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-12-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655646/; classtype:trojan-activity;sid:84518746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655631)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655631/; classtype:trojan-activity;sid:84518731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655596)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655596/; classtype:trojan-activity;sid:84518696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655593)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655593/; classtype:trojan-activity;sid:84518693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655594)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655594/; classtype:trojan-activity;sid:84518694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655590)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655590/; classtype:trojan-activity;sid:84518690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-29/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655586/; classtype:trojan-activity;sid:84518686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655572)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655572/; classtype:trojan-activity;sid:84518672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655562)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655562/; classtype:trojan-activity;sid:84518662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655560)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655560/; classtype:trojan-activity;sid:84518660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655556/; classtype:trojan-activity;sid:84518656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655557)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655557/; classtype:trojan-activity;sid:84518657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655559)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655559/; classtype:trojan-activity;sid:84518659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655553)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655553/; classtype:trojan-activity;sid:84518653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655535)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655535/; classtype:trojan-activity;sid:84518635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655518)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655518/; classtype:trojan-activity;sid:84518618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-10-22/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655510/; classtype:trojan-activity;sid:84518610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655507)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655507/; classtype:trojan-activity;sid:84518607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-08-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655503/; classtype:trojan-activity;sid:84518603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655501)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655501/; classtype:trojan-activity;sid:84518601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655493)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655493/; classtype:trojan-activity;sid:84518593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655490)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655490/; classtype:trojan-activity;sid:84518590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655479)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655479/; classtype:trojan-activity;sid:84518579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655476)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655476/; classtype:trojan-activity;sid:84518576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655474)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655474/; classtype:trojan-activity;sid:84518574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655471/; classtype:trojan-activity;sid:84518571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655469)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655469/; classtype:trojan-activity;sid:84518569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655462)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655462/; classtype:trojan-activity;sid:84518562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655461)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655461/; classtype:trojan-activity;sid:84518561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655458)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655458/; classtype:trojan-activity;sid:84518558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655453)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655453/; classtype:trojan-activity;sid:84518553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655447)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655447/; classtype:trojan-activity;sid:84518547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655440)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655440/; classtype:trojan-activity;sid:84518540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655442/; classtype:trojan-activity;sid:84518542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655430)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655430/; classtype:trojan-activity;sid:84518530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655436)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655436/; classtype:trojan-activity;sid:84518536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655423)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655423/; classtype:trojan-activity;sid:84518523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655420)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655420/; classtype:trojan-activity;sid:84518520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-07/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655413/; classtype:trojan-activity;sid:84518513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655411/; classtype:trojan-activity;sid:84518511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655408)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655408/; classtype:trojan-activity;sid:84518508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655403)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655403/; classtype:trojan-activity;sid:84518503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655398)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655398/; classtype:trojan-activity;sid:84518498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655383)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655383/; classtype:trojan-activity;sid:84518483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655379)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655379/; classtype:trojan-activity;sid:84518479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655378)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655378/; classtype:trojan-activity;sid:84518478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655373/; classtype:trojan-activity;sid:84518473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655368/; classtype:trojan-activity;sid:84518468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655362)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655362/; classtype:trojan-activity;sid:84518462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655353/; classtype:trojan-activity;sid:84518453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655348)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655348/; classtype:trojan-activity;sid:84518448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-02-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655345/; classtype:trojan-activity;sid:84518445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655343)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655343/; classtype:trojan-activity;sid:84518443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655339)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655339/; classtype:trojan-activity;sid:84518439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655335)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655335/; classtype:trojan-activity;sid:84518435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655330)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-11-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655330/; classtype:trojan-activity;sid:84518430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655331/; classtype:trojan-activity;sid:84518431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655329)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655329/; classtype:trojan-activity;sid:84518429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655322)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655322/; classtype:trojan-activity;sid:84518422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655323)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655323/; classtype:trojan-activity;sid:84518423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655321/; classtype:trojan-activity;sid:84518421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655317)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655317/; classtype:trojan-activity;sid:84518417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655313)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655313/; classtype:trojan-activity;sid:84518413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655314)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-03-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655314/; classtype:trojan-activity;sid:84518414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655311/; classtype:trojan-activity;sid:84518411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655309)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655309/; classtype:trojan-activity;sid:84518409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655306)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655306/; classtype:trojan-activity;sid:84518406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655300/; classtype:trojan-activity;sid:84518400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655295)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655295/; classtype:trojan-activity;sid:84518395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655293/; classtype:trojan-activity;sid:84518393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655291/; classtype:trojan-activity;sid:84518391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655286/; classtype:trojan-activity;sid:84518386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655280)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655280/; classtype:trojan-activity;sid:84518380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655279)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655279/; classtype:trojan-activity;sid:84518379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-02-28/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655274/; classtype:trojan-activity;sid:84518374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655276)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655276/; classtype:trojan-activity;sid:84518376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655272)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655272/; classtype:trojan-activity;sid:84518372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655267)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655267/; classtype:trojan-activity;sid:84518367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655259)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655259/; classtype:trojan-activity;sid:84518359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655257/; classtype:trojan-activity;sid:84518357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655253)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655253/; classtype:trojan-activity;sid:84518353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655244)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655244/; classtype:trojan-activity;sid:84518344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655245/; classtype:trojan-activity;sid:84518345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655230)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655230/; classtype:trojan-activity;sid:84518330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655222)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655222/; classtype:trojan-activity;sid:84518322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655220/; classtype:trojan-activity;sid:84518320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655213/; classtype:trojan-activity;sid:84518313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655207)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655207/; classtype:trojan-activity;sid:84518307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655203)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655203/; classtype:trojan-activity;sid:84518303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655200)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655200/; classtype:trojan-activity;sid:84518300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655191)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655191/; classtype:trojan-activity;sid:84518291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655187/; classtype:trojan-activity;sid:84518287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655179/; classtype:trojan-activity;sid:84518279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655169)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655169/; classtype:trojan-activity;sid:84518269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655170/; classtype:trojan-activity;sid:84518270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655163)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.8.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655163/; classtype:trojan-activity;sid:84518263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655160)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655160/; classtype:trojan-activity;sid:84518260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655143)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655143/; classtype:trojan-activity;sid:84518243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655126)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655126/; classtype:trojan-activity;sid:84518226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655116)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655116/; classtype:trojan-activity;sid:84518216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655115)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655115/; classtype:trojan-activity;sid:84518215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655109)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655109/; classtype:trojan-activity;sid:84518209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655099/; classtype:trojan-activity;sid:84518199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655094)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655094/; classtype:trojan-activity;sid:84518194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655090)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655090/; classtype:trojan-activity;sid:84518190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-03-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655088/; classtype:trojan-activity;sid:84518188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2025-01-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655085/; classtype:trojan-activity;sid:84518185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655084)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655084/; classtype:trojan-activity;sid:84518184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655081)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655081/; classtype:trojan-activity;sid:84518181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655077)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655077/; classtype:trojan-activity;sid:84518177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655072)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655072/; classtype:trojan-activity;sid:84518172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655070)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655070/; classtype:trojan-activity;sid:84518170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655065/; classtype:trojan-activity;sid:84518165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655064)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655064/; classtype:trojan-activity;sid:84518164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655061/; classtype:trojan-activity;sid:84518161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655057)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655057/; classtype:trojan-activity;sid:84518157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655054)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655054/; classtype:trojan-activity;sid:84518154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655052)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655052/; classtype:trojan-activity;sid:84518152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655049)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655049/; classtype:trojan-activity;sid:84518149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655046)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655046/; classtype:trojan-activity;sid:84518146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655044/; classtype:trojan-activity;sid:84518144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655037)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655037/; classtype:trojan-activity;sid:84518137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655038)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655038/; classtype:trojan-activity;sid:84518138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655034/; classtype:trojan-activity;sid:84518134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655028/; classtype:trojan-activity;sid:84518128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655025)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655025/; classtype:trojan-activity;sid:84518125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655021)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655021/; classtype:trojan-activity;sid:84518121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655016)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655016/; classtype:trojan-activity;sid:84518116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655008)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655008/; classtype:trojan-activity;sid:84518108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655005)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655005/; classtype:trojan-activity;sid:84518105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655004)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655004/; classtype:trojan-activity;sid:84518104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655001)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655001/; classtype:trojan-activity;sid:84518101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654999)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654999/; classtype:trojan-activity;sid:84518099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654994)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654994/; classtype:trojan-activity;sid:84518094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-01-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654992/; classtype:trojan-activity;sid:84518092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654991)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654991/; classtype:trojan-activity;sid:84518091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654985/; classtype:trojan-activity;sid:84518085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654981/; classtype:trojan-activity;sid:84518081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654973/; classtype:trojan-activity;sid:84518073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654971)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654971/; classtype:trojan-activity;sid:84518071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654972)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.249.142.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654972/; classtype:trojan-activity;sid:84518072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654970)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654970/; classtype:trojan-activity;sid:84518070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654967)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654967/; classtype:trojan-activity;sid:84518067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654966/; classtype:trojan-activity;sid:84518066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654962)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654962/; classtype:trojan-activity;sid:84518062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654953)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654953/; classtype:trojan-activity;sid:84518053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654946)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654946/; classtype:trojan-activity;sid:84518046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654942)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654942/; classtype:trojan-activity;sid:84518042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654936)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654936/; classtype:trojan-activity;sid:84518036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654935)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.148.10.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654935/; classtype:trojan-activity;sid:84518035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654927/; classtype:trojan-activity;sid:84518027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654923)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654923/; classtype:trojan-activity;sid:84518023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654921/; classtype:trojan-activity;sid:84518021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654917)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654917/; classtype:trojan-activity;sid:84518017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654902)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654902/; classtype:trojan-activity;sid:84518002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654904)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654904/; classtype:trojan-activity;sid:84518004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654898)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654898/; classtype:trojan-activity;sid:84517998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654894/; classtype:trojan-activity;sid:84517994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654892)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654892/; classtype:trojan-activity;sid:84517992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654882/; classtype:trojan-activity;sid:84517982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654880)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654880/; classtype:trojan-activity;sid:84517980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654874)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654874/; classtype:trojan-activity;sid:84517974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654859)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654859/; classtype:trojan-activity;sid:84517959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654860/; classtype:trojan-activity;sid:84517960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654857)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654857/; classtype:trojan-activity;sid:84517957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654853/; classtype:trojan-activity;sid:84517953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654850)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654850/; classtype:trojan-activity;sid:84517950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654829)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654829/; classtype:trojan-activity;sid:84517929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654826)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654826/; classtype:trojan-activity;sid:84517926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654814/; classtype:trojan-activity;sid:84517914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654811)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654811/; classtype:trojan-activity;sid:84517911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654806)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654806/; classtype:trojan-activity;sid:84517906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654804/; classtype:trojan-activity;sid:84517904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654803)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654803/; classtype:trojan-activity;sid:84517903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654799)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654799/; classtype:trojan-activity;sid:84517899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654796/; classtype:trojan-activity;sid:84517896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654793)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654793/; classtype:trojan-activity;sid:84517893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654788)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654788/; classtype:trojan-activity;sid:84517888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654781/; classtype:trojan-activity;sid:84517881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654762/; classtype:trojan-activity;sid:84517862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654758)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654758/; classtype:trojan-activity;sid:84517858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654747)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654747/; classtype:trojan-activity;sid:84517847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654746)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654746/; classtype:trojan-activity;sid:84517846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654740)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654740/; classtype:trojan-activity;sid:84517840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654735/; classtype:trojan-activity;sid:84517835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654732)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654732/; classtype:trojan-activity;sid:84517832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654727/; classtype:trojan-activity;sid:84517827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-09-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654726/; classtype:trojan-activity;sid:84517826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654721)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654721/; classtype:trojan-activity;sid:84517821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654719)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654719/; classtype:trojan-activity;sid:84517819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654714/; classtype:trojan-activity;sid:84517814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654709)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654709/; classtype:trojan-activity;sid:84517809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654694/; classtype:trojan-activity;sid:84517794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654695/; classtype:trojan-activity;sid:84517795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654687/; classtype:trojan-activity;sid:84517787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654682/; classtype:trojan-activity;sid:84517782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654677/; classtype:trojan-activity;sid:84517777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654678/; classtype:trojan-activity;sid:84517778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654673)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654673/; classtype:trojan-activity;sid:84517773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654674/; classtype:trojan-activity;sid:84517774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654672/; classtype:trojan-activity;sid:84517772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654668/; classtype:trojan-activity;sid:84517768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654665/; classtype:trojan-activity;sid:84517765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654661)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654661/; classtype:trojan-activity;sid:84517761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654659)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654659/; classtype:trojan-activity;sid:84517759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654657)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654657/; classtype:trojan-activity;sid:84517757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654655)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654655/; classtype:trojan-activity;sid:84517755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654654)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654654/; classtype:trojan-activity;sid:84517754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654651)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654651/; classtype:trojan-activity;sid:84517751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654647)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654647/; classtype:trojan-activity;sid:84517747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654643/; classtype:trojan-activity;sid:84517743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654641)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654641/; classtype:trojan-activity;sid:84517741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654634)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654634/; classtype:trojan-activity;sid:84517734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654630/; classtype:trojan-activity;sid:84517730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654625)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654625/; classtype:trojan-activity;sid:84517725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654622/; classtype:trojan-activity;sid:84517722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654610)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654610/; classtype:trojan-activity;sid:84517710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654608/; classtype:trojan-activity;sid:84517708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654600)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654600/; classtype:trojan-activity;sid:84517700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654589)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654589/; classtype:trojan-activity;sid:84517689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654585/; classtype:trojan-activity;sid:84517685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654575/; classtype:trojan-activity;sid:84517675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654555)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654555/; classtype:trojan-activity;sid:84517655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654546/; classtype:trojan-activity;sid:84517646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654541)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654541/; classtype:trojan-activity;sid:84517641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654542)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654542/; classtype:trojan-activity;sid:84517642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654533)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654533/; classtype:trojan-activity;sid:84517633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654531)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654531/; classtype:trojan-activity;sid:84517631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654527)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654527/; classtype:trojan-activity;sid:84517627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654526/; classtype:trojan-activity;sid:84517626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-11-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654522/; classtype:trojan-activity;sid:84517622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654513)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654513/; classtype:trojan-activity;sid:84517613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-15/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654514/; classtype:trojan-activity;sid:84517614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654509/; classtype:trojan-activity;sid:84517609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654508)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654508/; classtype:trojan-activity;sid:84517608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654507/; classtype:trojan-activity;sid:84517607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654504)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654504/; classtype:trojan-activity;sid:84517604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654499)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654499/; classtype:trojan-activity;sid:84517599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654501)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654501/; classtype:trojan-activity;sid:84517601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654498)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654498/; classtype:trojan-activity;sid:84517598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654495)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654495/; classtype:trojan-activity;sid:84517595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654491/; classtype:trojan-activity;sid:84517591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654484)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654484/; classtype:trojan-activity;sid:84517584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654478)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654478/; classtype:trojan-activity;sid:84517578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654477)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654477/; classtype:trojan-activity;sid:84517577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654474)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654474/; classtype:trojan-activity;sid:84517574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654451)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654451/; classtype:trojan-activity;sid:84517551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654447)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654447/; classtype:trojan-activity;sid:84517547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654445)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654445/; classtype:trojan-activity;sid:84517545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654428/; classtype:trojan-activity;sid:84517528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654392)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654392/; classtype:trojan-activity;sid:84517492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654390)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654390/; classtype:trojan-activity;sid:84517490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654385)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654385/; classtype:trojan-activity;sid:84517485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654380)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.42.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654380/; classtype:trojan-activity;sid:84517480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654378)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654378/; classtype:trojan-activity;sid:84517478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-06-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654372/; classtype:trojan-activity;sid:84517472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654356)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654356/; classtype:trojan-activity;sid:84517456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654342)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654342/; classtype:trojan-activity;sid:84517442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654339)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654339/; classtype:trojan-activity;sid:84517439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654337)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654337/; classtype:trojan-activity;sid:84517437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654334)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654334/; classtype:trojan-activity;sid:84517434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654333)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654333/; classtype:trojan-activity;sid:84517433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654331/; classtype:trojan-activity;sid:84517431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654326)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654326/; classtype:trojan-activity;sid:84517426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654321)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654321/; classtype:trojan-activity;sid:84517421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654320)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654320/; classtype:trojan-activity;sid:84517420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654312)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654312/; classtype:trojan-activity;sid:84517412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654308)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654308/; classtype:trojan-activity;sid:84517408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654303)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654303/; classtype:trojan-activity;sid:84517403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654299)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654299/; classtype:trojan-activity;sid:84517399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654292/; classtype:trojan-activity;sid:84517392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654288)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654288/; classtype:trojan-activity;sid:84517388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654289)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654289/; classtype:trojan-activity;sid:84517389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654285)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654285/; classtype:trojan-activity;sid:84517385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654284)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654284/; classtype:trojan-activity;sid:84517384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654283)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654283/; classtype:trojan-activity;sid:84517383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654276)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654276/; classtype:trojan-activity;sid:84517376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654273)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654273/; classtype:trojan-activity;sid:84517373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654270/; classtype:trojan-activity;sid:84517370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654268)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654268/; classtype:trojan-activity;sid:84517368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654266)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654266/; classtype:trojan-activity;sid:84517366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654258)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654258/; classtype:trojan-activity;sid:84517358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654253)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654253/; classtype:trojan-activity;sid:84517353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654247/; classtype:trojan-activity;sid:84517347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654243)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654243/; classtype:trojan-activity;sid:84517343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654239/; classtype:trojan-activity;sid:84517339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654234)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654234/; classtype:trojan-activity;sid:84517334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654233/; classtype:trojan-activity;sid:84517333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654216)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-04-07/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654216/; classtype:trojan-activity;sid:84517316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654209/; classtype:trojan-activity;sid:84517309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654205)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654205/; classtype:trojan-activity;sid:84517305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654203)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654203/; classtype:trojan-activity;sid:84517303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654204)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654204/; classtype:trojan-activity;sid:84517304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654202)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654202/; classtype:trojan-activity;sid:84517302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654197)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654197/; classtype:trojan-activity;sid:84517297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654195)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654195/; classtype:trojan-activity;sid:84517295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654192)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654192/; classtype:trojan-activity;sid:84517292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654193)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654193/; classtype:trojan-activity;sid:84517293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-10-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654187/; classtype:trojan-activity;sid:84517287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654173)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654173/; classtype:trojan-activity;sid:84517273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654177)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654177/; classtype:trojan-activity;sid:84517277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-06-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654163/; classtype:trojan-activity;sid:84517263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654161)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654161/; classtype:trojan-activity;sid:84517261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654149)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654149/; classtype:trojan-activity;sid:84517249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654125/; classtype:trojan-activity;sid:84517225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654122)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654122/; classtype:trojan-activity;sid:84517222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654123)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654123/; classtype:trojan-activity;sid:84517223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654119/; classtype:trojan-activity;sid:84517219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654117)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654117/; classtype:trojan-activity;sid:84517217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654113)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654113/; classtype:trojan-activity;sid:84517213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654108)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654108/; classtype:trojan-activity;sid:84517208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654098)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654098/; classtype:trojan-activity;sid:84517198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654088/; classtype:trojan-activity;sid:84517188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654078)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654078/; classtype:trojan-activity;sid:84517178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654077)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654077/; classtype:trojan-activity;sid:84517177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654076)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654076/; classtype:trojan-activity;sid:84517176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654074)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654074/; classtype:trojan-activity;sid:84517174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654072)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654072/; classtype:trojan-activity;sid:84517172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654065)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654065/; classtype:trojan-activity;sid:84517165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654044)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654044/; classtype:trojan-activity;sid:84517144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654034/; classtype:trojan-activity;sid:84517134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654033/; classtype:trojan-activity;sid:84517133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654032)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654032/; classtype:trojan-activity;sid:84517132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654025/; classtype:trojan-activity;sid:84517125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654024)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654024/; classtype:trojan-activity;sid:84517124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654023/; classtype:trojan-activity;sid:84517123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654022)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654022/; classtype:trojan-activity;sid:84517122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654019)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654019/; classtype:trojan-activity;sid:84517119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654017/; classtype:trojan-activity;sid:84517117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654009)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654009/; classtype:trojan-activity;sid:84517109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654005/; classtype:trojan-activity;sid:84517105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654003/; classtype:trojan-activity;sid:84517103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653997)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653997/; classtype:trojan-activity;sid:84517097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653992/; classtype:trojan-activity;sid:84517092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653985)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653985/; classtype:trojan-activity;sid:84517085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653977)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653977/; classtype:trojan-activity;sid:84517077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653972/; classtype:trojan-activity;sid:84517072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653964)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653964/; classtype:trojan-activity;sid:84517064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653960)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653960/; classtype:trojan-activity;sid:84517060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653947)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653947/; classtype:trojan-activity;sid:84517047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653941)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653941/; classtype:trojan-activity;sid:84517041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653943/; classtype:trojan-activity;sid:84517043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653930)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653930/; classtype:trojan-activity;sid:84517030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653917)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653917/; classtype:trojan-activity;sid:84517017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653918)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653918/; classtype:trojan-activity;sid:84517018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653916)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653916/; classtype:trojan-activity;sid:84517016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653914/; classtype:trojan-activity;sid:84517014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653912)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653912/; classtype:trojan-activity;sid:84517012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653910)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653910/; classtype:trojan-activity;sid:84517010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653900)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653900/; classtype:trojan-activity;sid:84517000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653892/; classtype:trojan-activity;sid:84516992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653893)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653893/; classtype:trojan-activity;sid:84516993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653888)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653888/; classtype:trojan-activity;sid:84516988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653885)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653885/; classtype:trojan-activity;sid:84516985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653882/; classtype:trojan-activity;sid:84516982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653878)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.118.32.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653878/; classtype:trojan-activity;sid:84516978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653875/; classtype:trojan-activity;sid:84516975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653874)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653874/; classtype:trojan-activity;sid:84516974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653871)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653871/; classtype:trojan-activity;sid:84516971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653867)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653867/; classtype:trojan-activity;sid:84516967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653864/; classtype:trojan-activity;sid:84516964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653863/; classtype:trojan-activity;sid:84516963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653861/; classtype:trojan-activity;sid:84516961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653858)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653858/; classtype:trojan-activity;sid:84516958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653856/; classtype:trojan-activity;sid:84516956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653853)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653853/; classtype:trojan-activity;sid:84516953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653848)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653848/; classtype:trojan-activity;sid:84516948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653849/; classtype:trojan-activity;sid:84516949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-06-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653841/; classtype:trojan-activity;sid:84516941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653840)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653840/; classtype:trojan-activity;sid:84516940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653839/; classtype:trojan-activity;sid:84516939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653836/; classtype:trojan-activity;sid:84516936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-04-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653831/; classtype:trojan-activity;sid:84516931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653828)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653828/; classtype:trojan-activity;sid:84516928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653827)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653827/; classtype:trojan-activity;sid:84516927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653826/; classtype:trojan-activity;sid:84516926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653824)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653824/; classtype:trojan-activity;sid:84516924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653823/; classtype:trojan-activity;sid:84516923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653818/; classtype:trojan-activity;sid:84516918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653819/; classtype:trojan-activity;sid:84516919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653806)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653806/; classtype:trojan-activity;sid:84516906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653799)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653799/; classtype:trojan-activity;sid:84516899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653792)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653792/; classtype:trojan-activity;sid:84516892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-04-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653790/; classtype:trojan-activity;sid:84516890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653785/; classtype:trojan-activity;sid:84516885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653783/; classtype:trojan-activity;sid:84516883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653782/; classtype:trojan-activity;sid:84516882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653781)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653781/; classtype:trojan-activity;sid:84516881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653772)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653772/; classtype:trojan-activity;sid:84516872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653770)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653770/; classtype:trojan-activity;sid:84516870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653761/; classtype:trojan-activity;sid:84516861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653758/; classtype:trojan-activity;sid:84516858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653756)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653756/; classtype:trojan-activity;sid:84516856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653755)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653755/; classtype:trojan-activity;sid:84516855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653751/; classtype:trojan-activity;sid:84516851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653748)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653748/; classtype:trojan-activity;sid:84516848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653743)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653743/; classtype:trojan-activity;sid:84516843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653741/; classtype:trojan-activity;sid:84516841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653737/; classtype:trojan-activity;sid:84516837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653734/; classtype:trojan-activity;sid:84516834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653732)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653732/; classtype:trojan-activity;sid:84516832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653730/; classtype:trojan-activity;sid:84516830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653728/; classtype:trojan-activity;sid:84516828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-09-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653725/; classtype:trojan-activity;sid:84516825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653722/; classtype:trojan-activity;sid:84516822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653717)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653717/; classtype:trojan-activity;sid:84516817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653713)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653713/; classtype:trojan-activity;sid:84516813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-11-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653707/; classtype:trojan-activity;sid:84516807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653705)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653705/; classtype:trojan-activity;sid:84516805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653704)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-02-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653704/; classtype:trojan-activity;sid:84516804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653703)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653703/; classtype:trojan-activity;sid:84516803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653702/; classtype:trojan-activity;sid:84516802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-03-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653696/; classtype:trojan-activity;sid:84516796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653695/; classtype:trojan-activity;sid:84516795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653693/; classtype:trojan-activity;sid:84516793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653690)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653690/; classtype:trojan-activity;sid:84516790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653691)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653691/; classtype:trojan-activity;sid:84516791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653685/; classtype:trojan-activity;sid:84516785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653683/; classtype:trojan-activity;sid:84516783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653681/; classtype:trojan-activity;sid:84516781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653675/; classtype:trojan-activity;sid:84516775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653672)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653672/; classtype:trojan-activity;sid:84516772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-11-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653671/; classtype:trojan-activity;sid:84516771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653669)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653669/; classtype:trojan-activity;sid:84516769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-03-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653665/; classtype:trojan-activity;sid:84516765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653662)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653662/; classtype:trojan-activity;sid:84516762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653663)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653663/; classtype:trojan-activity;sid:84516763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653661)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653661/; classtype:trojan-activity;sid:84516761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653655)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653655/; classtype:trojan-activity;sid:84516755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653649/; classtype:trojan-activity;sid:84516749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653650/; classtype:trojan-activity;sid:84516750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653651)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653651/; classtype:trojan-activity;sid:84516751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653647)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653647/; classtype:trojan-activity;sid:84516747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653640)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653640/; classtype:trojan-activity;sid:84516740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653636/; classtype:trojan-activity;sid:84516736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653633/; classtype:trojan-activity;sid:84516733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653634)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653634/; classtype:trojan-activity;sid:84516734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653632)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653632/; classtype:trojan-activity;sid:84516732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653627)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653627/; classtype:trojan-activity;sid:84516727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653620)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653620/; classtype:trojan-activity;sid:84516720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653621)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653621/; classtype:trojan-activity;sid:84516721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653622)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653622/; classtype:trojan-activity;sid:84516722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653611)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653611/; classtype:trojan-activity;sid:84516711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653606/; classtype:trojan-activity;sid:84516706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653607)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653607/; classtype:trojan-activity;sid:84516707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653605)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653605/; classtype:trojan-activity;sid:84516705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653602/; classtype:trojan-activity;sid:84516702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653599/; classtype:trojan-activity;sid:84516699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653598/; classtype:trojan-activity;sid:84516698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653595/; classtype:trojan-activity;sid:84516695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-12-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653593/; classtype:trojan-activity;sid:84516693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653586/; classtype:trojan-activity;sid:84516686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653585/; classtype:trojan-activity;sid:84516685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653577/; classtype:trojan-activity;sid:84516677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653550/; classtype:trojan-activity;sid:84516650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653547)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653547/; classtype:trojan-activity;sid:84516647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653546/; classtype:trojan-activity;sid:84516646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653537)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653537/; classtype:trojan-activity;sid:84516637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653530)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653530/; classtype:trojan-activity;sid:84516630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653525)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653525/; classtype:trojan-activity;sid:84516625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653526/; classtype:trojan-activity;sid:84516626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653518/; classtype:trojan-activity;sid:84516618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653508/; classtype:trojan-activity;sid:84516608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653502/; classtype:trojan-activity;sid:84516602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653500/; classtype:trojan-activity;sid:84516600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653494/; classtype:trojan-activity;sid:84516594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653492/; classtype:trojan-activity;sid:84516592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653489)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-01-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653489/; classtype:trojan-activity;sid:84516589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653487/; classtype:trojan-activity;sid:84516587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653485/; classtype:trojan-activity;sid:84516585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653479/; classtype:trojan-activity;sid:84516579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653466/; classtype:trojan-activity;sid:84516566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653464)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-04-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653464/; classtype:trojan-activity;sid:84516564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653440/; classtype:trojan-activity;sid:84516540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653427/; classtype:trojan-activity;sid:84516527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653408/; classtype:trojan-activity;sid:84516508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653384/; classtype:trojan-activity;sid:84516484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653374/; classtype:trojan-activity;sid:84516474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653370/; classtype:trojan-activity;sid:84516470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-07-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653366/; classtype:trojan-activity;sid:84516466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653363/; classtype:trojan-activity;sid:84516463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653352/; classtype:trojan-activity;sid:84516452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653347/; classtype:trojan-activity;sid:84516447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-12-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653343/; classtype:trojan-activity;sid:84516443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653333)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-08-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653333/; classtype:trojan-activity;sid:84516433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653310/; classtype:trojan-activity;sid:84516410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653311/; classtype:trojan-activity;sid:84516411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653303/; classtype:trojan-activity;sid:84516403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-10-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653304/; classtype:trojan-activity;sid:84516404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653297)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653297/; classtype:trojan-activity;sid:84516397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653293/; classtype:trojan-activity;sid:84516393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653290/; classtype:trojan-activity;sid:84516390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653289/; classtype:trojan-activity;sid:84516389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653288/; classtype:trojan-activity;sid:84516388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653281/; classtype:trojan-activity;sid:84516381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-09-03/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653279/; classtype:trojan-activity;sid:84516379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653278/; classtype:trojan-activity;sid:84516378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653271/; classtype:trojan-activity;sid:84516371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653264)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653264/; classtype:trojan-activity;sid:84516364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653248/; classtype:trojan-activity;sid:84516348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653250/; classtype:trojan-activity;sid:84516350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-11-23/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653244/; classtype:trojan-activity;sid:84516344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653243/; classtype:trojan-activity;sid:84516343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653238/; classtype:trojan-activity;sid:84516338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653234/; classtype:trojan-activity;sid:84516334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653208/; classtype:trojan-activity;sid:84516308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653205/; classtype:trojan-activity;sid:84516305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653204/; classtype:trojan-activity;sid:84516304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653183/; classtype:trojan-activity;sid:84516283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653179/; classtype:trojan-activity;sid:84516279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653178/; classtype:trojan-activity;sid:84516278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653176/; classtype:trojan-activity;sid:84516276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653177/; classtype:trojan-activity;sid:84516277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653173/; classtype:trojan-activity;sid:84516273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653169/; classtype:trojan-activity;sid:84516269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653171/; classtype:trojan-activity;sid:84516271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653172/; classtype:trojan-activity;sid:84516272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653163/; classtype:trojan-activity;sid:84516263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653166/; classtype:trojan-activity;sid:84516266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653159/; classtype:trojan-activity;sid:84516259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653160/; classtype:trojan-activity;sid:84516260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653161/; classtype:trojan-activity;sid:84516261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653156/; classtype:trojan-activity;sid:84516256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-10-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653155/; classtype:trojan-activity;sid:84516255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653152/; classtype:trojan-activity;sid:84516252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653151/; classtype:trojan-activity;sid:84516251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653149/; classtype:trojan-activity;sid:84516249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-10-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653148/; classtype:trojan-activity;sid:84516248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653140/; classtype:trojan-activity;sid:84516240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653137/; classtype:trojan-activity;sid:84516237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653136/; classtype:trojan-activity;sid:84516236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653132/; classtype:trojan-activity;sid:84516232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653114/; classtype:trojan-activity;sid:84516214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653111/; classtype:trojan-activity;sid:84516211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653107/; classtype:trojan-activity;sid:84516207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653104/; classtype:trojan-activity;sid:84516204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653097/; classtype:trojan-activity;sid:84516197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653094/; classtype:trojan-activity;sid:84516194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653079/; classtype:trojan-activity;sid:84516179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653073/; classtype:trojan-activity;sid:84516173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653066/; classtype:trojan-activity;sid:84516166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-10-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653056/; classtype:trojan-activity;sid:84516156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653054/; classtype:trojan-activity;sid:84516154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653051/; classtype:trojan-activity;sid:84516151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653047/; classtype:trojan-activity;sid:84516147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-05-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653049/; classtype:trojan-activity;sid:84516149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653044/; classtype:trojan-activity;sid:84516144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653041/; classtype:trojan-activity;sid:84516141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-11-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653042/; classtype:trojan-activity;sid:84516142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653038/; classtype:trojan-activity;sid:84516138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653025/; classtype:trojan-activity;sid:84516125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653016/; classtype:trojan-activity;sid:84516116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653021/; classtype:trojan-activity;sid:84516121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-02-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653011/; classtype:trojan-activity;sid:84516111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652998/; classtype:trojan-activity;sid:84516098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652994/; classtype:trojan-activity;sid:84516094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652988/; classtype:trojan-activity;sid:84516088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652989)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652989/; classtype:trojan-activity;sid:84516089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652985/; classtype:trojan-activity;sid:84516085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652980/; classtype:trojan-activity;sid:84516080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652977/; classtype:trojan-activity;sid:84516077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652962/; classtype:trojan-activity;sid:84516062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652960/; classtype:trojan-activity;sid:84516060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652954/; classtype:trojan-activity;sid:84516054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652953/; classtype:trojan-activity;sid:84516053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652940/; classtype:trojan-activity;sid:84516040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652935/; classtype:trojan-activity;sid:84516035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652932/; classtype:trojan-activity;sid:84516032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652933/; classtype:trojan-activity;sid:84516033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652926/; classtype:trojan-activity;sid:84516026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652923/; classtype:trojan-activity;sid:84516023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652921/; classtype:trojan-activity;sid:84516021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652919/; classtype:trojan-activity;sid:84516019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652920/; classtype:trojan-activity;sid:84516020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652895/; classtype:trojan-activity;sid:84515995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652869/; classtype:trojan-activity;sid:84515969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652865/; classtype:trojan-activity;sid:84515965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652846/; classtype:trojan-activity;sid:84515946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652851/; classtype:trojan-activity;sid:84515951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652843/; classtype:trojan-activity;sid:84515943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652837/; classtype:trojan-activity;sid:84515937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652820/; classtype:trojan-activity;sid:84515920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652821/; classtype:trojan-activity;sid:84515921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652803/; classtype:trojan-activity;sid:84515903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652788/; classtype:trojan-activity;sid:84515888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652789/; classtype:trojan-activity;sid:84515889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652777/; classtype:trojan-activity;sid:84515877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652776/; classtype:trojan-activity;sid:84515876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652772/; classtype:trojan-activity;sid:84515872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652725/; classtype:trojan-activity;sid:84515825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652723/; classtype:trojan-activity;sid:84515823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652718/; classtype:trojan-activity;sid:84515818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652719/; classtype:trojan-activity;sid:84515819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652720/; classtype:trojan-activity;sid:84515820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652721/; classtype:trojan-activity;sid:84515821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652716/; classtype:trojan-activity;sid:84515816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652717/; classtype:trojan-activity;sid:84515817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652705/; classtype:trojan-activity;sid:84515805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652707/; classtype:trojan-activity;sid:84515807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-09-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652702/; classtype:trojan-activity;sid:84515802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652696/; classtype:trojan-activity;sid:84515796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652692/; classtype:trojan-activity;sid:84515792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652683/; classtype:trojan-activity;sid:84515783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652675/; classtype:trojan-activity;sid:84515775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652645)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652645/; classtype:trojan-activity;sid:84515745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-05-13/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652637/; classtype:trojan-activity;sid:84515737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-03-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652640/; classtype:trojan-activity;sid:84515740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652636/; classtype:trojan-activity;sid:84515736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652629/; classtype:trojan-activity;sid:84515729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652618)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652618/; classtype:trojan-activity;sid:84515718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652617/; classtype:trojan-activity;sid:84515717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652593/; classtype:trojan-activity;sid:84515693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-30/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652591/; classtype:trojan-activity;sid:84515691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652578/; classtype:trojan-activity;sid:84515678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652573/; classtype:trojan-activity;sid:84515673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652564)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652564/; classtype:trojan-activity;sid:84515664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652486)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652486/; classtype:trojan-activity;sid:84515586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-11-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652485/; classtype:trojan-activity;sid:84515585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652483/; classtype:trojan-activity;sid:84515583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652484)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652484/; classtype:trojan-activity;sid:84515584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652482/; classtype:trojan-activity;sid:84515582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652481)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652481/; classtype:trojan-activity;sid:84515581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652480)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652480/; classtype:trojan-activity;sid:84515580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652478)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652478/; classtype:trojan-activity;sid:84515578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652474/; classtype:trojan-activity;sid:84515574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652475)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652475/; classtype:trojan-activity;sid:84515575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652473)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652473/; classtype:trojan-activity;sid:84515573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-09-26/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652472/; classtype:trojan-activity;sid:84515572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652471/; classtype:trojan-activity;sid:84515571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652470/; classtype:trojan-activity;sid:84515570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652467/; classtype:trojan-activity;sid:84515567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652468/; classtype:trojan-activity;sid:84515568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652469)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652469/; classtype:trojan-activity;sid:84515569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652464)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652464/; classtype:trojan-activity;sid:84515564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-04-03/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652465/; classtype:trojan-activity;sid:84515565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652463)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652463/; classtype:trojan-activity;sid:84515563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652462)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652462/; classtype:trojan-activity;sid:84515562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652461/; classtype:trojan-activity;sid:84515561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652460)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652460/; classtype:trojan-activity;sid:84515560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652458)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652458/; classtype:trojan-activity;sid:84515558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652459)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652459/; classtype:trojan-activity;sid:84515559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652457)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652457/; classtype:trojan-activity;sid:84515557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-09-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652456/; classtype:trojan-activity;sid:84515556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652455)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652455/; classtype:trojan-activity;sid:84515555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-03-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652454/; classtype:trojan-activity;sid:84515554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652453)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652453/; classtype:trojan-activity;sid:84515553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652451)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652451/; classtype:trojan-activity;sid:84515551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652452)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652452/; classtype:trojan-activity;sid:84515552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652445)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652445/; classtype:trojan-activity;sid:84515545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652446)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652446/; classtype:trojan-activity;sid:84515546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652447)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652447/; classtype:trojan-activity;sid:84515547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652448)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652448/; classtype:trojan-activity;sid:84515548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652442/; classtype:trojan-activity;sid:84515542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652444/; classtype:trojan-activity;sid:84515544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652441/; classtype:trojan-activity;sid:84515541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652439/; classtype:trojan-activity;sid:84515539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652437/; classtype:trojan-activity;sid:84515537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652438)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652438/; classtype:trojan-activity;sid:84515538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652436)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652436/; classtype:trojan-activity;sid:84515536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652435)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652435/; classtype:trojan-activity;sid:84515535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652434)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652434/; classtype:trojan-activity;sid:84515534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652433)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652433/; classtype:trojan-activity;sid:84515533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652432)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652432/; classtype:trojan-activity;sid:84515532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652431)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652431/; classtype:trojan-activity;sid:84515531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652430)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652430/; classtype:trojan-activity;sid:84515530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652429)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652429/; classtype:trojan-activity;sid:84515529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652427/; classtype:trojan-activity;sid:84515527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-10-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652428/; classtype:trojan-activity;sid:84515528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652426/; classtype:trojan-activity;sid:84515526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652425)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652425/; classtype:trojan-activity;sid:84515525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652424/; classtype:trojan-activity;sid:84515524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652423)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652423/; classtype:trojan-activity;sid:84515523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-04-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652421/; classtype:trojan-activity;sid:84515521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652422/; classtype:trojan-activity;sid:84515522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652419)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652419/; classtype:trojan-activity;sid:84515519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652420/; classtype:trojan-activity;sid:84515520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652417)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652417/; classtype:trojan-activity;sid:84515517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652418/; classtype:trojan-activity;sid:84515518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652415)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652415/; classtype:trojan-activity;sid:84515515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-12-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652416/; classtype:trojan-activity;sid:84515516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652414/; classtype:trojan-activity;sid:84515514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652413/; classtype:trojan-activity;sid:84515513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652412)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652412/; classtype:trojan-activity;sid:84515512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652411/; classtype:trojan-activity;sid:84515511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652408/; classtype:trojan-activity;sid:84515508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652404)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652404/; classtype:trojan-activity;sid:84515504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652407)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652407/; classtype:trojan-activity;sid:84515507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652402/; classtype:trojan-activity;sid:84515502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652403)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652403/; classtype:trojan-activity;sid:84515503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652401)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652401/; classtype:trojan-activity;sid:84515501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652399)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652399/; classtype:trojan-activity;sid:84515499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652400)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652400/; classtype:trojan-activity;sid:84515500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652397/; classtype:trojan-activity;sid:84515497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652398)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652398/; classtype:trojan-activity;sid:84515498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652395/; classtype:trojan-activity;sid:84515495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-29/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652396/; classtype:trojan-activity;sid:84515496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-01-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652391/; classtype:trojan-activity;sid:84515491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652392/; classtype:trojan-activity;sid:84515492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652390/; classtype:trojan-activity;sid:84515490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652389/; classtype:trojan-activity;sid:84515489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652386/; classtype:trojan-activity;sid:84515486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652387/; classtype:trojan-activity;sid:84515487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-11-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652384/; classtype:trojan-activity;sid:84515484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652383/; classtype:trojan-activity;sid:84515483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652380/; classtype:trojan-activity;sid:84515480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652381/; classtype:trojan-activity;sid:84515481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652382/; classtype:trojan-activity;sid:84515482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652377)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652377/; classtype:trojan-activity;sid:84515477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652378)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652378/; classtype:trojan-activity;sid:84515478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652376/; classtype:trojan-activity;sid:84515476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652375/; classtype:trojan-activity;sid:84515475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652373/; classtype:trojan-activity;sid:84515473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652374/; classtype:trojan-activity;sid:84515474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-05-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652372/; classtype:trojan-activity;sid:84515472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652370/; classtype:trojan-activity;sid:84515470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652368/; classtype:trojan-activity;sid:84515468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652369)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652369/; classtype:trojan-activity;sid:84515469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652367)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652367/; classtype:trojan-activity;sid:84515467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652366/; classtype:trojan-activity;sid:84515466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652365/; classtype:trojan-activity;sid:84515465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652364/; classtype:trojan-activity;sid:84515464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-10-13/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652360/; classtype:trojan-activity;sid:84515460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652359)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652359/; classtype:trojan-activity;sid:84515459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-09-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652358/; classtype:trojan-activity;sid:84515458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652357/; classtype:trojan-activity;sid:84515457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652356)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652356/; classtype:trojan-activity;sid:84515456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652354/; classtype:trojan-activity;sid:84515454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652349)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652349/; classtype:trojan-activity;sid:84515449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652351)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652351/; classtype:trojan-activity;sid:84515451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652352/; classtype:trojan-activity;sid:84515452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652347/; classtype:trojan-activity;sid:84515447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652348/; classtype:trojan-activity;sid:84515448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652346/; classtype:trojan-activity;sid:84515446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652342)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-10-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652342/; classtype:trojan-activity;sid:84515442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652343/; classtype:trojan-activity;sid:84515443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652344)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652344/; classtype:trojan-activity;sid:84515444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652340/; classtype:trojan-activity;sid:84515440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652336/; classtype:trojan-activity;sid:84515436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652337)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652337/; classtype:trojan-activity;sid:84515437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652338/; classtype:trojan-activity;sid:84515438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652339)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652339/; classtype:trojan-activity;sid:84515439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652335)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652335/; classtype:trojan-activity;sid:84515435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652333)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652333/; classtype:trojan-activity;sid:84515433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652331/; classtype:trojan-activity;sid:84515431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652326)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652326/; classtype:trojan-activity;sid:84515426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652327/; classtype:trojan-activity;sid:84515427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652328)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652328/; classtype:trojan-activity;sid:84515428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652329)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652329/; classtype:trojan-activity;sid:84515429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652330)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-11-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652330/; classtype:trojan-activity;sid:84515430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652325)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652325/; classtype:trojan-activity;sid:84515425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652324)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-09-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652324/; classtype:trojan-activity;sid:84515424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652323/; classtype:trojan-activity;sid:84515423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652322)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652322/; classtype:trojan-activity;sid:84515422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652320)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652320/; classtype:trojan-activity;sid:84515420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-03-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652321/; classtype:trojan-activity;sid:84515421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652318)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652318/; classtype:trojan-activity;sid:84515418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652319)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652319/; classtype:trojan-activity;sid:84515419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652317)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652317/; classtype:trojan-activity;sid:84515417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652316)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652316/; classtype:trojan-activity;sid:84515416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652314)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652314/; classtype:trojan-activity;sid:84515414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652312)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652312/; classtype:trojan-activity;sid:84515412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652313)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-06-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652313/; classtype:trojan-activity;sid:84515413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652310/; classtype:trojan-activity;sid:84515410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652309/; classtype:trojan-activity;sid:84515409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652307)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652307/; classtype:trojan-activity;sid:84515407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652305/; classtype:trojan-activity;sid:84515405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652306/; classtype:trojan-activity;sid:84515406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652304/; classtype:trojan-activity;sid:84515404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652303/; classtype:trojan-activity;sid:84515403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652301)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652301/; classtype:trojan-activity;sid:84515401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652302)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652302/; classtype:trojan-activity;sid:84515402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652298)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652298/; classtype:trojan-activity;sid:84515398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652296)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652296/; classtype:trojan-activity;sid:84515396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652295/; classtype:trojan-activity;sid:84515395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652293/; classtype:trojan-activity;sid:84515393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-01-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652292/; classtype:trojan-activity;sid:84515392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652291/; classtype:trojan-activity;sid:84515391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652290/; classtype:trojan-activity;sid:84515390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652289/; classtype:trojan-activity;sid:84515389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652288/; classtype:trojan-activity;sid:84515388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652287)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652287/; classtype:trojan-activity;sid:84515387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652286/; classtype:trojan-activity;sid:84515386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-11-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652284/; classtype:trojan-activity;sid:84515384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652282)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652282/; classtype:trojan-activity;sid:84515382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652283)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652283/; classtype:trojan-activity;sid:84515383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652280)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-12-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652280/; classtype:trojan-activity;sid:84515380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652281/; classtype:trojan-activity;sid:84515381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652279/; classtype:trojan-activity;sid:84515379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652277)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652277/; classtype:trojan-activity;sid:84515377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652278/; classtype:trojan-activity;sid:84515378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652275)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652275/; classtype:trojan-activity;sid:84515375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652276/; classtype:trojan-activity;sid:84515376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652274/; classtype:trojan-activity;sid:84515374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652270/; classtype:trojan-activity;sid:84515370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652269)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-29/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652269/; classtype:trojan-activity;sid:84515369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652268)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652268/; classtype:trojan-activity;sid:84515368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652265)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652265/; classtype:trojan-activity;sid:84515365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652264)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652264/; classtype:trojan-activity;sid:84515364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652263)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652263/; classtype:trojan-activity;sid:84515363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652262/; classtype:trojan-activity;sid:84515362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652259/; classtype:trojan-activity;sid:84515359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652260)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652260/; classtype:trojan-activity;sid:84515360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652257/; classtype:trojan-activity;sid:84515357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652256/; classtype:trojan-activity;sid:84515356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652255)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652255/; classtype:trojan-activity;sid:84515355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-11-25/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652250/; classtype:trojan-activity;sid:84515350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652247/; classtype:trojan-activity;sid:84515347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652248/; classtype:trojan-activity;sid:84515348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652246)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652246/; classtype:trojan-activity;sid:84515346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652245/; classtype:trojan-activity;sid:84515345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652243/; classtype:trojan-activity;sid:84515343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652241)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652241/; classtype:trojan-activity;sid:84515341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652242/; classtype:trojan-activity;sid:84515342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652239/; classtype:trojan-activity;sid:84515339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652240)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652240/; classtype:trojan-activity;sid:84515340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652238/; classtype:trojan-activity;sid:84515338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652237)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652237/; classtype:trojan-activity;sid:84515337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-07-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652236/; classtype:trojan-activity;sid:84515336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652235)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652235/; classtype:trojan-activity;sid:84515335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-03-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652234/; classtype:trojan-activity;sid:84515334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652232)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652232/; classtype:trojan-activity;sid:84515332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652233/; classtype:trojan-activity;sid:84515333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652230/; classtype:trojan-activity;sid:84515330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652231/; classtype:trojan-activity;sid:84515331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652229)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652229/; classtype:trojan-activity;sid:84515329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652225)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-06-25/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652225/; classtype:trojan-activity;sid:84515325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652223)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652223/; classtype:trojan-activity;sid:84515323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652221)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652221/; classtype:trojan-activity;sid:84515321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652222/; classtype:trojan-activity;sid:84515322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652219)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652219/; classtype:trojan-activity;sid:84515319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652220/; classtype:trojan-activity;sid:84515320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652218)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652218/; classtype:trojan-activity;sid:84515318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652217)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652217/; classtype:trojan-activity;sid:84515317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652216)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652216/; classtype:trojan-activity;sid:84515316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652214/; classtype:trojan-activity;sid:84515314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652215/; classtype:trojan-activity;sid:84515315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652213/; classtype:trojan-activity;sid:84515313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652211)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652211/; classtype:trojan-activity;sid:84515311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652210)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652210/; classtype:trojan-activity;sid:84515310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652208/; classtype:trojan-activity;sid:84515308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652206)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652206/; classtype:trojan-activity;sid:84515306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652205/; classtype:trojan-activity;sid:84515305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652204/; classtype:trojan-activity;sid:84515304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652203)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652203/; classtype:trojan-activity;sid:84515303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652201/; classtype:trojan-activity;sid:84515301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652198)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652198/; classtype:trojan-activity;sid:84515298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652200/; classtype:trojan-activity;sid:84515300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652197)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652197/; classtype:trojan-activity;sid:84515297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652196/; classtype:trojan-activity;sid:84515296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652193/; classtype:trojan-activity;sid:84515293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652194)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652194/; classtype:trojan-activity;sid:84515294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652192/; classtype:trojan-activity;sid:84515292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652186/; classtype:trojan-activity;sid:84515286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652187/; classtype:trojan-activity;sid:84515287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652188/; classtype:trojan-activity;sid:84515288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652189/; classtype:trojan-activity;sid:84515289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652190)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652190/; classtype:trojan-activity;sid:84515290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652191/; classtype:trojan-activity;sid:84515291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652185)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652185/; classtype:trojan-activity;sid:84515285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652184/; classtype:trojan-activity;sid:84515284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652183/; classtype:trojan-activity;sid:84515283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652181/; classtype:trojan-activity;sid:84515281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652180/; classtype:trojan-activity;sid:84515280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652179/; classtype:trojan-activity;sid:84515279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652176/; classtype:trojan-activity;sid:84515276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652177/; classtype:trojan-activity;sid:84515277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652178/; classtype:trojan-activity;sid:84515278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652175/; classtype:trojan-activity;sid:84515275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652174)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652174/; classtype:trojan-activity;sid:84515274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652173/; classtype:trojan-activity;sid:84515273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652171/; classtype:trojan-activity;sid:84515271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652169/; classtype:trojan-activity;sid:84515269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652170/; classtype:trojan-activity;sid:84515270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652167/; classtype:trojan-activity;sid:84515267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652166/; classtype:trojan-activity;sid:84515266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652165/; classtype:trojan-activity;sid:84515265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652164)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652164/; classtype:trojan-activity;sid:84515264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652163/; classtype:trojan-activity;sid:84515263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652162/; classtype:trojan-activity;sid:84515262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652161/; classtype:trojan-activity;sid:84515261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652160/; classtype:trojan-activity;sid:84515260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652157)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652157/; classtype:trojan-activity;sid:84515257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652158/; classtype:trojan-activity;sid:84515258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652159/; classtype:trojan-activity;sid:84515259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652156/; classtype:trojan-activity;sid:84515256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652152/; classtype:trojan-activity;sid:84515252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652153)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652153/; classtype:trojan-activity;sid:84515253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652151/; classtype:trojan-activity;sid:84515251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652150/; classtype:trojan-activity;sid:84515250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652147/; classtype:trojan-activity;sid:84515247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652148/; classtype:trojan-activity;sid:84515248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652149/; classtype:trojan-activity;sid:84515249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652144/; classtype:trojan-activity;sid:84515244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652145/; classtype:trojan-activity;sid:84515245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652146/; classtype:trojan-activity;sid:84515246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652141/; classtype:trojan-activity;sid:84515241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652143/; classtype:trojan-activity;sid:84515243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652138/; classtype:trojan-activity;sid:84515238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652140/; classtype:trojan-activity;sid:84515240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652136/; classtype:trojan-activity;sid:84515236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652137/; classtype:trojan-activity;sid:84515237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652135/; classtype:trojan-activity;sid:84515235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652132/; classtype:trojan-activity;sid:84515232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652133/; classtype:trojan-activity;sid:84515233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652134)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652134/; classtype:trojan-activity;sid:84515234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652128/; classtype:trojan-activity;sid:84515228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652129/; classtype:trojan-activity;sid:84515229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652130/; classtype:trojan-activity;sid:84515230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652131/; classtype:trojan-activity;sid:84515231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652126)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652126/; classtype:trojan-activity;sid:84515226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652122/; classtype:trojan-activity;sid:84515222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652124/; classtype:trojan-activity;sid:84515224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-03-24/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652121/; classtype:trojan-activity;sid:84515221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652119/; classtype:trojan-activity;sid:84515219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652112/; classtype:trojan-activity;sid:84515212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652113/; classtype:trojan-activity;sid:84515213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652114/; classtype:trojan-activity;sid:84515214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652115/; classtype:trojan-activity;sid:84515215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652116/; classtype:trojan-activity;sid:84515216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652118/; classtype:trojan-activity;sid:84515218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652108/; classtype:trojan-activity;sid:84515208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652109/; classtype:trojan-activity;sid:84515209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-11-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652110/; classtype:trojan-activity;sid:84515210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652111/; classtype:trojan-activity;sid:84515211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652107/; classtype:trojan-activity;sid:84515207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652105/; classtype:trojan-activity;sid:84515205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652106/; classtype:trojan-activity;sid:84515206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652102)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652102/; classtype:trojan-activity;sid:84515202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652103/; classtype:trojan-activity;sid:84515203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652104/; classtype:trojan-activity;sid:84515204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652101/; classtype:trojan-activity;sid:84515201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652100/; classtype:trojan-activity;sid:84515200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652098/; classtype:trojan-activity;sid:84515198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652097/; classtype:trojan-activity;sid:84515197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652095/; classtype:trojan-activity;sid:84515195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-04-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652094/; classtype:trojan-activity;sid:84515194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652091/; classtype:trojan-activity;sid:84515191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652092/; classtype:trojan-activity;sid:84515192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652090/; classtype:trojan-activity;sid:84515190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-01-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652084/; classtype:trojan-activity;sid:84515184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-05-24/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652086/; classtype:trojan-activity;sid:84515186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-12-27/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652088/; classtype:trojan-activity;sid:84515188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652089/; classtype:trojan-activity;sid:84515189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652081/; classtype:trojan-activity;sid:84515181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652082/; classtype:trojan-activity;sid:84515182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652083/; classtype:trojan-activity;sid:84515183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652078/; classtype:trojan-activity;sid:84515178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-03-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652079/; classtype:trojan-activity;sid:84515179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652075/; classtype:trojan-activity;sid:84515175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652076/; classtype:trojan-activity;sid:84515176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652077/; classtype:trojan-activity;sid:84515177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652070/; classtype:trojan-activity;sid:84515170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652071/; classtype:trojan-activity;sid:84515171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-11-23/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652067/; classtype:trojan-activity;sid:84515167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652068/; classtype:trojan-activity;sid:84515168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652060/; classtype:trojan-activity;sid:84515160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-10-24/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652061/; classtype:trojan-activity;sid:84515161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-27/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652063/; classtype:trojan-activity;sid:84515163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652064/; classtype:trojan-activity;sid:84515164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-11-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652065/; classtype:trojan-activity;sid:84515165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652066/; classtype:trojan-activity;sid:84515166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652057/; classtype:trojan-activity;sid:84515157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652058/; classtype:trojan-activity;sid:84515158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652053/; classtype:trojan-activity;sid:84515153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652054/; classtype:trojan-activity;sid:84515154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-08-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652048/; classtype:trojan-activity;sid:84515148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652049/; classtype:trojan-activity;sid:84515149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652050/; classtype:trojan-activity;sid:84515150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652051/; classtype:trojan-activity;sid:84515151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652052/; classtype:trojan-activity;sid:84515152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652045/; classtype:trojan-activity;sid:84515145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-06-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652046/; classtype:trojan-activity;sid:84515146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652042/; classtype:trojan-activity;sid:84515142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652043/; classtype:trojan-activity;sid:84515143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652041/; classtype:trojan-activity;sid:84515141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652039/; classtype:trojan-activity;sid:84515139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652040/; classtype:trojan-activity;sid:84515140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652036/; classtype:trojan-activity;sid:84515136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652037/; classtype:trojan-activity;sid:84515137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652038/; classtype:trojan-activity;sid:84515138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652034/; classtype:trojan-activity;sid:84515134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652025/; classtype:trojan-activity;sid:84515125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652026/; classtype:trojan-activity;sid:84515126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652027/; classtype:trojan-activity;sid:84515127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652028/; classtype:trojan-activity;sid:84515128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652029/; classtype:trojan-activity;sid:84515129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652030/; classtype:trojan-activity;sid:84515130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652031/; classtype:trojan-activity;sid:84515131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-07-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652024/; classtype:trojan-activity;sid:84515124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652023/; classtype:trojan-activity;sid:84515123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652022/; classtype:trojan-activity;sid:84515122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652021/; classtype:trojan-activity;sid:84515121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652014/; classtype:trojan-activity;sid:84515114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652015/; classtype:trojan-activity;sid:84515115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652016/; classtype:trojan-activity;sid:84515116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652017/; classtype:trojan-activity;sid:84515117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652018)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-14/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652018/; classtype:trojan-activity;sid:84515118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652019/; classtype:trojan-activity;sid:84515119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652020/; classtype:trojan-activity;sid:84515120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-18/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652012/; classtype:trojan-activity;sid:84515112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652013/; classtype:trojan-activity;sid:84515113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652007/; classtype:trojan-activity;sid:84515107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652008/; classtype:trojan-activity;sid:84515108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652009)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-04-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652009/; classtype:trojan-activity;sid:84515109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652010/; classtype:trojan-activity;sid:84515110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652011/; classtype:trojan-activity;sid:84515111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652005/; classtype:trojan-activity;sid:84515105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-03-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652006/; classtype:trojan-activity;sid:84515106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652003/; classtype:trojan-activity;sid:84515103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652002/; classtype:trojan-activity;sid:84515102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652000/; classtype:trojan-activity;sid:84515100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651998/; classtype:trojan-activity;sid:84515098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651999/; classtype:trojan-activity;sid:84515099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651993/; classtype:trojan-activity;sid:84515093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651994/; classtype:trojan-activity;sid:84515094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651995/; classtype:trojan-activity;sid:84515095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651996/; classtype:trojan-activity;sid:84515096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651997/; classtype:trojan-activity;sid:84515097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651991/; classtype:trojan-activity;sid:84515091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651992/; classtype:trojan-activity;sid:84515092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651989)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651989/; classtype:trojan-activity;sid:84515089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651990/; classtype:trojan-activity;sid:84515090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651987/; classtype:trojan-activity;sid:84515087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651988/; classtype:trojan-activity;sid:84515088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651981/; classtype:trojan-activity;sid:84515081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-02/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651982/; classtype:trojan-activity;sid:84515082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651983)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651983/; classtype:trojan-activity;sid:84515083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651985/; classtype:trojan-activity;sid:84515085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651986/; classtype:trojan-activity;sid:84515086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651978/; classtype:trojan-activity;sid:84515078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651980/; classtype:trojan-activity;sid:84515080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651969)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-03-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651969/; classtype:trojan-activity;sid:84515069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651971/; classtype:trojan-activity;sid:84515071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651972/; classtype:trojan-activity;sid:84515072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651973/; classtype:trojan-activity;sid:84515073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651974)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651974/; classtype:trojan-activity;sid:84515074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651975/; classtype:trojan-activity;sid:84515075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651976/; classtype:trojan-activity;sid:84515076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651977/; classtype:trojan-activity;sid:84515077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651967/; classtype:trojan-activity;sid:84515067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651968/; classtype:trojan-activity;sid:84515068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651965/; classtype:trojan-activity;sid:84515065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651966/; classtype:trojan-activity;sid:84515066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651963/; classtype:trojan-activity;sid:84515063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-09-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651964/; classtype:trojan-activity;sid:84515064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651959/; classtype:trojan-activity;sid:84515059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651960/; classtype:trojan-activity;sid:84515060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651961/; classtype:trojan-activity;sid:84515061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651962/; classtype:trojan-activity;sid:84515062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651958/; classtype:trojan-activity;sid:84515058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651956/; classtype:trojan-activity;sid:84515056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651957/; classtype:trojan-activity;sid:84515057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651955/; classtype:trojan-activity;sid:84515055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651954/; classtype:trojan-activity;sid:84515054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651952/; classtype:trojan-activity;sid:84515052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651953/; classtype:trojan-activity;sid:84515053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651951)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651951/; classtype:trojan-activity;sid:84515051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651949/; classtype:trojan-activity;sid:84515049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651950)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651950/; classtype:trojan-activity;sid:84515050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651944/; classtype:trojan-activity;sid:84515044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651945/; classtype:trojan-activity;sid:84515045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651946)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/9929/11032020101348/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651946/; classtype:trojan-activity;sid:84515046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651947)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-09-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651947/; classtype:trojan-activity;sid:84515047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651948)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651948/; classtype:trojan-activity;sid:84515048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651943/; classtype:trojan-activity;sid:84515043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651942/; classtype:trojan-activity;sid:84515042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651937/; classtype:trojan-activity;sid:84515037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651938)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651938/; classtype:trojan-activity;sid:84515038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651939/; classtype:trojan-activity;sid:84515039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651941/; classtype:trojan-activity;sid:84515041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651933/; classtype:trojan-activity;sid:84515033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-10-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651934/; classtype:trojan-activity;sid:84515034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651935/; classtype:trojan-activity;sid:84515035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651936/; classtype:trojan-activity;sid:84515036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651931/; classtype:trojan-activity;sid:84515031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651932/; classtype:trojan-activity;sid:84515032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651930/; classtype:trojan-activity;sid:84515030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651928/; classtype:trojan-activity;sid:84515028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651929)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651929/; classtype:trojan-activity;sid:84515029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-18/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651926/; classtype:trojan-activity;sid:84515026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651927/; classtype:trojan-activity;sid:84515027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651921/; classtype:trojan-activity;sid:84515021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651922/; classtype:trojan-activity;sid:84515022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651923/; classtype:trojan-activity;sid:84515023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651924)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651924/; classtype:trojan-activity;sid:84515024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651925)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651925/; classtype:trojan-activity;sid:84515025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651915/; classtype:trojan-activity;sid:84515015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651916)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651916/; classtype:trojan-activity;sid:84515016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651913/; classtype:trojan-activity;sid:84515013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651914/; classtype:trojan-activity;sid:84515014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-12-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651909/; classtype:trojan-activity;sid:84515009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-22/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651910/; classtype:trojan-activity;sid:84515010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651912/; classtype:trojan-activity;sid:84515012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651906)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651906/; classtype:trojan-activity;sid:84515006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651907)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651907/; classtype:trojan-activity;sid:84515007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651901)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651901/; classtype:trojan-activity;sid:84515001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-11-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651902/; classtype:trojan-activity;sid:84515002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651903/; classtype:trojan-activity;sid:84515003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651899/; classtype:trojan-activity;sid:84514999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651900/; classtype:trojan-activity;sid:84515000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-09-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651896/; classtype:trojan-activity;sid:84514996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651897/; classtype:trojan-activity;sid:84514997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651898)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651898/; classtype:trojan-activity;sid:84514998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651894/; classtype:trojan-activity;sid:84514994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651895/; classtype:trojan-activity;sid:84514995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160618/td00000000000000159843/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651892/; classtype:trojan-activity;sid:84514992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651893/; classtype:trojan-activity;sid:84514993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651891)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651891/; classtype:trojan-activity;sid:84514991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651887/; classtype:trojan-activity;sid:84514987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651888/; classtype:trojan-activity;sid:84514988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651889)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651889/; classtype:trojan-activity;sid:84514989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651883/; classtype:trojan-activity;sid:84514983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651884/; classtype:trojan-activity;sid:84514984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651885/; classtype:trojan-activity;sid:84514985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651881/; classtype:trojan-activity;sid:84514981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651882/; classtype:trojan-activity;sid:84514982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651877/; classtype:trojan-activity;sid:84514977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651878/; classtype:trojan-activity;sid:84514978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651879)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-11-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651879/; classtype:trojan-activity;sid:84514979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651874/; classtype:trojan-activity;sid:84514974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651875/; classtype:trojan-activity;sid:84514975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651876/; classtype:trojan-activity;sid:84514976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-12-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651867/; classtype:trojan-activity;sid:84514967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651868/; classtype:trojan-activity;sid:84514968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651869/; classtype:trojan-activity;sid:84514969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651870/; classtype:trojan-activity;sid:84514970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651871/; classtype:trojan-activity;sid:84514971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651872/; classtype:trojan-activity;sid:84514972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651873)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651873/; classtype:trojan-activity;sid:84514973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651866)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-12-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651866/; classtype:trojan-activity;sid:84514966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651865/; classtype:trojan-activity;sid:84514965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651862/; classtype:trojan-activity;sid:84514962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651864/; classtype:trojan-activity;sid:84514964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651859/; classtype:trojan-activity;sid:84514959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651860/; classtype:trojan-activity;sid:84514960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651857/; classtype:trojan-activity;sid:84514957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651855/; classtype:trojan-activity;sid:84514955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651854/; classtype:trojan-activity;sid:84514954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651852/; classtype:trojan-activity;sid:84514952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651853/; classtype:trojan-activity;sid:84514953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651849/; classtype:trojan-activity;sid:84514949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651850/; classtype:trojan-activity;sid:84514950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-31/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651848/; classtype:trojan-activity;sid:84514948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651847)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651847/; classtype:trojan-activity;sid:84514947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651846/; classtype:trojan-activity;sid:84514946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651844/; classtype:trojan-activity;sid:84514944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651843/; classtype:trojan-activity;sid:84514943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651836/; classtype:trojan-activity;sid:84514936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651837/; classtype:trojan-activity;sid:84514937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651838)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651838/; classtype:trojan-activity;sid:84514938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651839/; classtype:trojan-activity;sid:84514939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651840/; classtype:trojan-activity;sid:84514940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651841/; classtype:trojan-activity;sid:84514941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651842/; classtype:trojan-activity;sid:84514942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651834)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651834/; classtype:trojan-activity;sid:84514934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651835/; classtype:trojan-activity;sid:84514935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651832/; classtype:trojan-activity;sid:84514932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651833/; classtype:trojan-activity;sid:84514933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651829/; classtype:trojan-activity;sid:84514929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651830/; classtype:trojan-activity;sid:84514930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651827)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-11-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651827/; classtype:trojan-activity;sid:84514927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651823/; classtype:trojan-activity;sid:84514923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651824/; classtype:trojan-activity;sid:84514924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651825/; classtype:trojan-activity;sid:84514925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651826/; classtype:trojan-activity;sid:84514926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651821/; classtype:trojan-activity;sid:84514921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651819/; classtype:trojan-activity;sid:84514919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651813)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651813/; classtype:trojan-activity;sid:84514913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651814/; classtype:trojan-activity;sid:84514914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-01-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651815/; classtype:trojan-activity;sid:84514915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651816/; classtype:trojan-activity;sid:84514916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651817/; classtype:trojan-activity;sid:84514917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651818/; classtype:trojan-activity;sid:84514918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651810/; classtype:trojan-activity;sid:84514910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651811/; classtype:trojan-activity;sid:84514911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-10-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651812/; classtype:trojan-activity;sid:84514912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651808)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651808/; classtype:trojan-activity;sid:84514908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651806/; classtype:trojan-activity;sid:84514906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651807)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651807/; classtype:trojan-activity;sid:84514907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-06-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651802/; classtype:trojan-activity;sid:84514902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-06-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651803/; classtype:trojan-activity;sid:84514903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651804/; classtype:trojan-activity;sid:84514904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651805)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651805/; classtype:trojan-activity;sid:84514905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651801/; classtype:trojan-activity;sid:84514901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651796/; classtype:trojan-activity;sid:84514896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651797/; classtype:trojan-activity;sid:84514897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651790/; classtype:trojan-activity;sid:84514890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651792)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651792/; classtype:trojan-activity;sid:84514892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168897/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651789/; classtype:trojan-activity;sid:84514889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651787/; classtype:trojan-activity;sid:84514887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651783/; classtype:trojan-activity;sid:84514883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651785/; classtype:trojan-activity;sid:84514885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651786)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651786/; classtype:trojan-activity;sid:84514886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651777/; classtype:trojan-activity;sid:84514877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651778/; classtype:trojan-activity;sid:84514878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651780/; classtype:trojan-activity;sid:84514880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651781/; classtype:trojan-activity;sid:84514881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651774)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651774/; classtype:trojan-activity;sid:84514874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-22/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651775/; classtype:trojan-activity;sid:84514875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651776/; classtype:trojan-activity;sid:84514876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651770/; classtype:trojan-activity;sid:84514870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651771/; classtype:trojan-activity;sid:84514871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651772/; classtype:trojan-activity;sid:84514872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651773)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651773/; classtype:trojan-activity;sid:84514873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-11-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651768/; classtype:trojan-activity;sid:84514868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651769/; classtype:trojan-activity;sid:84514869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651766/; classtype:trojan-activity;sid:84514866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651767/; classtype:trojan-activity;sid:84514867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651763)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-03-15/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651763/; classtype:trojan-activity;sid:84514863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-11-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651764/; classtype:trojan-activity;sid:84514864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651765/; classtype:trojan-activity;sid:84514865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651760/; classtype:trojan-activity;sid:84514860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651761/; classtype:trojan-activity;sid:84514861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651762/; classtype:trojan-activity;sid:84514862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651755/; classtype:trojan-activity;sid:84514855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651756)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651756/; classtype:trojan-activity;sid:84514856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651757/; classtype:trojan-activity;sid:84514857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651758/; classtype:trojan-activity;sid:84514858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651759/; classtype:trojan-activity;sid:84514859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651753/; classtype:trojan-activity;sid:84514853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651754/; classtype:trojan-activity;sid:84514854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651751/; classtype:trojan-activity;sid:84514851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651752)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651752/; classtype:trojan-activity;sid:84514852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651750/; classtype:trojan-activity;sid:84514850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651741/; classtype:trojan-activity;sid:84514841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651742)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651742/; classtype:trojan-activity;sid:84514842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651744/; classtype:trojan-activity;sid:84514844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651745/; classtype:trojan-activity;sid:84514845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651746/; classtype:trojan-activity;sid:84514846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651747)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651747/; classtype:trojan-activity;sid:84514847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/homologa%c3%a7%c3%a3o/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651748/; classtype:trojan-activity;sid:84514848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651740)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651740/; classtype:trojan-activity;sid:84514840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651734/; classtype:trojan-activity;sid:84514834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651735/; classtype:trojan-activity;sid:84514835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651736/; classtype:trojan-activity;sid:84514836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651737/; classtype:trojan-activity;sid:84514837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651739/; classtype:trojan-activity;sid:84514839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651730/; classtype:trojan-activity;sid:84514830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651731)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651731/; classtype:trojan-activity;sid:84514831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651732/; classtype:trojan-activity;sid:84514832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651729/; classtype:trojan-activity;sid:84514829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651728/; classtype:trojan-activity;sid:84514828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-12-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651726/; classtype:trojan-activity;sid:84514826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-12-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651725/; classtype:trojan-activity;sid:84514825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651720/; classtype:trojan-activity;sid:84514820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651721/; classtype:trojan-activity;sid:84514821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651722/; classtype:trojan-activity;sid:84514822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-04-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651723/; classtype:trojan-activity;sid:84514823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651724/; classtype:trojan-activity;sid:84514824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651717/; classtype:trojan-activity;sid:84514817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651718/; classtype:trojan-activity;sid:84514818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651716/; classtype:trojan-activity;sid:84514816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651715/; classtype:trojan-activity;sid:84514815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651713)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651713/; classtype:trojan-activity;sid:84514813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651714/; classtype:trojan-activity;sid:84514814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651710/; classtype:trojan-activity;sid:84514810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651711/; classtype:trojan-activity;sid:84514811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651709/; classtype:trojan-activity;sid:84514809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651707/; classtype:trojan-activity;sid:84514807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651708/; classtype:trojan-activity;sid:84514808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651705/; classtype:trojan-activity;sid:84514805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651706)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651706/; classtype:trojan-activity;sid:84514806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651699/; classtype:trojan-activity;sid:84514799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651700/; classtype:trojan-activity;sid:84514800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651701/; classtype:trojan-activity;sid:84514801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651702/; classtype:trojan-activity;sid:84514802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651703/; classtype:trojan-activity;sid:84514803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651695/; classtype:trojan-activity;sid:84514795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651696/; classtype:trojan-activity;sid:84514796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651697/; classtype:trojan-activity;sid:84514797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651693/; classtype:trojan-activity;sid:84514793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651694/; classtype:trojan-activity;sid:84514794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651691)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651691/; classtype:trojan-activity;sid:84514791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651692/; classtype:trojan-activity;sid:84514792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651686/; classtype:trojan-activity;sid:84514786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651687/; classtype:trojan-activity;sid:84514787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651688/; classtype:trojan-activity;sid:84514788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651689/; classtype:trojan-activity;sid:84514789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651690/; classtype:trojan-activity;sid:84514790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651685/; classtype:trojan-activity;sid:84514785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651683/; classtype:trojan-activity;sid:84514783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651684)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651684/; classtype:trojan-activity;sid:84514784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651681/; classtype:trojan-activity;sid:84514781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651680)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651680/; classtype:trojan-activity;sid:84514780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651679/; classtype:trojan-activity;sid:84514779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651678/; classtype:trojan-activity;sid:84514778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651675/; classtype:trojan-activity;sid:84514775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651676/; classtype:trojan-activity;sid:84514776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651677/; classtype:trojan-activity;sid:84514777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-22/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651668/; classtype:trojan-activity;sid:84514768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651669/; classtype:trojan-activity;sid:84514769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-02-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651670/; classtype:trojan-activity;sid:84514770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651671/; classtype:trojan-activity;sid:84514771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651667/; classtype:trojan-activity;sid:84514767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651663/; classtype:trojan-activity;sid:84514763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651664/; classtype:trojan-activity;sid:84514764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-11-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651665/; classtype:trojan-activity;sid:84514765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651666/; classtype:trojan-activity;sid:84514766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651655/; classtype:trojan-activity;sid:84514755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-23/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651656/; classtype:trojan-activity;sid:84514756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651657)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651657/; classtype:trojan-activity;sid:84514757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651658)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651658/; classtype:trojan-activity;sid:84514758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651659/; classtype:trojan-activity;sid:84514759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651661)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651661/; classtype:trojan-activity;sid:84514761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651650/; classtype:trojan-activity;sid:84514750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-06-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651651/; classtype:trojan-activity;sid:84514751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651652/; classtype:trojan-activity;sid:84514752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651653/; classtype:trojan-activity;sid:84514753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651654)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651654/; classtype:trojan-activity;sid:84514754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651645)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651645/; classtype:trojan-activity;sid:84514745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651646)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651646/; classtype:trojan-activity;sid:84514746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-09-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651647/; classtype:trojan-activity;sid:84514747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651648)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651648/; classtype:trojan-activity;sid:84514748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651649/; classtype:trojan-activity;sid:84514749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651640/; classtype:trojan-activity;sid:84514740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651641)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651641/; classtype:trojan-activity;sid:84514741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651642)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651642/; classtype:trojan-activity;sid:84514742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651643/; classtype:trojan-activity;sid:84514743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651644/; classtype:trojan-activity;sid:84514744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651632)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-09-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651632/; classtype:trojan-activity;sid:84514732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-16/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651633/; classtype:trojan-activity;sid:84514733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651634)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651634/; classtype:trojan-activity;sid:84514734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651635/; classtype:trojan-activity;sid:84514735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-05-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651636/; classtype:trojan-activity;sid:84514736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651637/; classtype:trojan-activity;sid:84514737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651638/; classtype:trojan-activity;sid:84514738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651629/; classtype:trojan-activity;sid:84514729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-06-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651630/; classtype:trojan-activity;sid:84514730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651631/; classtype:trojan-activity;sid:84514731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651628)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651628/; classtype:trojan-activity;sid:84514728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651622/; classtype:trojan-activity;sid:84514722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651624)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651624/; classtype:trojan-activity;sid:84514724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-04-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651625/; classtype:trojan-activity;sid:84514725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651627)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651627/; classtype:trojan-activity;sid:84514727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651620)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651620/; classtype:trojan-activity;sid:84514720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651621)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651621/; classtype:trojan-activity;sid:84514721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651619)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651619/; classtype:trojan-activity;sid:84514719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651617/; classtype:trojan-activity;sid:84514717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651616)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651616/; classtype:trojan-activity;sid:84514716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651615)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651615/; classtype:trojan-activity;sid:84514715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651614)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651614/; classtype:trojan-activity;sid:84514714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651613/; classtype:trojan-activity;sid:84514713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651611/; classtype:trojan-activity;sid:84514711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651608/; classtype:trojan-activity;sid:84514708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651609/; classtype:trojan-activity;sid:84514709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651605)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651605/; classtype:trojan-activity;sid:84514705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651603)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651603/; classtype:trojan-activity;sid:84514703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651604/; classtype:trojan-activity;sid:84514704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651598/; classtype:trojan-activity;sid:84514698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651599/; classtype:trojan-activity;sid:84514699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651600/; classtype:trojan-activity;sid:84514700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651601)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-11-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651601/; classtype:trojan-activity;sid:84514701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-14/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651602/; classtype:trojan-activity;sid:84514702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651591/; classtype:trojan-activity;sid:84514691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651592/; classtype:trojan-activity;sid:84514692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-07-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651593/; classtype:trojan-activity;sid:84514693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-10-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651594/; classtype:trojan-activity;sid:84514694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651595/; classtype:trojan-activity;sid:84514695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651597)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651597/; classtype:trojan-activity;sid:84514697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651588/; classtype:trojan-activity;sid:84514688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651589)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651589/; classtype:trojan-activity;sid:84514689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651590/; classtype:trojan-activity;sid:84514690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651584)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651584/; classtype:trojan-activity;sid:84514684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651585/; classtype:trojan-activity;sid:84514685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651586/; classtype:trojan-activity;sid:84514686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651582)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651582/; classtype:trojan-activity;sid:84514682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651580)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651580/; classtype:trojan-activity;sid:84514680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651581)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651581/; classtype:trojan-activity;sid:84514681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651579)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651579/; classtype:trojan-activity;sid:84514679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651578/; classtype:trojan-activity;sid:84514678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651573/; classtype:trojan-activity;sid:84514673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651574/; classtype:trojan-activity;sid:84514674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651575/; classtype:trojan-activity;sid:84514675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651576/; classtype:trojan-activity;sid:84514676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651571/; classtype:trojan-activity;sid:84514671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-08-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651567/; classtype:trojan-activity;sid:84514667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651568/; classtype:trojan-activity;sid:84514668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651565)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-05-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651565/; classtype:trojan-activity;sid:84514665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651566)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-05-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651566/; classtype:trojan-activity;sid:84514666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651564)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651564/; classtype:trojan-activity;sid:84514664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651562/; classtype:trojan-activity;sid:84514662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651563/; classtype:trojan-activity;sid:84514663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651560/; classtype:trojan-activity;sid:84514660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651561/; classtype:trojan-activity;sid:84514661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651558/; classtype:trojan-activity;sid:84514658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651553)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651553/; classtype:trojan-activity;sid:84514653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651554)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651554/; classtype:trojan-activity;sid:84514654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651555)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651555/; classtype:trojan-activity;sid:84514655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651557)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651557/; classtype:trojan-activity;sid:84514657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170596/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651550/; classtype:trojan-activity;sid:84514650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651551/; classtype:trojan-activity;sid:84514651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651552/; classtype:trojan-activity;sid:84514652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651545)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-07-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651545/; classtype:trojan-activity;sid:84514645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651546/; classtype:trojan-activity;sid:84514646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651539)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651539/; classtype:trojan-activity;sid:84514639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651542)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651542/; classtype:trojan-activity;sid:84514642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651544/; classtype:trojan-activity;sid:84514644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651532)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651532/; classtype:trojan-activity;sid:84514632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651533/; classtype:trojan-activity;sid:84514633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651534)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651534/; classtype:trojan-activity;sid:84514634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-07-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651535/; classtype:trojan-activity;sid:84514635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651536)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651536/; classtype:trojan-activity;sid:84514636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651530)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651530/; classtype:trojan-activity;sid:84514630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651531)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651531/; classtype:trojan-activity;sid:84514631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651529/; classtype:trojan-activity;sid:84514629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651527)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651527/; classtype:trojan-activity;sid:84514627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651526/; classtype:trojan-activity;sid:84514626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651525)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-02-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651525/; classtype:trojan-activity;sid:84514625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651524)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651524/; classtype:trojan-activity;sid:84514624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-01-26/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651521/; classtype:trojan-activity;sid:84514621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651522/; classtype:trojan-activity;sid:84514622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651523)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651523/; classtype:trojan-activity;sid:84514623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-05-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651520/; classtype:trojan-activity;sid:84514620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651519/; classtype:trojan-activity;sid:84514619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651516)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651516/; classtype:trojan-activity;sid:84514616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651517/; classtype:trojan-activity;sid:84514617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651518/; classtype:trojan-activity;sid:84514618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651515)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651515/; classtype:trojan-activity;sid:84514615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651512/; classtype:trojan-activity;sid:84514612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-11-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651513/; classtype:trojan-activity;sid:84514613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651514/; classtype:trojan-activity;sid:84514614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651511)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-09-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651511/; classtype:trojan-activity;sid:84514611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651509/; classtype:trojan-activity;sid:84514609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651510/; classtype:trojan-activity;sid:84514610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651506/; classtype:trojan-activity;sid:84514606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651507/; classtype:trojan-activity;sid:84514607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651508/; classtype:trojan-activity;sid:84514608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651505)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651505/; classtype:trojan-activity;sid:84514605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651502/; classtype:trojan-activity;sid:84514602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-05-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651503/; classtype:trojan-activity;sid:84514603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651481)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651481/; classtype:trojan-activity;sid:84514581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651480)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"220.89.164.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651480/; classtype:trojan-activity;sid:84514580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651477)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651477/; classtype:trojan-activity;sid:84514577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651476)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651476/; classtype:trojan-activity;sid:84514576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651475)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.39.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651475/; classtype:trojan-activity;sid:84514575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651304)"; flow:established,from_client; content:"GET"; http_method; content:"/download/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"47.104.31.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651304/; classtype:trojan-activity;sid:84514404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651202)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651202/; classtype:trojan-activity;sid:84514302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566431/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651195/; classtype:trojan-activity;sid:84514295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000225745/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651183/; classtype:trojan-activity;sid:84514283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585574/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651168/; classtype:trojan-activity;sid:84514268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567168/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651169/; classtype:trojan-activity;sid:84514269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171472/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651167/; classtype:trojan-activity;sid:84514267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170010/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651165/; classtype:trojan-activity;sid:84514265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651160/; classtype:trojan-activity;sid:84514260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165772/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651151/; classtype:trojan-activity;sid:84514251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651149/; classtype:trojan-activity;sid:84514249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651139)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170922/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651139/; classtype:trojan-activity;sid:84514239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603094/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651135/; classtype:trojan-activity;sid:84514235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171064/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651136/; classtype:trojan-activity;sid:84514236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603095/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651125/; classtype:trojan-activity;sid:84514225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-12-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651099/; classtype:trojan-activity;sid:84514199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171016/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651095/; classtype:trojan-activity;sid:84514195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651092/; classtype:trojan-activity;sid:84514192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000253230/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651090/; classtype:trojan-activity;sid:84514190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171252/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651088/; classtype:trojan-activity;sid:84514188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651084)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651084/; classtype:trojan-activity;sid:84514184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000189793/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651078/; classtype:trojan-activity;sid:84514178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651076)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651076/; classtype:trojan-activity;sid:84514176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651077/; classtype:trojan-activity;sid:84514177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651075)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651075/; classtype:trojan-activity;sid:84514175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604320/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651071/; classtype:trojan-activity;sid:84514171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2024-05-31/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651061/; classtype:trojan-activity;sid:84514161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651056/; classtype:trojan-activity;sid:84514156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651044/; classtype:trojan-activity;sid:84514144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000232289/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651041/; classtype:trojan-activity;sid:84514141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2021-01-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651037/; classtype:trojan-activity;sid:84514137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-11-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651022/; classtype:trojan-activity;sid:84514122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651020/; classtype:trojan-activity;sid:84514120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000186186/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651016/; classtype:trojan-activity;sid:84514116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164262/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651012/; classtype:trojan-activity;sid:84514112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169167/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651015/; classtype:trojan-activity;sid:84514115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000683762/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651011/; classtype:trojan-activity;sid:84514111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168339/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651006/; classtype:trojan-activity;sid:84514106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168881/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650998/; classtype:trojan-activity;sid:84514098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000602407/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650995/; classtype:trojan-activity;sid:84514095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000626337/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650993/; classtype:trojan-activity;sid:84514093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650991/; classtype:trojan-activity;sid:84514091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000565438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650986/; classtype:trojan-activity;sid:84514086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650970)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"96.11.145.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650970/; classtype:trojan-activity;sid:84514070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000619269/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650968/; classtype:trojan-activity;sid:84514068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169465/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650963/; classtype:trojan-activity;sid:84514063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-01-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650961/; classtype:trojan-activity;sid:84514061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160983/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650959/; classtype:trojan-activity;sid:84514059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000179610/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650958/; classtype:trojan-activity;sid:84514058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165004/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650955/; classtype:trojan-activity;sid:84514055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600294/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650943/; classtype:trojan-activity;sid:84514043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000589083/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650940/; classtype:trojan-activity;sid:84514040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169469/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650939/; classtype:trojan-activity;sid:84514039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167445/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650934/; classtype:trojan-activity;sid:84514034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000608221/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650928/; classtype:trojan-activity;sid:84514028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650924)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168559/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650924/; classtype:trojan-activity;sid:84514024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000767154/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650915/; classtype:trojan-activity;sid:84514015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169966/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650912/; classtype:trojan-activity;sid:84514012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650913/; classtype:trojan-activity;sid:84514013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625892/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650902/; classtype:trojan-activity;sid:84514002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/app_error/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650900/; classtype:trojan-activity;sid:84514000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160599/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650887/; classtype:trojan-activity;sid:84513987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166747/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650884/; classtype:trojan-activity;sid:84513984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171986/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650886/; classtype:trojan-activity;sid:84513986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000555504/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650880/; classtype:trojan-activity;sid:84513980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000765366/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650881/; classtype:trojan-activity;sid:84513981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604319/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650870/; classtype:trojan-activity;sid:84513970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171330/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650868/; classtype:trojan-activity;sid:84513968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650859/; classtype:trojan-activity;sid:84513959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000621738/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650856/; classtype:trojan-activity;sid:84513956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165010/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650855/; classtype:trojan-activity;sid:84513955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650851)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650851/; classtype:trojan-activity;sid:84513951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168303/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650850/; classtype:trojan-activity;sid:84513950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650846)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68.148.10.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650846/; classtype:trojan-activity;sid:84513946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-04-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650828/; classtype:trojan-activity;sid:84513928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650824/; classtype:trojan-activity;sid:84513924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000391039/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650820/; classtype:trojan-activity;sid:84513920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650817)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.67.39.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650817/; classtype:trojan-activity;sid:84513917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000574637/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650818/; classtype:trojan-activity;sid:84513918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650811)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650811/; classtype:trojan-activity;sid:84513911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650810)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650810/; classtype:trojan-activity;sid:84513910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650806/; classtype:trojan-activity;sid:84513906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601712/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650791/; classtype:trojan-activity;sid:84513891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650781/; classtype:trojan-activity;sid:84513881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164804/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650779/; classtype:trojan-activity;sid:84513879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650770/; classtype:trojan-activity;sid:84513870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650768/; classtype:trojan-activity;sid:84513868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000631756/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650748/; classtype:trojan-activity;sid:84513848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-04-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650746/; classtype:trojan-activity;sid:84513846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167557/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650744/; classtype:trojan-activity;sid:84513844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000232287/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650735/; classtype:trojan-activity;sid:84513835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000607873/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650729/; classtype:trojan-activity;sid:84513829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166887/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650726/; classtype:trojan-activity;sid:84513826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162883/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650720/; classtype:trojan-activity;sid:84513820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000680913/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650719/; classtype:trojan-activity;sid:84513819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650718/; classtype:trojan-activity;sid:84513818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167443/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650712/; classtype:trojan-activity;sid:84513812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650711)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650711/; classtype:trojan-activity;sid:84513811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650708/; classtype:trojan-activity;sid:84513808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566429/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650703/; classtype:trojan-activity;sid:84513803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-01-14/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650701/; classtype:trojan-activity;sid:84513801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650698)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650698/; classtype:trojan-activity;sid:84513798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166105/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650693/; classtype:trojan-activity;sid:84513793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650690/; classtype:trojan-activity;sid:84513790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164836/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650689/; classtype:trojan-activity;sid:84513789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2021-10-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650686/; classtype:trojan-activity;sid:84513786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165072/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650683/; classtype:trojan-activity;sid:84513783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000457040/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650678/; classtype:trojan-activity;sid:84513778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650679)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650679/; classtype:trojan-activity;sid:84513779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000218874/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650676/; classtype:trojan-activity;sid:84513776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171556/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650667/; classtype:trojan-activity;sid:84513767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224647/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650664/; classtype:trojan-activity;sid:84513764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165656/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650665/; classtype:trojan-activity;sid:84513765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603149/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650655/; classtype:trojan-activity;sid:84513755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650650/; classtype:trojan-activity;sid:84513750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650652/; classtype:trojan-activity;sid:84513752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171224/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650649/; classtype:trojan-activity;sid:84513749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650643)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"220.89.164.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650643/; classtype:trojan-activity;sid:84513743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000187451/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650640/; classtype:trojan-activity;sid:84513740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170836/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650638/; classtype:trojan-activity;sid:84513738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650633/; classtype:trojan-activity;sid:84513733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-05-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650631/; classtype:trojan-activity;sid:84513731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171296/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650622/; classtype:trojan-activity;sid:84513722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650616)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650616/; classtype:trojan-activity;sid:84513716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650611/; classtype:trojan-activity;sid:84513711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604318/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650609/; classtype:trojan-activity;sid:84513709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2024-06-19/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650600/; classtype:trojan-activity;sid:84513700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650598/; classtype:trojan-activity;sid:84513698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650596)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650596/; classtype:trojan-activity;sid:84513696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000426238/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650595/; classtype:trojan-activity;sid:84513695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650594/; classtype:trojan-activity;sid:84513694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650591/; classtype:trojan-activity;sid:84513691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650588)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650588/; classtype:trojan-activity;sid:84513688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172470/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650585/; classtype:trojan-activity;sid:84513685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168287/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650586/; classtype:trojan-activity;sid:84513686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585436/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650575/; classtype:trojan-activity;sid:84513675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171288/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650573/; classtype:trojan-activity;sid:84513673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650570)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.224.205.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650570/; classtype:trojan-activity;sid:84513670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000176793/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650568/; classtype:trojan-activity;sid:84513668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650569)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000213545/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650569/; classtype:trojan-activity;sid:84513669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650565)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167279/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650565/; classtype:trojan-activity;sid:84513665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167437/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650561/; classtype:trojan-activity;sid:84513661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650554)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606633/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650554/; classtype:trojan-activity;sid:84513654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167071/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650551/; classtype:trojan-activity;sid:84513651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650550/; classtype:trojan-activity;sid:84513650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172576/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650549/; classtype:trojan-activity;sid:84513649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650541)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650541/; classtype:trojan-activity;sid:84513641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-10-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650535/; classtype:trojan-activity;sid:84513635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171304/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650529/; classtype:trojan-activity;sid:84513629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650528)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650528/; classtype:trojan-activity;sid:84513628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-11-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650520/; classtype:trojan-activity;sid:84513620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650519/; classtype:trojan-activity;sid:84513619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650516)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-02-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650516/; classtype:trojan-activity;sid:84513616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2020-11-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650513/; classtype:trojan-activity;sid:84513613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166971/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650512/; classtype:trojan-activity;sid:84513612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164808/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650508/; classtype:trojan-activity;sid:84513608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650503/; classtype:trojan-activity;sid:84513603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650504)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170482/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650504/; classtype:trojan-activity;sid:84513604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165644/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650506/; classtype:trojan-activity;sid:84513606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000264706/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650493/; classtype:trojan-activity;sid:84513593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000562134/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650494/; classtype:trojan-activity;sid:84513594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000680914/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650498/; classtype:trojan-activity;sid:84513598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650499)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169171/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650499/; classtype:trojan-activity;sid:84513599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650492)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650492/; classtype:trojan-activity;sid:84513592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-11-28/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650491/; classtype:trojan-activity;sid:84513591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165020/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650482/; classtype:trojan-activity;sid:84513582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650480)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171284/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650480/; classtype:trojan-activity;sid:84513580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604651/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650472/; classtype:trojan-activity;sid:84513572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650467/; classtype:trojan-activity;sid:84513567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166079/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650465/; classtype:trojan-activity;sid:84513565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650461/; classtype:trojan-activity;sid:84513561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650457)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601171/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650457/; classtype:trojan-activity;sid:84513557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2024-01-02/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650454/; classtype:trojan-activity;sid:84513554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650450)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000159804/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650450/; classtype:trojan-activity;sid:84513550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650443)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566428/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650443/; classtype:trojan-activity;sid:84513543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168305/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650441/; classtype:trojan-activity;sid:84513541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650442)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.8.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650442/; classtype:trojan-activity;sid:84513542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170516/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650439/; classtype:trojan-activity;sid:84513539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650431)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000163666/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650431/; classtype:trojan-activity;sid:84513531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650430)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601753/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650430/; classtype:trojan-activity;sid:84513530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650423)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000629919/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650423/; classtype:trojan-activity;sid:84513523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000263120/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650422/; classtype:trojan-activity;sid:84513522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650412)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000237372/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650412/; classtype:trojan-activity;sid:84513512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650413)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650413/; classtype:trojan-activity;sid:84513513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650397/; classtype:trojan-activity;sid:84513497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000555505/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650390/; classtype:trojan-activity;sid:84513490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650388)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-05-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650388/; classtype:trojan-activity;sid:84513488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169865/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650386/; classtype:trojan-activity;sid:84513486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650383/; classtype:trojan-activity;sid:84513483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171312/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650381/; classtype:trojan-activity;sid:84513481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169769/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650374/; classtype:trojan-activity;sid:84513474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000573133/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650364/; classtype:trojan-activity;sid:84513464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606636/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650366/; classtype:trojan-activity;sid:84513466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546234/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650371/; classtype:trojan-activity;sid:84513471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650373)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650373/; classtype:trojan-activity;sid:84513473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650362)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586306/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650362/; classtype:trojan-activity;sid:84513462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170378/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650358/; classtype:trojan-activity;sid:84513458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650351)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650351/; classtype:trojan-activity;sid:84513451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160995/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650348/; classtype:trojan-activity;sid:84513448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650347/; classtype:trojan-activity;sid:84513447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650343)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650343/; classtype:trojan-activity;sid:84513443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650337)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168278/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650337/; classtype:trojan-activity;sid:84513437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170774/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650338/; classtype:trojan-activity;sid:84513438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000633210/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650340/; classtype:trojan-activity;sid:84513440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224648/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650331/; classtype:trojan-activity;sid:84513431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650332)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165504/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650332/; classtype:trojan-activity;sid:84513432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650325)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604442/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650325/; classtype:trojan-activity;sid:84513425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650327/; classtype:trojan-activity;sid:84513427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650319)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650319/; classtype:trojan-activity;sid:84513419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650307)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650307/; classtype:trojan-activity;sid:84513407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650299)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650299/; classtype:trojan-activity;sid:84513399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166309/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650300/; classtype:trojan-activity;sid:84513400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553612/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650276/; classtype:trojan-activity;sid:84513376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169947/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650270/; classtype:trojan-activity;sid:84513370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165200/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650271/; classtype:trojan-activity;sid:84513371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650269)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/01/consulta%20n%c3%a3o%20encerrado/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650269/; classtype:trojan-activity;sid:84513369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650263)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650263/; classtype:trojan-activity;sid:84513363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-02-16/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650259/; classtype:trojan-activity;sid:84513359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650258)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168295/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650258/; classtype:trojan-activity;sid:84513358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650253)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585560/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650253/; classtype:trojan-activity;sid:84513353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650251)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-11-29/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650251/; classtype:trojan-activity;sid:84513351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604650/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650244/; classtype:trojan-activity;sid:84513344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604662/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650243/; classtype:trojan-activity;sid:84513343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168293/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650222/; classtype:trojan-activity;sid:84513322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162637/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650215/; classtype:trojan-activity;sid:84513315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600441/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650214/; classtype:trojan-activity;sid:84513314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000584368/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650213/; classtype:trojan-activity;sid:84513313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165935/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650201/; classtype:trojan-activity;sid:84513301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650196/; classtype:trojan-activity;sid:84513296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650193)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650193/; classtype:trojan-activity;sid:84513293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000179593/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650191/; classtype:trojan-activity;sid:84513291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650181/; classtype:trojan-activity;sid:84513281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-06-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650178/; classtype:trojan-activity;sid:84513278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000222522/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650170/; classtype:trojan-activity;sid:84513270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166869/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650162/; classtype:trojan-activity;sid:84513262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566150/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650160/; classtype:trojan-activity;sid:84513260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546495/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650161/; classtype:trojan-activity;sid:84513261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164138/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650146/; classtype:trojan-activity;sid:84513246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-12-22/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650138/; classtype:trojan-activity;sid:84513238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170520/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650130/; classtype:trojan-activity;sid:84513230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650129/; classtype:trojan-activity;sid:84513229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171256/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650127/; classtype:trojan-activity;sid:84513227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172428/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650123/; classtype:trojan-activity;sid:84513223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553463/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650122/; classtype:trojan-activity;sid:84513222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2023-11-14/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650117/; classtype:trojan-activity;sid:84513217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165900/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650118/; classtype:trojan-activity;sid:84513218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566395/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650112/; classtype:trojan-activity;sid:84513212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171314/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650107/; classtype:trojan-activity;sid:84513207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567163/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650104/; classtype:trojan-activity;sid:84513204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171298/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650093/; classtype:trojan-activity;sid:84513193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168275/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650092/; classtype:trojan-activity;sid:84513192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-11-24/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650082/; classtype:trojan-activity;sid:84513182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166259/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650079/; classtype:trojan-activity;sid:84513179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165824/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650078/; classtype:trojan-activity;sid:84513178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650071/; classtype:trojan-activity;sid:84513171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600293/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650067/; classtype:trojan-activity;sid:84513167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567166/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650058/; classtype:trojan-activity;sid:84513158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650061)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650061/; classtype:trojan-activity;sid:84513161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-08-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650056/; classtype:trojan-activity;sid:84513156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567145/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650051/; classtype:trojan-activity;sid:84513151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-05-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650047/; classtype:trojan-activity;sid:84513147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650048/; classtype:trojan-activity;sid:84513148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650044)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650044/; classtype:trojan-activity;sid:84513144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2021-08-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650038/; classtype:trojan-activity;sid:84513138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167243/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650036/; classtype:trojan-activity;sid:84513136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169473/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650028/; classtype:trojan-activity;sid:84513128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171454/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650026/; classtype:trojan-activity;sid:84513126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170532/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650023/; classtype:trojan-activity;sid:84513123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000543689/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650004/; classtype:trojan-activity;sid:84513104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000633209/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650001/; classtype:trojan-activity;sid:84513101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546233/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649996/; classtype:trojan-activity;sid:84513096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000173466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649995/; classtype:trojan-activity;sid:84513095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585575/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649992/; classtype:trojan-activity;sid:84513092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-10-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649985/; classtype:trojan-activity;sid:84513085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171194/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649986/; classtype:trojan-activity;sid:84513086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172163/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649987/; classtype:trojan-activity;sid:84513087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649984)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649984/; classtype:trojan-activity;sid:84513084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586961/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649980/; classtype:trojan-activity;sid:84513080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000609592/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649981/; classtype:trojan-activity;sid:84513081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649975)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649975/; classtype:trojan-activity;sid:84513075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649968)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649968/; classtype:trojan-activity;sid:84513068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-02-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649961/; classtype:trojan-activity;sid:84513061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172788/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649959/; classtype:trojan-activity;sid:84513059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000237371/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649956/; classtype:trojan-activity;sid:84513056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000552709/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649952/; classtype:trojan-activity;sid:84513052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168509/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649944/; classtype:trojan-activity;sid:84513044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000683761/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649943/; classtype:trojan-activity;sid:84513043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567164/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649932/; classtype:trojan-activity;sid:84513032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171888/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649930/; classtype:trojan-activity;sid:84513030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165116/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649931/; classtype:trojan-activity;sid:84513031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000208170/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649923/; classtype:trojan-activity;sid:84513023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000264645/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649919/; classtype:trojan-activity;sid:84513019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649914/; classtype:trojan-activity;sid:84513014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171458/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649910/; classtype:trojan-activity;sid:84513010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000617432/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649900/; classtype:trojan-activity;sid:84513000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649897/; classtype:trojan-activity;sid:84512997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-04-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649899/; classtype:trojan-activity;sid:84512999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624762/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649896/; classtype:trojan-activity;sid:84512996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000265247/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649895/; classtype:trojan-activity;sid:84512995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165014/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649888/; classtype:trojan-activity;sid:84512988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165090/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649885/; classtype:trojan-activity;sid:84512985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168749/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649886/; classtype:trojan-activity;sid:84512986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172574/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649884/; classtype:trojan-activity;sid:84512984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167339/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649881/; classtype:trojan-activity;sid:84512981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000212326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649878/; classtype:trojan-activity;sid:84512978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603747/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649874/; classtype:trojan-activity;sid:84512974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000746890/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649870/; classtype:trojan-activity;sid:84512970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160628/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649867/; classtype:trojan-activity;sid:84512967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171452/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649868/; classtype:trojan-activity;sid:84512968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649869/; classtype:trojan-activity;sid:84512969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649865)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"75.42.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649865/; classtype:trojan-activity;sid:84512965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164253/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649864/; classtype:trojan-activity;sid:84512964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000426237/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649863/; classtype:trojan-activity;sid:84512963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649858)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649858/; classtype:trojan-activity;sid:84512958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-02/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649848/; classtype:trojan-activity;sid:84512948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649840/; classtype:trojan-activity;sid:84512940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170894/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649839/; classtype:trojan-activity;sid:84512939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649837)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649837/; classtype:trojan-activity;sid:84512937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171742/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649833/; classtype:trojan-activity;sid:84512933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171248/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649821/; classtype:trojan-activity;sid:84512921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000465109/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649801/; classtype:trojan-activity;sid:84512901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172568/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649790/; classtype:trojan-activity;sid:84512890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649788/; classtype:trojan-activity;sid:84512888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000226537/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649783/; classtype:trojan-activity;sid:84512883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2022-02-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649780/; classtype:trojan-activity;sid:84512880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166135/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649771/; classtype:trojan-activity;sid:84512871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-06-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649768/; classtype:trojan-activity;sid:84512868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000583935/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649762/; classtype:trojan-activity;sid:84512862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649761/; classtype:trojan-activity;sid:84512861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165999/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649751/; classtype:trojan-activity;sid:84512851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649744/; classtype:trojan-activity;sid:84512844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2024-07-06/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649738/; classtype:trojan-activity;sid:84512838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000557542/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649730/; classtype:trojan-activity;sid:84512830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649731)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167115/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649731/; classtype:trojan-activity;sid:84512831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649707)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649707/; classtype:trojan-activity;sid:84512807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168301/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649699/; classtype:trojan-activity;sid:84512799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171474/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649701/; classtype:trojan-activity;sid:84512801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167423/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649692/; classtype:trojan-activity;sid:84512792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649685)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.249.142.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649685/; classtype:trojan-activity;sid:84512785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649682)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649682/; classtype:trojan-activity;sid:84512782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171702/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649681/; classtype:trojan-activity;sid:84512781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171468/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649677/; classtype:trojan-activity;sid:84512777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649676)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"96.11.145.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649676/; classtype:trojan-activity;sid:84512776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649673)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000230418/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649673/; classtype:trojan-activity;sid:84512773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166739/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649674/; classtype:trojan-activity;sid:84512774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000552326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649669/; classtype:trojan-activity;sid:84512769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649656/; classtype:trojan-activity;sid:84512756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169927/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649655/; classtype:trojan-activity;sid:84512755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000543908/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649647/; classtype:trojan-activity;sid:84512747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172094/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649643/; classtype:trojan-activity;sid:84512743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000542543/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649644/; classtype:trojan-activity;sid:84512744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162506/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649635/; classtype:trojan-activity;sid:84512735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171302/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649622/; classtype:trojan-activity;sid:84512722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649626)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166801/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649626/; classtype:trojan-activity;sid:84512726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160981/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649613/; classtype:trojan-activity;sid:84512713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649607)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000551812/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649607/; classtype:trojan-activity;sid:84512707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649590/; classtype:trojan-activity;sid:84512690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168299/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649576/; classtype:trojan-activity;sid:84512676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167451/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649577/; classtype:trojan-activity;sid:84512677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160619/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649573/; classtype:trojan-activity;sid:84512673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171294/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649574/; classtype:trojan-activity;sid:84512674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649572)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171316/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649572/; classtype:trojan-activity;sid:84512672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649570)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649570/; classtype:trojan-activity;sid:84512670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000223168/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649567/; classtype:trojan-activity;sid:84512667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168281/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649556/; classtype:trojan-activity;sid:84512656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171358/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649549/; classtype:trojan-activity;sid:84512649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167601/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649551/; classtype:trojan-activity;sid:84512651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2024-06-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649552/; classtype:trojan-activity;sid:84512652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600310/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649544/; classtype:trojan-activity;sid:84512644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649546)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"96.11.145.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649546/; classtype:trojan-activity;sid:84512646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166323/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649533/; classtype:trojan-activity;sid:84512633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649532)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000732234/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649532/; classtype:trojan-activity;sid:84512632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649528)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000223167/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649528/; classtype:trojan-activity;sid:84512628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000584370/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649521/; classtype:trojan-activity;sid:84512621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000583934/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649517/; classtype:trojan-activity;sid:84512617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165844/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649514/; classtype:trojan-activity;sid:84512614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165184/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649503/; classtype:trojan-activity;sid:84512603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649498/; classtype:trojan-activity;sid:84512598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168365/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649492/; classtype:trojan-activity;sid:84512592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649489)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-03-26/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649489/; classtype:trojan-activity;sid:84512589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000209999/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649483/; classtype:trojan-activity;sid:84512583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164122/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649468/; classtype:trojan-activity;sid:84512568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649459)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567165/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649459/; classtype:trojan-activity;sid:84512559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649455)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171854/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649455/; classtype:trojan-activity;sid:84512555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604321/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649440/; classtype:trojan-activity;sid:84512540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160615/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649424/; classtype:trojan-activity;sid:84512524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171250/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649418/; classtype:trojan-activity;sid:84512518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165250/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649416/; classtype:trojan-activity;sid:84512516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171286/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649414/; classtype:trojan-activity;sid:84512514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169527/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649411/; classtype:trojan-activity;sid:84512511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649406)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171402/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649406/; classtype:trojan-activity;sid:84512506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2021-05-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649397/; classtype:trojan-activity;sid:84512497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649395/; classtype:trojan-activity;sid:84512495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649392/; classtype:trojan-activity;sid:84512492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168553/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649389/; classtype:trojan-activity;sid:84512489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649391/; classtype:trojan-activity;sid:84512491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171462/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649387/; classtype:trojan-activity;sid:84512487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-12-12/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649385/; classtype:trojan-activity;sid:84512485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649382/; classtype:trojan-activity;sid:84512482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606635/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649379/; classtype:trojan-activity;sid:84512479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649377)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000238203/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649377/; classtype:trojan-activity;sid:84512477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649375/; classtype:trojan-activity;sid:84512475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171242/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649372/; classtype:trojan-activity;sid:84512472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171464/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649365/; classtype:trojan-activity;sid:84512465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649366/; classtype:trojan-activity;sid:84512466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171332/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649360/; classtype:trojan-activity;sid:84512460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166237/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649357/; classtype:trojan-activity;sid:84512457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165850/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649354/; classtype:trojan-activity;sid:84512454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000213544/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649353/; classtype:trojan-activity;sid:84512453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000265246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649346/; classtype:trojan-activity;sid:84512446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649341)"; flow:established,from_client; content:"GET"; http_method; content:"/blog/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"96.11.145.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649341/; classtype:trojan-activity;sid:84512441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649338/; classtype:trojan-activity;sid:84512438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649335)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000587212/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649335/; classtype:trojan-activity;sid:84512435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649332)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172165/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649332/; classtype:trojan-activity;sid:84512432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649329)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165794/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649329/; classtype:trojan-activity;sid:84512429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649326)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000173022/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649326/; classtype:trojan-activity;sid:84512426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649321/; classtype:trojan-activity;sid:84512421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2023-11-20/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649323/; classtype:trojan-activity;sid:84512423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566420/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649310/; classtype:trojan-activity;sid:84512410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567141/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649309/; classtype:trojan-activity;sid:84512409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000215215/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649306/; classtype:trojan-activity;sid:84512406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000562903/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649303/; classtype:trojan-activity;sid:84512403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567162/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649295/; classtype:trojan-activity;sid:84512395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168063/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649278/; classtype:trojan-activity;sid:84512378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000558592/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649250/; classtype:trojan-activity;sid:84512350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649252)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649252/; classtype:trojan-activity;sid:84512352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649243/; classtype:trojan-activity;sid:84512343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171090/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649242/; classtype:trojan-activity;sid:84512342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600544/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649193/; classtype:trojan-activity;sid:84512293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165480/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649189/; classtype:trojan-activity;sid:84512289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000564863/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649180/; classtype:trojan-activity;sid:84512280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162652/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649173/; classtype:trojan-activity;sid:84512273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166657/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649158/; classtype:trojan-activity;sid:84512258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625429/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649149/; classtype:trojan-activity;sid:84512249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600309/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649145/; classtype:trojan-activity;sid:84512245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000556239/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649143/; classtype:trojan-activity;sid:84512243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000765367/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649144/; classtype:trojan-activity;sid:84512244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625325/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649142/; classtype:trojan-activity;sid:84512242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2021-11-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649137/; classtype:trojan-activity;sid:84512237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171244/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649130/; classtype:trojan-activity;sid:84512230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649128/; classtype:trojan-activity;sid:84512228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168297/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649124/; classtype:trojan-activity;sid:84512224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649120/; classtype:trojan-activity;sid:84512220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168387/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649118/; classtype:trojan-activity;sid:84512218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606634/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649119/; classtype:trojan-activity;sid:84512219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000551813/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649110/; classtype:trojan-activity;sid:84512210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-03-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649111/; classtype:trojan-activity;sid:84512211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164394/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649112/; classtype:trojan-activity;sid:84512212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166665/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649107/; classtype:trojan-activity;sid:84512207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224583/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649108/; classtype:trojan-activity;sid:84512208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170506/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649099/; classtype:trojan-activity;sid:84512199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649092/; classtype:trojan-activity;sid:84512192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2022-03-09/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649089/; classtype:trojan-activity;sid:84512189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591279/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649084/; classtype:trojan-activity;sid:84512184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165248/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649080/; classtype:trojan-activity;sid:84512180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000225746/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649078/; classtype:trojan-activity;sid:84512178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-10-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649068/; classtype:trojan-activity;sid:84512168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166183/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649061/; classtype:trojan-activity;sid:84512161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-05-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649062/; classtype:trojan-activity;sid:84512162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000616852/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649055/; classtype:trojan-activity;sid:84512155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649056/; classtype:trojan-activity;sid:84512156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649050/; classtype:trojan-activity;sid:84512150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649043/; classtype:trojan-activity;sid:84512143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170776/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649033/; classtype:trojan-activity;sid:84512133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160612/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649034/; classtype:trojan-activity;sid:84512134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2020-12-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649035/; classtype:trojan-activity;sid:84512135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649037/; classtype:trojan-activity;sid:84512137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171306/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649027/; classtype:trojan-activity;sid:84512127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160718/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649028/; classtype:trojan-activity;sid:84512128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604673/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649029/; classtype:trojan-activity;sid:84512129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649020/; classtype:trojan-activity;sid:84512120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164236/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649021/; classtype:trojan-activity;sid:84512121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171640/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649012/; classtype:trojan-activity;sid:84512112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586305/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649003/; classtype:trojan-activity;sid:84512103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-08-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648998/; classtype:trojan-activity;sid:84512098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166851/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648995/; classtype:trojan-activity;sid:84512095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791001053/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648997/; classtype:trojan-activity;sid:84512097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553613/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648988/; classtype:trojan-activity;sid:84512088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172670/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648972/; classtype:trojan-activity;sid:84512072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164510/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648973/; classtype:trojan-activity;sid:84512073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648964/; classtype:trojan-activity;sid:84512064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167219/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648966/; classtype:trojan-activity;sid:84512066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648960/; classtype:trojan-activity;sid:84512060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171308/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648957/; classtype:trojan-activity;sid:84512057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000556238/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648956/; classtype:trojan-activity;sid:84512056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171858/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648954/; classtype:trojan-activity;sid:84512054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-12-21/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648953/; classtype:trojan-activity;sid:84512053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160742/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648952/; classtype:trojan-activity;sid:84512052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000629918/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648941/; classtype:trojan-activity;sid:84512041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/18296147000306/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648942/; classtype:trojan-activity;sid:84512042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648943/; classtype:trojan-activity;sid:84512043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566149/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648936/; classtype:trojan-activity;sid:84512036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168121/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648933/; classtype:trojan-activity;sid:84512033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165244/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648926/; classtype:trojan-activity;sid:84512026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648930/; classtype:trojan-activity;sid:84512030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648931/; classtype:trojan-activity;sid:84512031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000226538/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648921/; classtype:trojan-activity;sid:84512021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000201084/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648912/; classtype:trojan-activity;sid:84512012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648904/; classtype:trojan-activity;sid:84512004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168527/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648900/; classtype:trojan-activity;sid:84512000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-06-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648893/; classtype:trojan-activity;sid:84511993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648891)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167509/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648891/; classtype:trojan-activity;sid:84511991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648889)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171476/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648889/; classtype:trojan-activity;sid:84511989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168551/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648884/; classtype:trojan-activity;sid:84511984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165820/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648885/; classtype:trojan-activity;sid:84511985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603104/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648886/; classtype:trojan-activity;sid:84511986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166085/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648872/; classtype:trojan-activity;sid:84511972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171292/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648877/; classtype:trojan-activity;sid:84511977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165486/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648868/; classtype:trojan-activity;sid:84511968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648858)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169013/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648858/; classtype:trojan-activity;sid:84511958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160982/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648854/; classtype:trojan-activity;sid:84511954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000618093/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648852/; classtype:trojan-activity;sid:84511952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165826/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648849/; classtype:trojan-activity;sid:84511949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591547/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648832/; classtype:trojan-activity;sid:84511932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000595438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648828/; classtype:trojan-activity;sid:84511928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000621599/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648824/; classtype:trojan-activity;sid:84511924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171450/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648825/; classtype:trojan-activity;sid:84511925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166307/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648819/; classtype:trojan-activity;sid:84511919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648820/; classtype:trojan-activity;sid:84511920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171228/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648811/; classtype:trojan-activity;sid:84511911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648805)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171470/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648805/; classtype:trojan-activity;sid:84511905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172170/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648802/; classtype:trojan-activity;sid:84511902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000595439/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648798/; classtype:trojan-activity;sid:84511898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648791/; classtype:trojan-activity;sid:84511891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625549/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648788/; classtype:trojan-activity;sid:84511888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648785/; classtype:trojan-activity;sid:84511885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168291/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648781/; classtype:trojan-activity;sid:84511881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171318/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648771/; classtype:trojan-activity;sid:84511871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648765/; classtype:trojan-activity;sid:84511865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000602408/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648758/; classtype:trojan-activity;sid:84511858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648753/; classtype:trojan-activity;sid:84511853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553198/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648755/; classtype:trojan-activity;sid:84511855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172872/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648750/; classtype:trojan-activity;sid:84511850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160984/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648746/; classtype:trojan-activity;sid:84511846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-05-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648736/; classtype:trojan-activity;sid:84511836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648737/; classtype:trojan-activity;sid:84511837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166243/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648725/; classtype:trojan-activity;sid:84511825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585561/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648722/; classtype:trojan-activity;sid:84511822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648712/; classtype:trojan-activity;sid:84511812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172746/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648710/; classtype:trojan-activity;sid:84511810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648707/; classtype:trojan-activity;sid:84511807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648706)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-05-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648706/; classtype:trojan-activity;sid:84511806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171310/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648700/; classtype:trojan-activity;sid:84511800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648702/; classtype:trojan-activity;sid:84511802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172292/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648698/; classtype:trojan-activity;sid:84511798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000542542/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648693/; classtype:trojan-activity;sid:84511793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160618/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648692/; classtype:trojan-activity;sid:84511792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624761/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648689/; classtype:trojan-activity;sid:84511789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648690/; classtype:trojan-activity;sid:84511790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168329/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648686/; classtype:trojan-activity;sid:84511786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167041/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648682/; classtype:trojan-activity;sid:84511782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624984/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648670/; classtype:trojan-activity;sid:84511770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566430/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648672/; classtype:trojan-activity;sid:84511772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604501/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648669/; classtype:trojan-activity;sid:84511769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648655/; classtype:trojan-activity;sid:84511755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648657)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000230417/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648657/; classtype:trojan-activity;sid:84511757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604491/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648637/; classtype:trojan-activity;sid:84511737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585614/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648630/; classtype:trojan-activity;sid:84511730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/01/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648623/; classtype:trojan-activity;sid:84511723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648625/; classtype:trojan-activity;sid:84511725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648604/; classtype:trojan-activity;sid:84511704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648606/; classtype:trojan-activity;sid:84511706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-03-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648600/; classtype:trojan-activity;sid:84511700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168289/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648592/; classtype:trojan-activity;sid:84511692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171240/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648590/; classtype:trojan-activity;sid:84511690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600290/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648568/; classtype:trojan-activity;sid:84511668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172690/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648571/; classtype:trojan-activity;sid:84511671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624763/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648558/; classtype:trojan-activity;sid:84511658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2019-08-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648561/; classtype:trojan-activity;sid:84511661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171726/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648562/; classtype:trojan-activity;sid:84511662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648527)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20pictures/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648527/; classtype:trojan-activity;sid:84511627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648357)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20received%20files/vinod982038189896/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648357/; classtype:trojan-activity;sid:84511457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648354)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/transchart/unused%20desktop%20shortcuts/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648354/; classtype:trojan-activity;sid:84511454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648213)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/downloads/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648213/; classtype:trojan-activity;sid:84511313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648112)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20received%20files/vinod982038189896/history/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648112/; classtype:trojan-activity;sid:84511212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647944)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/symantec/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647944/; classtype:trojan-activity;sid:84511044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647826)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/raj%20sir/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647826/; classtype:trojan-activity;sid:84510926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647813)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/transchart/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647813/; classtype:trojan-activity;sid:84510913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647655)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/transchart/sail%20performa%20jan11/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647655/; classtype:trojan-activity;sid:84510755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647641)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/fresh%20circulation%20list/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647641/; classtype:trojan-activity;sid:84510741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647583)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/sail%20empanelment/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647583/; classtype:trojan-activity;sid:84510683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.220.234.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647513/; classtype:trojan-activity;sid:84510613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647457)"; flow:established,from_client; content:"GET"; http_method; content:"/recipes/staging/a-89fb7017-7780-4b72-950d-c2db1146a34a.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"best10cdn.blob.core.windows.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647457/; classtype:trojan-activity;sid:84510557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646414)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano/image.jpg|3f|12711343"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"ybgctdtbzvgpdxjivafy.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646414/; classtype:trojan-activity;sid:84509514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646420)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano_duso/image.jpg"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"frygzjyhtiunvhvnacif.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646420/; classtype:trojan-activity;sid:84509520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646403)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/hold/image.jpg|3f|12711343h"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"ihmmkvkaiwnilneauhfn.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646403/; classtype:trojan-activity;sid:84509503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646408)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jqqvlru0vaih3z.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"toolshare.com.tr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646408/; classtype:trojan-activity;sid:84509508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645950)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.intelligradeeducation.vicentecisnerospub.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645950/; classtype:trojan-activity;sid:84509050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645889)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20pictures/neha%20imagecopy/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645889/; classtype:trojan-activity;sid:84508989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645874)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"66.185.26.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645874/; classtype:trojan-activity;sid:84508974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645854)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/wallpaper/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645854/; classtype:trojan-activity;sid:84508954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645847)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20music/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645847/; classtype:trojan-activity;sid:84508947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645832)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20scans/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645832/; classtype:trojan-activity;sid:84508932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645827)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20received%20files/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645827/; classtype:trojan-activity;sid:84508927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645760)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/various%20files/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645760/; classtype:trojan-activity;sid:84508860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645751)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/charter%20party/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645751/; classtype:trojan-activity;sid:84508851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645677)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/bhushan/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645677/; classtype:trojan-activity;sid:84508777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645600)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoft/windows/powershell/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645600/; classtype:trojan-activity;sid:84508700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645569)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645569/; classtype:trojan-activity;sid:84508669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645513)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/deepak/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645513/; classtype:trojan-activity;sid:84508613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645345)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/charter%20parties/aqaba%20jan%202014/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645345/; classtype:trojan-activity;sid:84508445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645322)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/desktop/tai%20ping%20shan-phaethon-cp/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645322/; classtype:trojan-activity;sid:84508422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645247)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/desktop/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645247/; classtype:trojan-activity;sid:84508347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645234)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/cp%20transchart/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645234/; classtype:trojan-activity;sid:84508334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645139)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645139/; classtype:trojan-activity;sid:84508239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645130)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/backgrounds/aquavita/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645130/; classtype:trojan-activity;sid:84508230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644884)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/akij%20glory%20cp/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644884/; classtype:trojan-activity;sid:84507984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644784)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644784/; classtype:trojan-activity;sid:84507884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644779)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/adnatco%20sulphur%20coa/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644779/; classtype:trojan-activity;sid:84507879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644564)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/backgrounds/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644564/; classtype:trojan-activity;sid:84507664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644422)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/reliance%20and%20airtel%20%20bills/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644422/; classtype:trojan-activity;sid:84507522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644339)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644339/; classtype:trojan-activity;sid:84507439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644286)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644286/; classtype:trojan-activity;sid:84507386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644169)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644169/; classtype:trojan-activity;sid:84507269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644134)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/rcf/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644134/; classtype:trojan-activity;sid:84507234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644127)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/rinl%20empanelment/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644127/; classtype:trojan-activity;sid:84507227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644040)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/crown%20voyager%20norvic/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644040/; classtype:trojan-activity;sid:84507140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644002)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/umesh/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644002/; classtype:trojan-activity;sid:84507102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643969)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/backgrounds/precious%20charm/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643969/; classtype:trojan-activity;sid:84507069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643934)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/charter%20parties/tai%20ping%20shan-phaethon-cp/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643934/; classtype:trojan-activity;sid:84507034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643868)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/charter%20parties/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643868/; classtype:trojan-activity;sid:84506968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643843)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/work/desktop/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643843/; classtype:trojan-activity;sid:84506943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643828)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/deepak/daily%20report/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643828/; classtype:trojan-activity;sid:84506928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643820)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/charter%20parties/d.maritime/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643820/; classtype:trojan-activity;sid:84506920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643786)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/backgrounds/asan%20mm/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643786/; classtype:trojan-activity;sid:84506886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643658)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/short%20terms%20for%20govt%20chrtrs/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643658/; classtype:trojan-activity;sid:84506758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643417)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/desktop/aryacorp/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643417/; classtype:trojan-activity;sid:84506517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643392)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/circulation%20list/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643392/; classtype:trojan-activity;sid:84506492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643163)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/work/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643163/; classtype:trojan-activity;sid:84506263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643147)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/for%20xp%20sp2/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643147/; classtype:trojan-activity;sid:84506247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643118)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643118/; classtype:trojan-activity;sid:84506218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643033)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/charter%20parties/china%20shipping/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643033/; classtype:trojan-activity;sid:84506133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642924)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/new%20folder/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642924/; classtype:trojan-activity;sid:84506024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642847)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/app/05-jun-2013/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642847/; classtype:trojan-activity;sid:84505947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642788)"; flow:established,from_client; content:"GET"; http_method; content:"/big/microsoft.sql.server.2012.enterprise.edition.with.service.pack.1-kopie/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642788/; classtype:trojan-activity;sid:84505888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642779)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/key/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642779/; classtype:trojan-activity;sid:84505879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642775)"; flow:established,from_client; content:"GET"; http_method; content:"/incis/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642775/; classtype:trojan-activity;sid:84505875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642717)"; flow:established,from_client; content:"GET"; http_method; content:"/incis/key/inipaytest/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642717/; classtype:trojan-activity;sid:84505817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642711)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642711/; classtype:trojan-activity;sid:84505811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642700)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642700/; classtype:trojan-activity;sid:84505800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642692)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoft/windows/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642692/; classtype:trojan-activity;sid:84505792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642677)"; flow:established,from_client; content:"GET"; http_method; content:"/incis/key/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642677/; classtype:trojan-activity;sid:84505777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642643)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/log/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642643/; classtype:trojan-activity;sid:84505743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642634)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe/ammicafefile/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642634/; classtype:trojan-activity;sid:84505734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642602)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoft/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642602/; classtype:trojan-activity;sid:84505702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642522)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe/ammicafefile/ammicafesetup/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642522/; classtype:trojan-activity;sid:84505622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642518)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642518/; classtype:trojan-activity;sid:84505618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642484)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe2/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642484/; classtype:trojan-activity;sid:84505584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642455)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/2018%20fixture%20-cp%20status/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642455/; classtype:trojan-activity;sid:84505555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642438)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642438/; classtype:trojan-activity;sid:84505538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642422)"; flow:established,from_client; content:"GET"; http_method; content:"/02/info.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642422/; classtype:trojan-activity;sid:84505522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642417)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe2/ammicafe2file/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642417/; classtype:trojan-activity;sid:84505517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642406)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe2/ammicafe2file/ammicafe2setup/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642406/; classtype:trojan-activity;sid:84505506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642382)"; flow:established,from_client; content:"GET"; http_method; content:"/big/html/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642382/; classtype:trojan-activity;sid:84505482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642346)"; flow:established,from_client; content:"GET"; http_method; content:"/big/sql%20server%202014/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642346/; classtype:trojan-activity;sid:84505446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642349)"; flow:established,from_client; content:"GET"; http_method; content:"/images/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642349/; classtype:trojan-activity;sid:84505449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642324)"; flow:established,from_client; content:"GET"; http_method; content:"/01/info.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642324/; classtype:trojan-activity;sid:84505424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642297)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642297/; classtype:trojan-activity;sid:84505397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642294)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/key/inipaytest/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642294/; classtype:trojan-activity;sid:84505394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642274)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/bhushan/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642274/; classtype:trojan-activity;sid:84505374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642250)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642250/; classtype:trojan-activity;sid:84505350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642245)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642245/; classtype:trojan-activity;sid:84505345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642246)"; flow:established,from_client; content:"GET"; http_method; content:"/big/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642246/; classtype:trojan-activity;sid:84505346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642229)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/app/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642229/; classtype:trojan-activity;sid:84505329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642226)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/key/jungminsof/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642226/; classtype:trojan-activity;sid:84505326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641834)"; flow:established,from_client; content:"GET"; http_method; content:"/images/art/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641834/; classtype:trojan-activity;sid:84504934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639311)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=15_5vja6ls72gnqbjqkrme1i7bmit0fe4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639311/; classtype:trojan-activity;sid:84502411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637224)"; flow:established,from_client; content:"GET"; http_method; content:"/haozip.100021.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"download.haozip.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637224/; classtype:trojan-activity;sid:84500324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637210)"; flow:established,from_client; content:"GET"; http_method; content:"/images/bot.jpg"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"atasapka.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637210/; classtype:trojan-activity;sid:84500310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/23082024105108/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637189/; classtype:trojan-activity;sid:84500289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/26072024113244/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637188/; classtype:trojan-activity;sid:84500288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/19092024115007/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637186/; classtype:trojan-activity;sid:84500286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24072024081607/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637187/; classtype:trojan-activity;sid:84500287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637185)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12062024095414/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637185/; classtype:trojan-activity;sid:84500285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/27082024072850/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637184/; classtype:trojan-activity;sid:84500284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/12082024064105/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637183/; classtype:trojan-activity;sid:84500283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637182)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/16082024070308/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637182/; classtype:trojan-activity;sid:84500282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/13092024072525/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637181/; classtype:trojan-activity;sid:84500281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/23072024115252/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637180/; classtype:trojan-activity;sid:84500280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21072024112418/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637179/; classtype:trojan-activity;sid:84500279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/16082024104510/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637178/; classtype:trojan-activity;sid:84500278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/22082024110540/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637177/; classtype:trojan-activity;sid:84500277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/04092024104005/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637176/; classtype:trojan-activity;sid:84500276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8343/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637175/; classtype:trojan-activity;sid:84500275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637174)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15082024173844/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637174/; classtype:trojan-activity;sid:84500274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/26072024180426/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637173/; classtype:trojan-activity;sid:84500273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/03072024101008/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637172/; classtype:trojan-activity;sid:84500272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13082024112350/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637171/; classtype:trojan-activity;sid:84500271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/26072024074431/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637170/; classtype:trojan-activity;sid:84500270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01092024171022/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637168/; classtype:trojan-activity;sid:84500268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/11072024080039/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637169/; classtype:trojan-activity;sid:84500269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/12092024113946/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637167/; classtype:trojan-activity;sid:84500267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08092024115637/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637166/; classtype:trojan-activity;sid:84500266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15092024104931/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637165/; classtype:trojan-activity;sid:84500265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637164)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/12072024075828/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637164/; classtype:trojan-activity;sid:84500264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11092024115504/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637163/; classtype:trojan-activity;sid:84500263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21082024115532/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637160/; classtype:trojan-activity;sid:84500260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05072024114132/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637161/; classtype:trojan-activity;sid:84500261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8465/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637162/; classtype:trojan-activity;sid:84500262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/25062024073012/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637159/; classtype:trojan-activity;sid:84500259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/29072024110431/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637158/; classtype:trojan-activity;sid:84500258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637157)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/30072024091401/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637157/; classtype:trojan-activity;sid:84500257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637153)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/15072024124718/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637153/; classtype:trojan-activity;sid:84500253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09082024185433/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637154/; classtype:trojan-activity;sid:84500254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09072024110245/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637155/; classtype:trojan-activity;sid:84500255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/09092024072321/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637149/; classtype:trojan-activity;sid:84500249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07082024180909/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637150/; classtype:trojan-activity;sid:84500250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/24092024073908/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637151/; classtype:trojan-activity;sid:84500251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/19062024071831/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637147/; classtype:trojan-activity;sid:84500247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21092024114951/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637148/; classtype:trojan-activity;sid:84500248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/30062024113348/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637145/; classtype:trojan-activity;sid:84500245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/04092024113047/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637146/; classtype:trojan-activity;sid:84500246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/04092024120154/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637144/; classtype:trojan-activity;sid:84500244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01082024110241/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637143/; classtype:trojan-activity;sid:84500243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14072024110540/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637141/; classtype:trojan-activity;sid:84500241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11082024185045/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637142/; classtype:trojan-activity;sid:84500242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/19062024103023/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637138/; classtype:trojan-activity;sid:84500238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637139)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/06092024072348/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637139/; classtype:trojan-activity;sid:84500239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/29072024070625/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637140/; classtype:trojan-activity;sid:84500240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/18072024112759/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637137/; classtype:trojan-activity;sid:84500237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11072024155154/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637136/; classtype:trojan-activity;sid:84500236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/18082024113426/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637135/; classtype:trojan-activity;sid:84500235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07092024113602/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637133/; classtype:trojan-activity;sid:84500233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637134)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28082024163408/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637134/; classtype:trojan-activity;sid:84500234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10082024110351/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637130/; classtype:trojan-activity;sid:84500230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12092024181446/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637131/; classtype:trojan-activity;sid:84500231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/26082024115142/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637129/; classtype:trojan-activity;sid:84500229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/09092024091444/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637128/; classtype:trojan-activity;sid:84500228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23082024071038/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637127/; classtype:trojan-activity;sid:84500227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17062024181518/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637122/; classtype:trojan-activity;sid:84500222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05082024120940/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637123/; classtype:trojan-activity;sid:84500223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24072024112235/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637124/; classtype:trojan-activity;sid:84500224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17092024073614/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637125/; classtype:trojan-activity;sid:84500225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09082024122457/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637120/; classtype:trojan-activity;sid:84500220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09092024112532/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637117/; classtype:trojan-activity;sid:84500217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24062024072602/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637118/; classtype:trojan-activity;sid:84500218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/12092024070406/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637119/; classtype:trojan-activity;sid:84500219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24072024143513/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637115/; classtype:trojan-activity;sid:84500215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/21082024081755/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637116/; classtype:trojan-activity;sid:84500216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13082024120234/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637114/; classtype:trojan-activity;sid:84500214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/19072024123916/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637113/; classtype:trojan-activity;sid:84500213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/29082024122318/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637110/; classtype:trojan-activity;sid:84500210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/15072024080426/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637111/; classtype:trojan-activity;sid:84500211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/22092024115602/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637112/; classtype:trojan-activity;sid:84500212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05082024125302/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637109/; classtype:trojan-activity;sid:84500209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16072024114842/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637107/; classtype:trojan-activity;sid:84500207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/16092024115114/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637108/; classtype:trojan-activity;sid:84500208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/31072024070936/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637105/; classtype:trojan-activity;sid:84500205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17092024104334/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637106/; classtype:trojan-activity;sid:84500206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/01082024072447/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637104/; classtype:trojan-activity;sid:84500204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05082024065930/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637103/; classtype:trojan-activity;sid:84500203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/01082024133101/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637101/; classtype:trojan-activity;sid:84500201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/02082024083649/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637099/; classtype:trojan-activity;sid:84500199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29072024182036/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637100/; classtype:trojan-activity;sid:84500200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/19072024071620/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637098/; classtype:trojan-activity;sid:84500198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8029/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637096/; classtype:trojan-activity;sid:84500196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/25092024150814/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637097/; classtype:trojan-activity;sid:84500197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03072024102505/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637092/; classtype:trojan-activity;sid:84500192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/03092024131015/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637093/; classtype:trojan-activity;sid:84500193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/15072024084956/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637094/; classtype:trojan-activity;sid:84500194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25062024105808/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637090/; classtype:trojan-activity;sid:84500190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/04092024072725/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637091/; classtype:trojan-activity;sid:84500191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20062024112748/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637089/; classtype:trojan-activity;sid:84500189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/17072024103622/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637087/; classtype:trojan-activity;sid:84500187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/16082024121016/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637088/; classtype:trojan-activity;sid:84500188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24092024103551/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637085/; classtype:trojan-activity;sid:84500185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/15072024080017/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637086/; classtype:trojan-activity;sid:84500186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024081535/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637082/; classtype:trojan-activity;sid:84500182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/26072024111342/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637083/; classtype:trojan-activity;sid:84500183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11062024125904/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637084/; classtype:trojan-activity;sid:84500184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637081)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/tek/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637081/; classtype:trojan-activity;sid:84500181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/11092024075310/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637080/; classtype:trojan-activity;sid:84500180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/24072024121144/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637076/; classtype:trojan-activity;sid:84500176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637077)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/badmail/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637077/; classtype:trojan-activity;sid:84500177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/06082024080109/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637078/; classtype:trojan-activity;sid:84500178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/12072024072413/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637079/; classtype:trojan-activity;sid:84500179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/08082024071151/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637073/; classtype:trojan-activity;sid:84500173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637074)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03092024073559/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637074/; classtype:trojan-activity;sid:84500174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8336/18072024083258/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637070/; classtype:trojan-activity;sid:84500170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01092024084736/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637069/; classtype:trojan-activity;sid:84500169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/08082024072046/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637067/; classtype:trojan-activity;sid:84500167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08072024110224/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637068/; classtype:trojan-activity;sid:84500168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/02092024075924/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637065/; classtype:trojan-activity;sid:84500165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/30082024115734/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637064/; classtype:trojan-activity;sid:84500164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23072024075958/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637062/; classtype:trojan-activity;sid:84500162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27082024173545/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637063/; classtype:trojan-activity;sid:84500163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/06092024074954/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637060/; classtype:trojan-activity;sid:84500160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24082024112958/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637056/; classtype:trojan-activity;sid:84500156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/04092024180827/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637057/; classtype:trojan-activity;sid:84500157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/05092024073851/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637058/; classtype:trojan-activity;sid:84500158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/05092024175914/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637055/; classtype:trojan-activity;sid:84500155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07082024181015/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637054/; classtype:trojan-activity;sid:84500154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/09082024151247/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637053/; classtype:trojan-activity;sid:84500153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05072024135901/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637052/; classtype:trojan-activity;sid:84500152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/04072024073930/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637050/; classtype:trojan-activity;sid:84500150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27072024111013/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637051/; classtype:trojan-activity;sid:84500151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28092024110908/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637047/; classtype:trojan-activity;sid:84500147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/17062024124213/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637048/; classtype:trojan-activity;sid:84500148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21062024074659/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637049/; classtype:trojan-activity;sid:84500149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/06082024071203/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637046/; classtype:trojan-activity;sid:84500146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11092024163133/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637044/; classtype:trojan-activity;sid:84500144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/25092024084516/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637045/; classtype:trojan-activity;sid:84500145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/01082024134811/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637042/; classtype:trojan-activity;sid:84500142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8336/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637037/; classtype:trojan-activity;sid:84500137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/26062024074615/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637038/; classtype:trojan-activity;sid:84500138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20072024103050/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637039/; classtype:trojan-activity;sid:84500139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/02072024072748/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637040/; classtype:trojan-activity;sid:84500140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/17092024073317/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637041/; classtype:trojan-activity;sid:84500141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024124018/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637036/; classtype:trojan-activity;sid:84500136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/27092024120719/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637034/; classtype:trojan-activity;sid:84500134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637032)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29062024115106/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637032/; classtype:trojan-activity;sid:84500132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/02092024121943/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637030/; classtype:trojan-activity;sid:84500130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/06092024173040/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637029/; classtype:trojan-activity;sid:84500129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/17072024080628/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637026/; classtype:trojan-activity;sid:84500126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13082024144908/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637027/; classtype:trojan-activity;sid:84500127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14092024112531/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637028/; classtype:trojan-activity;sid:84500128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29082024110733/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637025/; classtype:trojan-activity;sid:84500125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11092024161738/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637024/; classtype:trojan-activity;sid:84500124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/25062024074726/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637021/; classtype:trojan-activity;sid:84500121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/02102024124124/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637022/; classtype:trojan-activity;sid:84500122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/01082024124212/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637023/; classtype:trojan-activity;sid:84500123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/29072024170139/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637020/; classtype:trojan-activity;sid:84500120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13092024090633/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637015/; classtype:trojan-activity;sid:84500115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/12082024111719/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637017/; classtype:trojan-activity;sid:84500117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/13062024073315/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637019/; classtype:trojan-activity;sid:84500119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26092024073319/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637011/; classtype:trojan-activity;sid:84500111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/03072024075801/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637012/; classtype:trojan-activity;sid:84500112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/13092024065731/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637013/; classtype:trojan-activity;sid:84500113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/02092024155414/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637014/; classtype:trojan-activity;sid:84500114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29062024131718/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637007/; classtype:trojan-activity;sid:84500107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024163711/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637008/; classtype:trojan-activity;sid:84500108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637009)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27062024115812/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637009/; classtype:trojan-activity;sid:84500109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07072024113310/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637010/; classtype:trojan-activity;sid:84500110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/26082024175225/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637005/; classtype:trojan-activity;sid:84500105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/06092024112226/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637002/; classtype:trojan-activity;sid:84500102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/8325/14062024181140/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637003/; classtype:trojan-activity;sid:84500103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15092024163914/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637004/; classtype:trojan-activity;sid:84500104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12082024111034/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636999/; classtype:trojan-activity;sid:84500099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/19062024111300/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637000/; classtype:trojan-activity;sid:84500100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/02092024070516/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637001/; classtype:trojan-activity;sid:84500101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15062024120757/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636997/; classtype:trojan-activity;sid:84500097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/07082024074934/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636996/; classtype:trojan-activity;sid:84500096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636993)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/drop/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636993/; classtype:trojan-activity;sid:84500093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11092024172104/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636994/; classtype:trojan-activity;sid:84500094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/23072024072015/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636995/; classtype:trojan-activity;sid:84500095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/18082024174028/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636992/; classtype:trojan-activity;sid:84500092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/10072024072615/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636991/; classtype:trojan-activity;sid:84500091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03102024140347/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636990/; classtype:trojan-activity;sid:84500090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/29072024094428/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636987/; classtype:trojan-activity;sid:84500087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08082024114220/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636988/; classtype:trojan-activity;sid:84500088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/19072024081323/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636986/; classtype:trojan-activity;sid:84500086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/08082024072411/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636985/; classtype:trojan-activity;sid:84500085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11092024072722/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636982/; classtype:trojan-activity;sid:84500082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/17062024075813/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636978/; classtype:trojan-activity;sid:84500078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636979)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26072024071101/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636979/; classtype:trojan-activity;sid:84500079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/18092024104929/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636980/; classtype:trojan-activity;sid:84500080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8051/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636975/; classtype:trojan-activity;sid:84500075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024144032/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636976/; classtype:trojan-activity;sid:84500076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/26082024121258/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636977/; classtype:trojan-activity;sid:84500077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27082024111920/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636967/; classtype:trojan-activity;sid:84500067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024121015/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636968/; classtype:trojan-activity;sid:84500068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636969)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21082024175843/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636969/; classtype:trojan-activity;sid:84500069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/18062024121810/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636970/; classtype:trojan-activity;sid:84500070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12072024130606/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636971/; classtype:trojan-activity;sid:84500071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16062024115815/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636972/; classtype:trojan-activity;sid:84500072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13092024164829/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636973/; classtype:trojan-activity;sid:84500073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/02092024071944/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636965/; classtype:trojan-activity;sid:84500065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01092024103900/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636966/; classtype:trojan-activity;sid:84500066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/23072024130857/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636964/; classtype:trojan-activity;sid:84500064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/06092024071949/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636963/; classtype:trojan-activity;sid:84500063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17062024111134/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636957/; classtype:trojan-activity;sid:84500057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/12082024174415/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636958/; classtype:trojan-activity;sid:84500058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/02082024073257/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636959/; classtype:trojan-activity;sid:84500059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/03092024120537/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636960/; classtype:trojan-activity;sid:84500060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01072024102122/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636961/; classtype:trojan-activity;sid:84500061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27072024112004/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636962/; classtype:trojan-activity;sid:84500062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/09072024071533/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636956/; classtype:trojan-activity;sid:84500056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/22082024070804/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636955/; classtype:trojan-activity;sid:84500055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21082024115442/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636954/; classtype:trojan-activity;sid:84500054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/8325/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636953/; classtype:trojan-activity;sid:84500053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636948)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17072024080732/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636948/; classtype:trojan-activity;sid:84500048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/19082024080051/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636949/; classtype:trojan-activity;sid:84500049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636950)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28082024111159/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636950/; classtype:trojan-activity;sid:84500050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636951)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28072024115238/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636951/; classtype:trojan-activity;sid:84500051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636947)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/07082024070516/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636947/; classtype:trojan-activity;sid:84500047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636946)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07092024175546/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636946/; classtype:trojan-activity;sid:84500046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024103203/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636945/; classtype:trojan-activity;sid:84500045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/31082024165207/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636942/; classtype:trojan-activity;sid:84500042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11062024093514/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636943/; classtype:trojan-activity;sid:84500043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/06092024114755/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636944/; classtype:trojan-activity;sid:84500044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/27092024123259/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636940/; classtype:trojan-activity;sid:84500040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/23092024073238/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636941/; classtype:trojan-activity;sid:84500041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13072024115545/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636937/; classtype:trojan-activity;sid:84500037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29072024104316/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636936/; classtype:trojan-activity;sid:84500036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13072024115848/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636935/; classtype:trojan-activity;sid:84500035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24072024071414/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636934/; classtype:trojan-activity;sid:84500034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16092024105926/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636933/; classtype:trojan-activity;sid:84500033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28082024174605/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636932/; classtype:trojan-activity;sid:84500032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08082024174233/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636931/; classtype:trojan-activity;sid:84500031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23072024081312/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636927/; classtype:trojan-activity;sid:84500027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/02102024072353/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636928/; classtype:trojan-activity;sid:84500028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636929)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08092024174750/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636929/; classtype:trojan-activity;sid:84500029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8325/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636930/; classtype:trojan-activity;sid:84500030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636925)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8336/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636925/; classtype:trojan-activity;sid:84500025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/19062024070824/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636926/; classtype:trojan-activity;sid:84500026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/22082024121329/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636920/; classtype:trojan-activity;sid:84500020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26062024155216/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636921/; classtype:trojan-activity;sid:84500021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/24092024120511/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636922/; classtype:trojan-activity;sid:84500022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16062024180613/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636923/; classtype:trojan-activity;sid:84500023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07072024165922/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636919/; classtype:trojan-activity;sid:84500019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636918)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13092024114239/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636918/; classtype:trojan-activity;sid:84500018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/20082024112036/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636917/; classtype:trojan-activity;sid:84500017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636916)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8318/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636916/; classtype:trojan-activity;sid:84500016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/31082024110606/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636913/; classtype:trojan-activity;sid:84500013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11062024112609/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636914/; classtype:trojan-activity;sid:84500014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/02072024115435/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636910/; classtype:trojan-activity;sid:84500010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07092024122439/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636909/; classtype:trojan-activity;sid:84500009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636906)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/14062024123830/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636906/; classtype:trojan-activity;sid:84500006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636908)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17062024180043/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636908/; classtype:trojan-activity;sid:84500008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28072024115112/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636905/; classtype:trojan-activity;sid:84500005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024090731/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636904/; classtype:trojan-activity;sid:84500004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23092024113222/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636902/; classtype:trojan-activity;sid:84500002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/03072024113724/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636900/; classtype:trojan-activity;sid:84500000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11092024134516/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636899/; classtype:trojan-activity;sid:84499999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8334/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636897/; classtype:trojan-activity;sid:84499997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08082024114317/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636894/; classtype:trojan-activity;sid:84499994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/18072024151745/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636895/; classtype:trojan-activity;sid:84499995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/19072024124237/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636893/; classtype:trojan-activity;sid:84499993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29082024170717/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636892/; classtype:trojan-activity;sid:84499992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/08072024075903/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636883/; classtype:trojan-activity;sid:84499983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8325/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636884/; classtype:trojan-activity;sid:84499984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15062024114520/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636885/; classtype:trojan-activity;sid:84499985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13092024153227/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636886/; classtype:trojan-activity;sid:84499986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/14082024075957/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636887/; classtype:trojan-activity;sid:84499987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26082024070716/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636888/; classtype:trojan-activity;sid:84499988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636890)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21062024072959/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636890/; classtype:trojan-activity;sid:84499990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/8325/13062024155232/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636882/; classtype:trojan-activity;sid:84499982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23082024111126/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636881/; classtype:trojan-activity;sid:84499981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/04072024125301/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636880/; classtype:trojan-activity;sid:84499980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11082024113244/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636876/; classtype:trojan-activity;sid:84499976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/04092024091820/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636877/; classtype:trojan-activity;sid:84499977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07102024125032/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636878/; classtype:trojan-activity;sid:84499978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/30072024114118/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636872/; classtype:trojan-activity;sid:84499972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636873)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05082024083850/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636873/; classtype:trojan-activity;sid:84499973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/17062024072104/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636874/; classtype:trojan-activity;sid:84499974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024125710/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636875/; classtype:trojan-activity;sid:84499975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/03072024103601/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636871/; classtype:trojan-activity;sid:84499971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12082024120632/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636869/; classtype:trojan-activity;sid:84499969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636863/; classtype:trojan-activity;sid:84499963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/11072024071932/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636864/; classtype:trojan-activity;sid:84499964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11072024143228/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636865/; classtype:trojan-activity;sid:84499965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636866)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27092024124432/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636866/; classtype:trojan-activity;sid:84499966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23082024175244/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636867/; classtype:trojan-activity;sid:84499967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/13062024070655/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636868/; classtype:trojan-activity;sid:84499968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/14062024072833/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636862/; classtype:trojan-activity;sid:84499962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25092024120601/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636859/; classtype:trojan-activity;sid:84499959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08092024115123/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636860/; classtype:trojan-activity;sid:84499960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05072024071033/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636855/; classtype:trojan-activity;sid:84499955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/04102024094250/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636856/; classtype:trojan-activity;sid:84499956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/01082024101244/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636857/; classtype:trojan-activity;sid:84499957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03072024091538/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636850/; classtype:trojan-activity;sid:84499950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/05082024114357/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636851/; classtype:trojan-activity;sid:84499951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/10092024070313/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636852/; classtype:trojan-activity;sid:84499952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/23092024123854/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636853/; classtype:trojan-activity;sid:84499953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/22082024112941/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636854/; classtype:trojan-activity;sid:84499954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/08072024113918/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636849/; classtype:trojan-activity;sid:84499949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636847)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8326/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636847/; classtype:trojan-activity;sid:84499947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11072024110808/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636843/; classtype:trojan-activity;sid:84499943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/06072024112721/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636845/; classtype:trojan-activity;sid:84499945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8326/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636846/; classtype:trojan-activity;sid:84499946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/15072024151521/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636839/; classtype:trojan-activity;sid:84499939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16072024120102/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636840/; classtype:trojan-activity;sid:84499940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07102024115226/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636842/; classtype:trojan-activity;sid:84499942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/08072024070547/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636836/; classtype:trojan-activity;sid:84499936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/26092024103307/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636837/; classtype:trojan-activity;sid:84499937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024134639/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636835/; classtype:trojan-activity;sid:84499935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/29072024120914/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636833/; classtype:trojan-activity;sid:84499933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636834)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11092024104834/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636834/; classtype:trojan-activity;sid:84499934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/01072024095738/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636826/; classtype:trojan-activity;sid:84499926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636827)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/10072024073020/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636827/; classtype:trojan-activity;sid:84499927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/13082024065051/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636828/; classtype:trojan-activity;sid:84499928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23092024074730/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636829/; classtype:trojan-activity;sid:84499929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05092024071139/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636830/; classtype:trojan-activity;sid:84499930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05072024143423/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636831/; classtype:trojan-activity;sid:84499931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/01072024073548/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636832/; classtype:trojan-activity;sid:84499932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/16092024075132/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636825/; classtype:trojan-activity;sid:84499925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28062024112249/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636824/; classtype:trojan-activity;sid:84499924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/18072024080738/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636823/; classtype:trojan-activity;sid:84499923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/06102024112545/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636816/; classtype:trojan-activity;sid:84499916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17062024181057/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636817/; classtype:trojan-activity;sid:84499917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/02072024073145/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636818/; classtype:trojan-activity;sid:84499918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/21062024070935/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636819/; classtype:trojan-activity;sid:84499919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/06082024120113/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636820/; classtype:trojan-activity;sid:84499920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/27062024081736/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636821/; classtype:trojan-activity;sid:84499921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636822)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/29082024071803/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636822/; classtype:trojan-activity;sid:84499922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/24062024113513/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636815/; classtype:trojan-activity;sid:84499915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/25072024071606/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636814/; classtype:trojan-activity;sid:84499914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12062024085922/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636812/; classtype:trojan-activity;sid:84499912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636813)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03092024152101/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636813/; classtype:trojan-activity;sid:84499913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/08072024113231/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636811/; classtype:trojan-activity;sid:84499911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024130114/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636806/; classtype:trojan-activity;sid:84499906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636807)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16072024114959/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636807/; classtype:trojan-activity;sid:84499907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636809)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/20082024121600/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636809/; classtype:trojan-activity;sid:84499909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/26092024115544/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636810/; classtype:trojan-activity;sid:84499910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/28082024070417/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636803/; classtype:trojan-activity;sid:84499903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26072024143113/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636804/; classtype:trojan-activity;sid:84499904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636800)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/13092024071052/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636800/; classtype:trojan-activity;sid:84499900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/10062024180136/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636801/; classtype:trojan-activity;sid:84499901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23082024175356/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636802/; classtype:trojan-activity;sid:84499902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/27082024070328/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636799/; classtype:trojan-activity;sid:84499899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8050/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636798/; classtype:trojan-activity;sid:84499898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636795)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/18062024071837/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636795/; classtype:trojan-activity;sid:84499895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/18072024120409/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636796/; classtype:trojan-activity;sid:84499896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/30082024111343/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636797/; classtype:trojan-activity;sid:84499897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636794)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/21082024112544/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636794/; classtype:trojan-activity;sid:84499894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/19072024111357/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636791/; classtype:trojan-activity;sid:84499891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636784)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11062024175200/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636784/; classtype:trojan-activity;sid:84499884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/30072024115935/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636785/; classtype:trojan-activity;sid:84499885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636786)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/02092024114819/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636786/; classtype:trojan-activity;sid:84499886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/30072024070959/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636788/; classtype:trojan-activity;sid:84499888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05092024120909/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636789/; classtype:trojan-activity;sid:84499889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/05072024112530/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636790/; classtype:trojan-activity;sid:84499890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09082024115132/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636783/; classtype:trojan-activity;sid:84499883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10092024114316/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636782/; classtype:trojan-activity;sid:84499882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15082024113136/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636781/; classtype:trojan-activity;sid:84499881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/04072024170824/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636779/; classtype:trojan-activity;sid:84499879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/23072024135746/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636780/; classtype:trojan-activity;sid:84499880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07102024115515/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636777/; classtype:trojan-activity;sid:84499877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12072024115926/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636778/; classtype:trojan-activity;sid:84499878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05082024082013/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636775/; classtype:trojan-activity;sid:84499875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10072024110114/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636776/; classtype:trojan-activity;sid:84499876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636773)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/17072024071919/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636773/; classtype:trojan-activity;sid:84499873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/19082024070444/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636771/; classtype:trojan-activity;sid:84499871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20082024104419/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636772/; classtype:trojan-activity;sid:84499872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/06082024070754/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636770/; classtype:trojan-activity;sid:84499870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12092024074514/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636769/; classtype:trojan-activity;sid:84499869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/23072024073428/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636768/; classtype:trojan-activity;sid:84499868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16082024110029/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636767/; classtype:trojan-activity;sid:84499867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/30072024075615/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636766/; classtype:trojan-activity;sid:84499866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24082024173603/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636764/; classtype:trojan-activity;sid:84499864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636763)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/27092024072930/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636763/; classtype:trojan-activity;sid:84499863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/14092024070825/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636761/; classtype:trojan-activity;sid:84499861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10082024105405/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636762/; classtype:trojan-activity;sid:84499862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/31072024120304/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636760/; classtype:trojan-activity;sid:84499860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16082024171045/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636759/; classtype:trojan-activity;sid:84499859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/19062024083204/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636757/; classtype:trojan-activity;sid:84499857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17062024175202/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636758/; classtype:trojan-activity;sid:84499858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636756)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/6011/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636756/; classtype:trojan-activity;sid:84499856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/09082024071028/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636754/; classtype:trojan-activity;sid:84499854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636753)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/bkp/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636753/; classtype:trojan-activity;sid:84499853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636752)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/11062024074638/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636752/; classtype:trojan-activity;sid:84499852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8318/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636751/; classtype:trojan-activity;sid:84499851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024071328/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636750/; classtype:trojan-activity;sid:84499850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636749)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17082024111540/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636749/; classtype:trojan-activity;sid:84499849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/25072024111710/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636748/; classtype:trojan-activity;sid:84499848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11062024125639/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636746/; classtype:trojan-activity;sid:84499846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26062024072316/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636745/; classtype:trojan-activity;sid:84499845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/18072024152842/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636744/; classtype:trojan-activity;sid:84499844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/03092024065611/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636743/; classtype:trojan-activity;sid:84499843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636742)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/20082024074454/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636742/; classtype:trojan-activity;sid:84499842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14062024182506/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636741/; classtype:trojan-activity;sid:84499841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636740)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/28062024162227/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636740/; classtype:trojan-activity;sid:84499840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/25082024112344/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636739/; classtype:trojan-activity;sid:84499839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/05102024112225/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636736/; classtype:trojan-activity;sid:84499836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/22072024112228/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636737/; classtype:trojan-activity;sid:84499837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13092024123948/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636735/; classtype:trojan-activity;sid:84499835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636733)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636733/; classtype:trojan-activity;sid:84499833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/21082024065715/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636734/; classtype:trojan-activity;sid:84499834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024163507/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636728/; classtype:trojan-activity;sid:84499828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/05092024111850/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636729/; classtype:trojan-activity;sid:84499829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24072024112124/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636730/; classtype:trojan-activity;sid:84499830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636731)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/pickup/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636731/; classtype:trojan-activity;sid:84499831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/09072024072801/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636732/; classtype:trojan-activity;sid:84499832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/30082024070843/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636727/; classtype:trojan-activity;sid:84499827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15072024111306/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636723/; classtype:trojan-activity;sid:84499823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/24072024072622/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636724/; classtype:trojan-activity;sid:84499824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/23082024120742/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636726/; classtype:trojan-activity;sid:84499826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/15072024121001/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636721/; classtype:trojan-activity;sid:84499821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14092024162753/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636722/; classtype:trojan-activity;sid:84499822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26072024130538/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636719/; classtype:trojan-activity;sid:84499819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/01102024075913/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636720/; classtype:trojan-activity;sid:84499820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/31072024110649/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636717/; classtype:trojan-activity;sid:84499817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24092024074236/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636718/; classtype:trojan-activity;sid:84499818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/26092024073810/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636715/; classtype:trojan-activity;sid:84499815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/19062024073721/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636716/; classtype:trojan-activity;sid:84499816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/03102024114713/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636714/; classtype:trojan-activity;sid:84499814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/27062024134606/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636708/; classtype:trojan-activity;sid:84499808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/25092024074358/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636709/; classtype:trojan-activity;sid:84499809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636710/; classtype:trojan-activity;sid:84499810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/12092024065636/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636711/; classtype:trojan-activity;sid:84499811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07082024113359/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636712/; classtype:trojan-activity;sid:84499812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636713)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14082024102908/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636713/; classtype:trojan-activity;sid:84499813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/27062024074304/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636705/; classtype:trojan-activity;sid:84499805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636706)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20092024114457/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636706/; classtype:trojan-activity;sid:84499806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636707)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/idi/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636707/; classtype:trojan-activity;sid:84499807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/05072024105131/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636703/; classtype:trojan-activity;sid:84499803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636704)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11062024123414/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636704/; classtype:trojan-activity;sid:84499804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/12062024122748/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636698/; classtype:trojan-activity;sid:84499798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636699/; classtype:trojan-activity;sid:84499799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/22082024180206/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636693/; classtype:trojan-activity;sid:84499793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20082024172514/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636694/; classtype:trojan-activity;sid:84499794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/20082024070343/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636695/; classtype:trojan-activity;sid:84499795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/27092024125844/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636696/; classtype:trojan-activity;sid:84499796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/01082024070127/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636697/; classtype:trojan-activity;sid:84499797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/30092024073115/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636685/; classtype:trojan-activity;sid:84499785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/04102024114428/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636686/; classtype:trojan-activity;sid:84499786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17072024162506/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636687/; classtype:trojan-activity;sid:84499787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17072024112121/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636688/; classtype:trojan-activity;sid:84499788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13062024123930/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636689/; classtype:trojan-activity;sid:84499789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20082024114833/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636690/; classtype:trojan-activity;sid:84499790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636691)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/22072024071046/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636691/; classtype:trojan-activity;sid:84499791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/21082024074934/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636692/; classtype:trojan-activity;sid:84499792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12072024073215/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636683/; classtype:trojan-activity;sid:84499783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636684)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11082024113341/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636684/; classtype:trojan-activity;sid:84499784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/09092024080429/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636681/; classtype:trojan-activity;sid:84499781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8342/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636682/; classtype:trojan-activity;sid:84499782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/16092024071437/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636678/; classtype:trojan-activity;sid:84499778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/11092024070152/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636679/; classtype:trojan-activity;sid:84499779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/19072024082257/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636676/; classtype:trojan-activity;sid:84499776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/02092024173539/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636666/; classtype:trojan-activity;sid:84499766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/14062024074014/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636667/; classtype:trojan-activity;sid:84499767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636668)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/queue/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636668/; classtype:trojan-activity;sid:84499768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13082024112311/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636669/; classtype:trojan-activity;sid:84499769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23072024112852/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636670/; classtype:trojan-activity;sid:84499770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13092024094613/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636671/; classtype:trojan-activity;sid:84499771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/19082024113816/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636672/; classtype:trojan-activity;sid:84499772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/02082024121949/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636674/; classtype:trojan-activity;sid:84499774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10092024185923/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636675/; classtype:trojan-activity;sid:84499775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636662)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024130440/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636662/; classtype:trojan-activity;sid:84499762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8336/05072024082450/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636663/; classtype:trojan-activity;sid:84499763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09092024181236/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636664/; classtype:trojan-activity;sid:84499764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/20082024150907/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636665/; classtype:trojan-activity;sid:84499765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22082024114017/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636656/; classtype:trojan-activity;sid:84499756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636657)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/14082024065337/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636657/; classtype:trojan-activity;sid:84499757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636658)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8059/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636658/; classtype:trojan-activity;sid:84499758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03072024154958/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636659/; classtype:trojan-activity;sid:84499759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636660)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/24062024075130/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636660/; classtype:trojan-activity;sid:84499760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636654)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/18072024070807/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636654/; classtype:trojan-activity;sid:84499754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636585)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.98.68"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636585/; classtype:trojan-activity;sid:84499685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635840)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.197.122.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635840/; classtype:trojan-activity;sid:84498940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635467)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano/image.jpg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"ybgctdtbzvgpdxjivafy.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635467/; classtype:trojan-activity;sid:84498567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634292)"; flow:established,from_client; content:"GET"; http_method; content:"/ziobigiu84/site/raw/refs/heads/main/launcher.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634292/; classtype:trojan-activity;sid:84497392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.112.126.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633174/; classtype:trojan-activity;sid:84496274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632903)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/bocavenue.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"versaclean.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632903/; classtype:trojan-activity;sid:84496003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631593)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/installer.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631593/; classtype:trojan-activity;sid:84494693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631583)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/tlp.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631583/; classtype:trojan-activity;sid:84494683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631573)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/lol11.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631573/; classtype:trojan-activity;sid:84494673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631574)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/1488.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631574/; classtype:trojan-activity;sid:84494674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631575)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/1210.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631575/; classtype:trojan-activity;sid:84494675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631555)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/lol.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631555/; classtype:trojan-activity;sid:84494655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631554)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/bsg.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631554/; classtype:trojan-activity;sid:84494654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631233)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.95.148.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631233/; classtype:trojan-activity;sid:84494333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630546)"; flow:established,from_client; content:"GET"; http_method; content:"/shaerrlys/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630546/; classtype:trojan-activity;sid:84493646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627935)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"36.154.188.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627935/; classtype:trojan-activity;sid:84491035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627210)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"36.154.188.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627210/; classtype:trojan-activity;sid:84490310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626596)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.57.8.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626596/; classtype:trojan-activity;sid:84489696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626595)"; flow:established,from_client; content:"GET"; http_method; content:"/drilldata/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"113.57.8.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626595/; classtype:trojan-activity;sid:84489695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.254.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626300/; classtype:trojan-activity;sid:84489400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626275)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.62.255.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626275/; classtype:trojan-activity;sid:84489375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623786)"; flow:established,from_client; content:"GET"; http_method; content:"/mise.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"210.16.163.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623786/; classtype:trojan-activity;sid:84486886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623408)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/lol1.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623408/; classtype:trojan-activity;sid:84486508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623390)"; flow:established,from_client; content:"GET"; http_method; content:"/123.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"210.16.163.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623390/; classtype:trojan-activity;sid:84486490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623131)"; flow:established,from_client; content:"GET"; http_method; content:"/rasadhlp.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"118.25.68.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623131/; classtype:trojan-activity;sid:84486231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623126)"; flow:established,from_client; content:"GET"; http_method; content:"/ziobigiu84/site/refs/heads/main/launcher.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623126/; classtype:trojan-activity;sid:84486226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623123)"; flow:established,from_client; content:"GET"; http_method; content:"/midkourtbbe/network/refs/heads/main/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623123/; classtype:trojan-activity;sid:84486223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623122)"; flow:established,from_client; content:"GET"; http_method; content:"/anno29/web/refs/heads/main/software.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623122/; classtype:trojan-activity;sid:84486222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623121)"; flow:established,from_client; content:"GET"; http_method; content:"/ilpigna03/site/refs/heads/main/launcher.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623121/; classtype:trojan-activity;sid:84486221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623120)"; flow:established,from_client; content:"GET"; http_method; content:"/nullarchive/request/refs/heads/main/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623120/; classtype:trojan-activity;sid:84486220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622759)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/hold/image.jpg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"ihmmkvkaiwnilneauhfn.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622759/; classtype:trojan-activity;sid:84485859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622643)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano_duso/image.jpg|3f|12711343p"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"frygzjyhtiunvhvnacif.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622643/; classtype:trojan-activity;sid:84485743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622639)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano_duso/image.jpg|3f|12711343"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"frygzjyhtiunvhvnacif.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622639/; classtype:trojan-activity;sid:84485739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622638)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/hold/image.jpg|3f|12711343"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"ihmmkvkaiwnilneauhfn.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622638/; classtype:trojan-activity;sid:84485738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622625)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.hcsnet.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622625/; classtype:trojan-activity;sid:84485725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622623)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.hcsnet.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622623/; classtype:trojan-activity;sid:84485723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622624)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.hcsnet.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622624/; classtype:trojan-activity;sid:84485724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622541)"; flow:established,from_client; content:"GET"; http_method; content:"/125.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622541/; classtype:trojan-activity;sid:84485641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622545)"; flow:established,from_client; content:"GET"; http_method; content:"/shellcode.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622545/; classtype:trojan-activity;sid:84485645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622547)"; flow:established,from_client; content:"GET"; http_method; content:"/er/45.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622547/; classtype:trojan-activity;sid:84485647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622548)"; flow:established,from_client; content:"GET"; http_method; content:"/er/326.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622548/; classtype:trojan-activity;sid:84485648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622539)"; flow:established,from_client; content:"GET"; http_method; content:"/er/1212.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622539/; classtype:trojan-activity;sid:84485639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621757)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1xisuc6psmmj5jzq7jgoffba7avfhzga_"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621757/; classtype:trojan-activity;sid:84484857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621753)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1okqdyr_kghanl7h_i1mwmlmzfesw_gx0"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621753/; classtype:trojan-activity;sid:84484853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.81.156.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620132/; classtype:trojan-activity;sid:84483232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619986)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hcsnet.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619986/; classtype:trojan-activity;sid:84483086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619984)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hcsnet.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619984/; classtype:trojan-activity;sid:84483084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619985)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"hcsnet.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619985/; classtype:trojan-activity;sid:84483085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617201)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617201/; classtype:trojan-activity;sid:84480301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617196)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617196/; classtype:trojan-activity;sid:84480296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617193)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617193/; classtype:trojan-activity;sid:84480293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617189)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617189/; classtype:trojan-activity;sid:84480289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617190)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617190/; classtype:trojan-activity;sid:84480290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615696)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.126.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615696/; classtype:trojan-activity;sid:84478796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615593)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-load/wickrme.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"muriaspetin.es"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615593/; classtype:trojan-activity;sid:84478693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615592)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-load/solana%203.0.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"muriaspetin.es"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615592/; classtype:trojan-activity;sid:84478692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615590)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-load/trackma.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"muriaspetin.es"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615590/; classtype:trojan-activity;sid:84478690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615591)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-load/kmahjongg.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"muriaspetin.es"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615591/; classtype:trojan-activity;sid:84478691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615589)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-load/ok_test_work.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"muriaspetin.es"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615589/; classtype:trojan-activity;sid:84478689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615587)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-load/w937gs27h.ps1"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"muriaspetin.es"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615587/; classtype:trojan-activity;sid:84478687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615588)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-load/ledger%20live.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"muriaspetin.es"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615588/; classtype:trojan-activity;sid:84478688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615306)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.109.44.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615306/; classtype:trojan-activity;sid:84478406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614697)"; flow:established,from_client; content:"GET"; http_method; content:"/windowsupdate.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"129.152.20.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614697/; classtype:trojan-activity;sid:84477797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614696)"; flow:established,from_client; content:"GET"; http_method; content:"/windows.x64.silent.cpu.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"129.152.20.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614696/; classtype:trojan-activity;sid:84477796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614280)"; flow:established,from_client; content:"GET"; http_method; content:"/d/mzjfndu3ndewnzjf/dvgihou177.bin"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"od.lk"; http_host; depth:5; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614280/; classtype:trojan-activity;sid:84477380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614199)"; flow:established,from_client; content:"GET"; http_method; content:"/827-mh1-3t/827/main/t1.png"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614199/; classtype:trojan-activity;sid:84477299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.126.1.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613683/; classtype:trojan-activity;sid:84476783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613629)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pinaview.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pinaview.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613629/; classtype:trojan-activity;sid:84476729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613494)"; flow:established,from_client; content:"GET"; http_method; content:"/peterson643eu/projecttop/refs/heads/main/zjqppajn.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613494/; classtype:trojan-activity;sid:84476594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611504)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/usbmmidd_v2.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.amyuni.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611504/; classtype:trojan-activity;sid:84474604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610613)"; flow:established,from_client; content:"GET"; http_method; content:"/tfsoft/xftd/v2/ctf/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tengfeidn.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610613/; classtype:trojan-activity;sid:84473713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610612)"; flow:established,from_client; content:"GET"; http_method; content:"/tfsoft/xftd/v2/ctf/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"pcupd.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610612/; classtype:trojan-activity;sid:84473712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610604)"; flow:established,from_client; content:"GET"; http_method; content:"/api/upgrade/jd"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"rdm.91yunma.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610604/; classtype:trojan-activity;sid:84473704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610602)"; flow:established,from_client; content:"GET"; http_method; content:"/api/upgrade/qcoin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"rdm.91yunma.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610602/; classtype:trojan-activity;sid:84473702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610401)"; flow:established,from_client; content:"GET"; http_method; content:"/temp/mely.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"areyouready.co.za"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610401/; classtype:trojan-activity;sid:84473501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610381)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/loic/raw/refs/heads/master/loic.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610381/; classtype:trojan-activity;sid:84473481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610380)"; flow:established,from_client; content:"GET"; http_method; content:"/raizydaizy/steamcmd/raw/refs/heads/main/steamcmd.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610380/; classtype:trojan-activity;sid:84473480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609420)"; flow:established,from_client; content:"GET"; http_method; content:"/2/remmbuil.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gestionycobranzas.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609420/; classtype:trojan-activity;sid:84472520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609409)"; flow:established,from_client; content:"GET"; http_method; content:"/2/task.js"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"gestionycobranzas.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609409/; classtype:trojan-activity;sid:84472509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608802)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.45.105.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608802/; classtype:trojan-activity;sid:84471902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608773)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.45.105.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608773/; classtype:trojan-activity;sid:84471873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/22072024080730/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608522/; classtype:trojan-activity;sid:84471622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/17062024123023/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608521/; classtype:trojan-activity;sid:84471621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/14082024082341/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608520/; classtype:trojan-activity;sid:84471620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/09072024080408/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608519/; classtype:trojan-activity;sid:84471619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/11072024072520/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608518/; classtype:trojan-activity;sid:84471618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608517/; classtype:trojan-activity;sid:84471617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608511)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/10092024072747/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608511/; classtype:trojan-activity;sid:84471611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/23092024080311/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608513/; classtype:trojan-activity;sid:84471613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/02082024071413/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608506/; classtype:trojan-activity;sid:84471606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23092024103542/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608503/; classtype:trojan-activity;sid:84471603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/15072024075523/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608500/; classtype:trojan-activity;sid:84471600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/13082024070204/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608487/; classtype:trojan-activity;sid:84471587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608488)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/14062024075221/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608488/; classtype:trojan-activity;sid:84471588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/12082024075637/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608491/; classtype:trojan-activity;sid:84471591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/16082024071234/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608492/; classtype:trojan-activity;sid:84471592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/13072024070443/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608493/; classtype:trojan-activity;sid:84471593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608496)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/18062024074945/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608496/; classtype:trojan-activity;sid:84471596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608497)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/22082024110801/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608497/; classtype:trojan-activity;sid:84471597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12092024121832/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608482/; classtype:trojan-activity;sid:84471582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8461/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608483/; classtype:trojan-activity;sid:84471583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/10092024080037/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608479/; classtype:trojan-activity;sid:84471579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/28082024112055/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608471/; classtype:trojan-activity;sid:84471571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11062024140819/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608474/; classtype:trojan-activity;sid:84471574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/25072024071607/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608470/; classtype:trojan-activity;sid:84471570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/17082024070657/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608466/; classtype:trojan-activity;sid:84471566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11072024122345/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608467/; classtype:trojan-activity;sid:84471567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608082)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.82.160"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608082/; classtype:trojan-activity;sid:84471182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607915)"; flow:established,from_client; content:"GET"; http_method; content:"/linpeas.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"34.70.102.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607915/; classtype:trojan-activity;sid:84471015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606770)"; flow:established,from_client; content:"GET"; http_method; content:"/d1ovu/pon/refs/heads/main/rustmedebyg.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606770/; classtype:trojan-activity;sid:84469870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606767)"; flow:established,from_client; content:"GET"; http_method; content:"/d1ovu/pon/refs/heads/main/rustme.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606767/; classtype:trojan-activity;sid:84469867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606766)"; flow:established,from_client; content:"GET"; http_method; content:"/d1ovu/pon/refs/heads/main/debugconfig.bat"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606766/; classtype:trojan-activity;sid:84469866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606680)"; flow:established,from_client; content:"GET"; http_method; content:"/atu.lim"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"electri.billregulator.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606680/; classtype:trojan-activity;sid:84469780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606577)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/9e3363f017c60726bf610a2a472040144t."; http_uri; depth:41; isdataat:!1,relative; nocase; content:"file.uhsea.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606577/; classtype:trojan-activity;sid:84469677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604879)"; flow:established,from_client; content:"GET"; http_method; content:"/keepon.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"209.145.51.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604879/; classtype:trojan-activity;sid:84467979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604243)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.196.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604243/; classtype:trojan-activity;sid:84467343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604233)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.126.150.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604233/; classtype:trojan-activity;sid:84467333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601597)"; flow:established,from_client; content:"GET"; http_method; content:"/runtime/vc_redist.x64.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"checkfivem.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601597/; classtype:trojan-activity;sid:84464697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601445)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.126.150.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601445/; classtype:trojan-activity;sid:84464545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.147.91.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599816/; classtype:trojan-activity;sid:84462916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599810)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.122.193.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599810/; classtype:trojan-activity;sid:84462910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597379)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"117.72.183.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597379/; classtype:trojan-activity;sid:84460479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597150)"; flow:established,from_client; content:"GET"; http_method; content:"/zmyjungmin/img001.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597150/; classtype:trojan-activity;sid:84460250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595203)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.241.78.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595203/; classtype:trojan-activity;sid:84458303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594962)"; flow:established,from_client; content:"GET"; http_method; content:"/.ssa/t1.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"isiore.com.co"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594962/; classtype:trojan-activity;sid:84458062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594942)"; flow:established,from_client; content:"GET"; http_method; content:"/r00tnik8/zianr35524869492586/raw/refs/heads/main/plugin3.plg"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594942/; classtype:trojan-activity;sid:84458042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.112.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_31; reference:url, urlhaus.abuse.ch/url/3593771/; classtype:trojan-activity;sid:84456871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.247.208.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592552/; classtype:trojan-activity;sid:84455652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.247.208.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592078/; classtype:trojan-activity;sid:84455178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592038)"; flow:established,from_client; content:"GET"; http_method; content:"/image/cache/data/aksesuarlar/patch-yama-arma/skid-row-500x500.jpg"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"xshop.com.tr"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592038/; classtype:trojan-activity;sid:84455138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3591244)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.95.247.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3591244/; classtype:trojan-activity;sid:84454344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590749)"; flow:established,from_client; content:"GET"; http_method; content:"/amineamine284/d3dx11_45/refs/heads/main/d3dx11_45.dll"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590749/; classtype:trojan-activity;sid:84453849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590748)"; flow:established,from_client; content:"GET"; http_method; content:"/amineamine284/rssdgxgr/refs/heads/main/garo%20x.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590748/; classtype:trojan-activity;sid:84453848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590746)"; flow:established,from_client; content:"GET"; http_method; content:"/amineamine284/edggqdsg/refs/heads/main/garo%20v1.dll"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590746/; classtype:trojan-activity;sid:84453846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590552)"; flow:established,from_client; content:"GET"; http_method; content:"/hafiz12cyber/request/raw/refs/heads/main/launcher.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590552/; classtype:trojan-activity;sid:84453652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590550)"; flow:established,from_client; content:"GET"; http_method; content:"/midkourtbbe/network/raw/refs/heads/main/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590550/; classtype:trojan-activity;sid:84453650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590549)"; flow:established,from_client; content:"GET"; http_method; content:"/anno29/web/raw/refs/heads/main/software.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590549/; classtype:trojan-activity;sid:84453649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590548)"; flow:established,from_client; content:"GET"; http_method; content:"/notcat999/sys/raw/refs/heads/main/software.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590548/; classtype:trojan-activity;sid:84453648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590547)"; flow:established,from_client; content:"GET"; http_method; content:"/gethalal-007/request/raw/refs/heads/main/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590547/; classtype:trojan-activity;sid:84453647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590546)"; flow:established,from_client; content:"GET"; http_method; content:"/nullarchive/request/raw/refs/heads/main/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590546/; classtype:trojan-activity;sid:84453646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589312)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.52.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589312/; classtype:trojan-activity;sid:84452412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589307)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.52.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589307/; classtype:trojan-activity;sid:84452407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587585)"; flow:established,from_client; content:"GET"; http_method; content:"/sid2983/-1aa-valoranta/releases/download/d0wn10ad/valcheat.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3587585/; classtype:trojan-activity;sid:84450685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587551)"; flow:established,from_client; content:"GET"; http_method; content:"//2025/07/19/15/683192372.png"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www2.0zz0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3587551/; classtype:trojan-activity;sid:84450651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.83.186.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586167/; classtype:trojan-activity;sid:84449267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.30.12.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585163/; classtype:trojan-activity;sid:84448263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.236.116.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585169/; classtype:trojan-activity;sid:84448269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585053)"; flow:established,from_client; content:"GET"; http_method; content:"/catalog/model/cummersmg.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"kavacanada.ca"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585053/; classtype:trojan-activity;sid:84448153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585052)"; flow:established,from_client; content:"GET"; http_method; content:"/catalog/model/cheekpiecegar.ps1"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"kavacanada.ca"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585052/; classtype:trojan-activity;sid:84448152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.101.123.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3584733/; classtype:trojan-activity;sid:84447833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584719)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.2.45.191"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3584719/; classtype:trojan-activity;sid:84447819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584281)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.204.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584281/; classtype:trojan-activity;sid:84447381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583571)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_15; reference:url, urlhaus.abuse.ch/url/3583571/; classtype:trojan-activity;sid:84446671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583040)"; flow:established,from_client; content:"GET"; http_method; content:"/laurenxss/42429a19c72b875b93608f8cb0cab933/raw/"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"gist.githubusercontent.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583040/; classtype:trojan-activity;sid:84446140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582620)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.2.45.172"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_13; reference:url, urlhaus.abuse.ch/url/3582620/; classtype:trojan-activity;sid:84445720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580902)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.2.45.141"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580902/; classtype:trojan-activity;sid:84444002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580896)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.191.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580896/; classtype:trojan-activity;sid:84443996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.240.70.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580881/; classtype:trojan-activity;sid:84443981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580884)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.153.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580884/; classtype:trojan-activity;sid:84443984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580863)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.96.233"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580863/; classtype:trojan-activity;sid:84443963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3578386)"; flow:established,from_client; content:"GET"; http_method; content:"/invisiblebunny/records/main/bunny-mini/mini.shell.php"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_07; reference:url, urlhaus.abuse.ch/url/3578386/; classtype:trojan-activity;sid:84441486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3578385)"; flow:established,from_client; content:"GET"; http_method; content:"/ly4k/pwnkit/main/pwnkit"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_07; reference:url, urlhaus.abuse.ch/url/3578385/; classtype:trojan-activity;sid:84441485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577021)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577021/; classtype:trojan-activity;sid:84440121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577019)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577019/; classtype:trojan-activity;sid:84440119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577020)"; flow:established,from_client; content:"GET"; http_method; content:"/1/av.lnk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577020/; classtype:trojan-activity;sid:84440120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577008)"; flow:established,from_client; content:"GET"; http_method; content:"/1/video.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577008/; classtype:trojan-activity;sid:84440108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577009)"; flow:established,from_client; content:"GET"; http_method; content:"/1/photo.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577009/; classtype:trojan-activity;sid:84440109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576996)"; flow:established,from_client; content:"GET"; http_method; content:"/1/av.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576996/; classtype:trojan-activity;sid:84440096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576990)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576990/; classtype:trojan-activity;sid:84440090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576991)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576991/; classtype:trojan-activity;sid:84440091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576992)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576992/; classtype:trojan-activity;sid:84440092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576993)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576993/; classtype:trojan-activity;sid:84440093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576994)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576994/; classtype:trojan-activity;sid:84440094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576995)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576995/; classtype:trojan-activity;sid:84440095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576988)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576988/; classtype:trojan-activity;sid:84440088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576989)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576989/; classtype:trojan-activity;sid:84440089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576987)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576987/; classtype:trojan-activity;sid:84440087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576981)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576981/; classtype:trojan-activity;sid:84440081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576982)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576982/; classtype:trojan-activity;sid:84440082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576983)"; flow:established,from_client; content:"GET"; http_method; content:"/1/video.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576983/; classtype:trojan-activity;sid:84440083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576984)"; flow:established,from_client; content:"GET"; http_method; content:"/1/photo.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576984/; classtype:trojan-activity;sid:84440084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576985)"; flow:established,from_client; content:"GET"; http_method; content:"/1/info.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576985/; classtype:trojan-activity;sid:84440085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576986)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576986/; classtype:trojan-activity;sid:84440086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575978)"; flow:established,from_client; content:"GET"; http_method; content:"/allbnc.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.253.75.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575978/; classtype:trojan-activity;sid:84439078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575979)"; flow:established,from_client; content:"GET"; http_method; content:"/auto.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.253.75.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575979/; classtype:trojan-activity;sid:84439079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575971)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.253.75.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575971/; classtype:trojan-activity;sid:84439071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575892)"; flow:established,from_client; content:"GET"; http_method; content:"/cata2.jpg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.253.75.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575892/; classtype:trojan-activity;sid:84438992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575355)"; flow:established,from_client; content:"GET"; http_method; content:"/labubu99999/localoco8386/main/shaman.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575355/; classtype:trojan-activity;sid:84438455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575354)"; flow:established,from_client; content:"GET"; http_method; content:"/labubu99999/localoco8386/raw/main/update0.bat"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575354/; classtype:trojan-activity;sid:84438454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573965)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573965/; classtype:trojan-activity;sid:84437065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573084)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome_134.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"lomejordesalamanca.es"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3573084/; classtype:trojan-activity;sid:84436184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.102.100.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_27; reference:url, urlhaus.abuse.ch/url/3570832/; classtype:trojan-activity;sid:84433932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.120.203.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_26; reference:url, urlhaus.abuse.ch/url/3570433/; classtype:trojan-activity;sid:84433533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570158)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.8.83.87"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_25; reference:url, urlhaus.abuse.ch/url/3570158/; classtype:trojan-activity;sid:84433258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569817)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.57.30.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_24; reference:url, urlhaus.abuse.ch/url/3569817/; classtype:trojan-activity;sid:84432917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569802)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.8.83.87"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_24; reference:url, urlhaus.abuse.ch/url/3569802/; classtype:trojan-activity;sid:84432902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569803)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.8.83.87"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_24; reference:url, urlhaus.abuse.ch/url/3569803/; classtype:trojan-activity;sid:84432903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569088)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/images/trapapo.ps1"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"www.vuelaviajero.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_06_22; reference:url, urlhaus.abuse.ch/url/3569088/; classtype:trojan-activity;sid:84432188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568977)"; flow:established,from_client; content:"GET"; http_method; content:"/aminer.gz"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_21; reference:url, urlhaus.abuse.ch/url/3568977/; classtype:trojan-activity;sid:84432077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568976)"; flow:established,from_client; content:"GET"; http_method; content:"/install.tgz"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_21; reference:url, urlhaus.abuse.ch/url/3568976/; classtype:trojan-activity;sid:84432076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568238)"; flow:established,from_client; content:"GET"; http_method; content:"/new_image.jpg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"talentrecruitments.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_06_19; reference:url, urlhaus.abuse.ch/url/3568238/; classtype:trojan-activity;sid:84431338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568230)"; flow:established,from_client; content:"GET"; http_method; content:"/js/new_image.jpg"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"talentrecruitments.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_06_19; reference:url, urlhaus.abuse.ch/url/3568230/; classtype:trojan-activity;sid:84431330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568006)"; flow:established,from_client; content:"GET"; http_method; content:"/xl.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mundocarnes.cl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3568006/; classtype:trojan-activity;sid:84431106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565283)"; flow:established,from_client; content:"GET"; http_method; content:"/images/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565283/; classtype:trojan-activity;sid:84428383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565284)"; flow:established,from_client; content:"GET"; http_method; content:"/svg/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565284/; classtype:trojan-activity;sid:84428384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565285)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565285/; classtype:trojan-activity;sid:84428385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565262)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/dao/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565262/; classtype:trojan-activity;sid:84428362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565260)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/badmail/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565260/; classtype:trojan-activity;sid:84428360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565261/; classtype:trojan-activity;sid:84428361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565259/; classtype:trojan-activity;sid:84428359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565258)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565258/; classtype:trojan-activity;sid:84428358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565257/; classtype:trojan-activity;sid:84428357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565256)"; flow:established,from_client; content:"GET"; http_method; content:"/bkp/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565256/; classtype:trojan-activity;sid:84428356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565255)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/queue/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565255/; classtype:trojan-activity;sid:84428355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565254)"; flow:established,from_client; content:"GET"; http_method; content:"/relftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565254/; classtype:trojan-activity;sid:84428354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565253)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/drop/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565253/; classtype:trojan-activity;sid:84428353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565252)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565252/; classtype:trojan-activity;sid:84428352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565249)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/pickup/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565249/; classtype:trojan-activity;sid:84428349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565244)"; flow:established,from_client; content:"GET"; http_method; content:"/h4lud3ae/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565244/; classtype:trojan-activity;sid:84428344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565245)"; flow:established,from_client; content:"GET"; http_method; content:"/install/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565245/; classtype:trojan-activity;sid:84428345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565246)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565246/; classtype:trojan-activity;sid:84428346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565243)"; flow:established,from_client; content:"GET"; http_method; content:"/relftp/pdf/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565243/; classtype:trojan-activity;sid:84428343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565230/; classtype:trojan-activity;sid:84428330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565236)"; flow:established,from_client; content:"GET"; http_method; content:"/idi/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565236/; classtype:trojan-activity;sid:84428336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565239/; classtype:trojan-activity;sid:84428339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565240)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/idi/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565240/; classtype:trojan-activity;sid:84428340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565241)"; flow:established,from_client; content:"GET"; http_method; content:"/gdbftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565241/; classtype:trojan-activity;sid:84428341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565091)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/cksy/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565091/; classtype:trojan-activity;sid:84428191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565090)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/service/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565090/; classtype:trojan-activity;sid:84428190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565089)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/rgsy/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565089/; classtype:trojan-activity;sid:84428189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565088)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/dto/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565088/; classtype:trojan-activity;sid:84428188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565087)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/entity/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565087/; classtype:trojan-activity;sid:84428187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565085)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565085/; classtype:trojan-activity;sid:84428185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565086)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565086/; classtype:trojan-activity;sid:84428186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565084)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565084/; classtype:trojan-activity;sid:84428184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565083)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/entity/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565083/; classtype:trojan-activity;sid:84428183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565082)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/constrant/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565082/; classtype:trojan-activity;sid:84428182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565081)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565081/; classtype:trojan-activity;sid:84428181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565080)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565080/; classtype:trojan-activity;sid:84428180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565079)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565079/; classtype:trojan-activity;sid:84428179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565078)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/log/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565078/; classtype:trojan-activity;sid:84428178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565077)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565077/; classtype:trojan-activity;sid:84428177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565076)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/chkptwss/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565076/; classtype:trojan-activity;sid:84428176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565075)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/images/new/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565075/; classtype:trojan-activity;sid:84428175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565074)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565074/; classtype:trojan-activity;sid:84428174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565073)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/photoset/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565073/; classtype:trojan-activity;sid:84428173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565072)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/templete/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565072/; classtype:trojan-activity;sid:84428172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565071)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/service/impl/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565071/; classtype:trojan-activity;sid:84428171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565070)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/action/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565070/; classtype:trojan-activity;sid:84428170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565069)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/vehiclereview/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565069/; classtype:trojan-activity;sid:84428169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565068)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/root/org/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565068/; classtype:trojan-activity;sid:84428168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565066)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/css1/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565066/; classtype:trojan-activity;sid:84428166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565067)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/base/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565067/; classtype:trojan-activity;sid:84428167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565065)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/zbawss/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565065/; classtype:trojan-activity;sid:84428165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565064)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/entity/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565064/; classtype:trojan-activity;sid:84428164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565062)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/set/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565062/; classtype:trojan-activity;sid:84428162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565063)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/dto/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565063/; classtype:trojan-activity;sid:84428163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565061)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/service/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565061/; classtype:trojan-activity;sid:84428161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565060)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/root/org/apache/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565060/; classtype:trojan-activity;sid:84428160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565059)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/templete/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565059/; classtype:trojan-activity;sid:84428159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565057)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/photo/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565057/; classtype:trojan-activity;sid:84428157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565058)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/service/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565058/; classtype:trojan-activity;sid:84428158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565056)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/entity/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565056/; classtype:trojan-activity;sid:84428156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565054)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565054/; classtype:trojan-activity;sid:84428154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565049)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/service/impl/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565049/; classtype:trojan-activity;sid:84428149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565050)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/hdk/localxml.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565050/; classtype:trojan-activity;sid:84428150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565051)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565051/; classtype:trojan-activity;sid:84428151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565048)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/dto/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565048/; classtype:trojan-activity;sid:84428148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565044)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/action/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565044/; classtype:trojan-activity;sid:84428144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565043)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/entity/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565043/; classtype:trojan-activity;sid:84428143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565040)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/servacpt/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565040/; classtype:trojan-activity;sid:84428140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565035)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/temp/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565035/; classtype:trojan-activity;sid:84428135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565034)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/dto/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565034/; classtype:trojan-activity;sid:84428134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565030)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/pdauser/action/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565030/; classtype:trojan-activity;sid:84428130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565029)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/sysparam/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565029/; classtype:trojan-activity;sid:84428129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565024)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565024/; classtype:trojan-activity;sid:84428124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565017)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/client/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565017/; classtype:trojan-activity;sid:84428117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565018)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565018/; classtype:trojan-activity;sid:84428118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565016)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565016/; classtype:trojan-activity;sid:84428116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565015)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565015/; classtype:trojan-activity;sid:84428115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565014)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/dao/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565014/; classtype:trojan-activity;sid:84428114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565008)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/interceptor/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565008/; classtype:trojan-activity;sid:84428108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565009)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/plugin/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565009/; classtype:trojan-activity;sid:84428109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565010)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/dto/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565010/; classtype:trojan-activity;sid:84428110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565011)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565011/; classtype:trojan-activity;sid:84428111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565004)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565004/; classtype:trojan-activity;sid:84428104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565001)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565001/; classtype:trojan-activity;sid:84428101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564999)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/dto/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564999/; classtype:trojan-activity;sid:84428099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564992)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/service/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564992/; classtype:trojan-activity;sid:84428092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564993)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/mgr/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564993/; classtype:trojan-activity;sid:84428093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564990)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/visitwss/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564990/; classtype:trojan-activity;sid:84428090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564988)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564988/; classtype:trojan-activity;sid:84428088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564986)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/wss/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564986/; classtype:trojan-activity;sid:84428086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564985)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/pdawss/dto/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564985/; classtype:trojan-activity;sid:84428085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564984)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564984/; classtype:trojan-activity;sid:84428084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564983)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564983/; classtype:trojan-activity;sid:84428083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564980)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/exception/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564980/; classtype:trojan-activity;sid:84428080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564979)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/dao/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564979/; classtype:trojan-activity;sid:84428079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564977)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564977/; classtype:trojan-activity;sid:84428077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564975)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564975/; classtype:trojan-activity;sid:84428075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564976)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/dao/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564976/; classtype:trojan-activity;sid:84428076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564974)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/service/impl/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564974/; classtype:trojan-activity;sid:84428074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564972)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/dao/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564972/; classtype:trojan-activity;sid:84428072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564971)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/hdk/localxml.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564971/; classtype:trojan-activity;sid:84428071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564969)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564969/; classtype:trojan-activity;sid:84428069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564968)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/service/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564968/; classtype:trojan-activity;sid:84428068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564966)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/rgsy/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564966/; classtype:trojan-activity;sid:84428066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564965)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/dao/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564965/; classtype:trojan-activity;sid:84428065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564964)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564964/; classtype:trojan-activity;sid:84428064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564960)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564960/; classtype:trojan-activity;sid:84428060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564961)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564961/; classtype:trojan-activity;sid:84428061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564958)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/dto/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564958/; classtype:trojan-activity;sid:84428058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564957)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/action/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564957/; classtype:trojan-activity;sid:84428057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564956)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/conf/catalina/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564956/; classtype:trojan-activity;sid:84428056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564953)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564953/; classtype:trojan-activity;sid:84428053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564948)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/service/impl/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564948/; classtype:trojan-activity;sid:84428048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564949)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564949/; classtype:trojan-activity;sid:84428049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564944)"; flow:established,from_client; content:"GET"; http_method; content:"/2345downloads/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564944/; classtype:trojan-activity;sid:84428044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564937)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/lib/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564937/; classtype:trojan-activity;sid:84428037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564938)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564938/; classtype:trojan-activity;sid:84428038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564939)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/service/impl/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564939/; classtype:trojan-activity;sid:84428039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564940)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/record/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564940/; classtype:trojan-activity;sid:84428040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564935)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564935/; classtype:trojan-activity;sid:84428035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564936)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564936/; classtype:trojan-activity;sid:84428036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564931)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/mgr/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564931/; classtype:trojan-activity;sid:84428031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564927)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/nvrsetting/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564927/; classtype:trojan-activity;sid:84428027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564925)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/css1/_notes/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564925/; classtype:trojan-activity;sid:84428025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564926)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/rgsy/system/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564926/; classtype:trojan-activity;sid:84428026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564924)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564924/; classtype:trojan-activity;sid:84428024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564920)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/base/dto/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564920/; classtype:trojan-activity;sid:84428020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564908)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/web/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564908/; classtype:trojan-activity;sid:84428008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564909)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564909/; classtype:trojan-activity;sid:84428009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564906)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/lib/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564906/; classtype:trojan-activity;sid:84428006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564903)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/base/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564903/; classtype:trojan-activity;sid:84428003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564902)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/unusual/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564902/; classtype:trojan-activity;sid:84428002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564900)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564900/; classtype:trojan-activity;sid:84428000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564899)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/pub/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564899/; classtype:trojan-activity;sid:84427999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564898)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564898/; classtype:trojan-activity;sid:84427998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564895)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/cyzpdytemp/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564895/; classtype:trojan-activity;sid:84427995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564896)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/systemset/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564896/; classtype:trojan-activity;sid:84427996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564893)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/viewwss/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564893/; classtype:trojan-activity;sid:84427993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564894)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/util/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564894/; classtype:trojan-activity;sid:84427994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564892)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/wss/util/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564892/; classtype:trojan-activity;sid:84427992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564888)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564888/; classtype:trojan-activity;sid:84427988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564889)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/util/nvr/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564889/; classtype:trojan-activity;sid:84427989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564882)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564882/; classtype:trojan-activity;sid:84427982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564883)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/cksy/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564883/; classtype:trojan-activity;sid:84427983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564881)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/sysparam/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564881/; classtype:trojan-activity;sid:84427981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564878)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/bin/tomcat8.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564878/; classtype:trojan-activity;sid:84427978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564876)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564876/; classtype:trojan-activity;sid:84427976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564874)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564874/; classtype:trojan-activity;sid:84427974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564871)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/dao/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564871/; classtype:trojan-activity;sid:84427971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564866)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564866/; classtype:trojan-activity;sid:84427966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564861)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/action/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564861/; classtype:trojan-activity;sid:84427961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564862)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564862/; classtype:trojan-activity;sid:84427962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564863)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/dto/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564863/; classtype:trojan-activity;sid:84427963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564858)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/vehicleinformation/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564858/; classtype:trojan-activity;sid:84427958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564859)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/logs/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564859/; classtype:trojan-activity;sid:84427959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564855)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/entity/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564855/; classtype:trojan-activity;sid:84427955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564852)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/entity/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564852/; classtype:trojan-activity;sid:84427952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564850)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564850/; classtype:trojan-activity;sid:84427950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564849)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564849/; classtype:trojan-activity;sid:84427949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564847)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/utils/excel/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564847/; classtype:trojan-activity;sid:84427947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564845)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/service/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564845/; classtype:trojan-activity;sid:84427945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564844)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/szclient/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564844/; classtype:trojan-activity;sid:84427944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564838)"; flow:established,from_client; content:"GET"; http_method; content:"/futai/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564838/; classtype:trojan-activity;sid:84427938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564839)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564839/; classtype:trojan-activity;sid:84427939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564832)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/service/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564832/; classtype:trojan-activity;sid:84427932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564819)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564819/; classtype:trojan-activity;sid:84427919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564820)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564820/; classtype:trojan-activity;sid:84427920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564821)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/dto/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564821/; classtype:trojan-activity;sid:84427921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564822)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/service/impl/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564822/; classtype:trojan-activity;sid:84427922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564823)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564823/; classtype:trojan-activity;sid:84427923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564809)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/jurisdict/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564809/; classtype:trojan-activity;sid:84427909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564810)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/set/service/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564810/; classtype:trojan-activity;sid:84427910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564812)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/exception/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564812/; classtype:trojan-activity;sid:84427912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564807)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/hdk/hcnetsdkcom/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564807/; classtype:trojan-activity;sid:84427907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564808)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564808/; classtype:trojan-activity;sid:84427908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564804)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/dao/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564804/; classtype:trojan-activity;sid:84427904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564801)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/mgr/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564801/; classtype:trojan-activity;sid:84427901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564800)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564800/; classtype:trojan-activity;sid:84427900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564799)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/pub/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564799/; classtype:trojan-activity;sid:84427899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564797)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564797/; classtype:trojan-activity;sid:84427897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564796)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564796/; classtype:trojan-activity;sid:84427896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564794)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564794/; classtype:trojan-activity;sid:84427894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564793)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564793/; classtype:trojan-activity;sid:84427893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564791)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/hdk/hcnetsdkcom/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564791/; classtype:trojan-activity;sid:84427891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564787)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564787/; classtype:trojan-activity;sid:84427887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564785)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/pub/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564785/; classtype:trojan-activity;sid:84427885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564783)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/service/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564783/; classtype:trojan-activity;sid:84427883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564784)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564784/; classtype:trojan-activity;sid:84427884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564781)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564781/; classtype:trojan-activity;sid:84427881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564782)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/js/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564782/; classtype:trojan-activity;sid:84427882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564780)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564780/; classtype:trojan-activity;sid:84427880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564778)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/web/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564778/; classtype:trojan-activity;sid:84427878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564777)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/base/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564777/; classtype:trojan-activity;sid:84427877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564776)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/dto/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564776/; classtype:trojan-activity;sid:84427876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564769)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564769/; classtype:trojan-activity;sid:84427869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564770)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/meta-inf/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564770/; classtype:trojan-activity;sid:84427870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564771)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/wss/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564771/; classtype:trojan-activity;sid:84427871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564766)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/root/org/apache/jsp/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564766/; classtype:trojan-activity;sid:84427866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564761)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/nvr/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564761/; classtype:trojan-activity;sid:84427861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564760)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/web/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564760/; classtype:trojan-activity;sid:84427860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564755)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/meta-inf/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564755/; classtype:trojan-activity;sid:84427855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564756)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/service/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564756/; classtype:trojan-activity;sid:84427856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564757)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/conf/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564757/; classtype:trojan-activity;sid:84427857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564753)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/mgr/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564753/; classtype:trojan-activity;sid:84427853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564752)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/action/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564752/; classtype:trojan-activity;sid:84427852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564749)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/visitwss/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564749/; classtype:trojan-activity;sid:84427849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564748)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564748/; classtype:trojan-activity;sid:84427848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564747)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/dto/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564747/; classtype:trojan-activity;sid:84427847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564746)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/css/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564746/; classtype:trojan-activity;sid:84427846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564743)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/mgr/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564743/; classtype:trojan-activity;sid:84427843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564739)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/service/impl/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564739/; classtype:trojan-activity;sid:84427839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564740)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/chkptwss/dto/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564740/; classtype:trojan-activity;sid:84427840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564737)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/action/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564737/; classtype:trojan-activity;sid:84427837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564734)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/exception/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564734/; classtype:trojan-activity;sid:84427834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564735)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564735/; classtype:trojan-activity;sid:84427835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564736)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564736/; classtype:trojan-activity;sid:84427836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564731)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/images/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564731/; classtype:trojan-activity;sid:84427831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564726)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/download/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564726/; classtype:trojan-activity;sid:84427826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564724)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564724/; classtype:trojan-activity;sid:84427824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564725)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/hdk/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564725/; classtype:trojan-activity;sid:84427825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564720)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/controller/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564720/; classtype:trojan-activity;sid:84427820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564717)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/dto/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564717/; classtype:trojan-activity;sid:84427817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564718)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564718/; classtype:trojan-activity;sid:84427818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564715)"; flow:established,from_client; content:"GET"; http_method; content:"/xinheyuan/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564715/; classtype:trojan-activity;sid:84427815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564713)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/dao/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564713/; classtype:trojan-activity;sid:84427813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564711)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/dao/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564711/; classtype:trojan-activity;sid:84427811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564706)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/mgr/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564706/; classtype:trojan-activity;sid:84427806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564703)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564703/; classtype:trojan-activity;sid:84427803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564704)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/service/impl/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564704/; classtype:trojan-activity;sid:84427804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564700)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/mgr/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564700/; classtype:trojan-activity;sid:84427800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564697)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/dao/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564697/; classtype:trojan-activity;sid:84427797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564693)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564693/; classtype:trojan-activity;sid:84427793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564694)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/images/icons/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564694/; classtype:trojan-activity;sid:84427794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564685)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/hdk/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564685/; classtype:trojan-activity;sid:84427785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564686)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564686/; classtype:trojan-activity;sid:84427786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564687)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/service/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564687/; classtype:trojan-activity;sid:84427787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564681)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/mgr/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564681/; classtype:trojan-activity;sid:84427781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564682)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564682/; classtype:trojan-activity;sid:84427782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564675)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/lib/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564675/; classtype:trojan-activity;sid:84427775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564674)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564674/; classtype:trojan-activity;sid:84427774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564673)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/bin/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564673/; classtype:trojan-activity;sid:84427773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564672)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/pdauser/dao/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564672/; classtype:trojan-activity;sid:84427772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564671)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/entity/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564671/; classtype:trojan-activity;sid:84427771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564669)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564669/; classtype:trojan-activity;sid:84427769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564670)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/service/impl/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564670/; classtype:trojan-activity;sid:84427770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564666)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/utils/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564666/; classtype:trojan-activity;sid:84427766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564667)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/dao/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564667/; classtype:trojan-activity;sid:84427767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564665)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564665/; classtype:trojan-activity;sid:84427765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564659)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/service/impl/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564659/; classtype:trojan-activity;sid:84427759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564660)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/spotckeck/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564660/; classtype:trojan-activity;sid:84427760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564653)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/entity/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564653/; classtype:trojan-activity;sid:84427753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564654)"; flow:established,from_client; content:"GET"; http_method; content:"/hengsheng/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564654/; classtype:trojan-activity;sid:84427754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564655)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564655/; classtype:trojan-activity;sid:84427755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564648)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/service/impl/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564648/; classtype:trojan-activity;sid:84427748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564644)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/pdauser/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564644/; classtype:trojan-activity;sid:84427744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564640)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/base/dto/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564640/; classtype:trojan-activity;sid:84427740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564641)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/dao/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564641/; classtype:trojan-activity;sid:84427741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564636)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/dto/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564636/; classtype:trojan-activity;sid:84427736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564638)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/dao/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564638/; classtype:trojan-activity;sid:84427738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564633)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/visitwss/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564633/; classtype:trojan-activity;sid:84427733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564634)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/service/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564634/; classtype:trojan-activity;sid:84427734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564635)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564635/; classtype:trojan-activity;sid:84427735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564630)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/entity/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564630/; classtype:trojan-activity;sid:84427730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564629)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/dept/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564629/; classtype:trojan-activity;sid:84427729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564620)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564620/; classtype:trojan-activity;sid:84427720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564621)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/service/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564621/; classtype:trojan-activity;sid:84427721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564616)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/web/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564616/; classtype:trojan-activity;sid:84427716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564611)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/dept/web/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564611/; classtype:trojan-activity;sid:84427711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564599)"; flow:established,from_client; content:"GET"; http_method; content:"/guirui/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564599/; classtype:trojan-activity;sid:84427699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564600)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564600/; classtype:trojan-activity;sid:84427700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564601)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564601/; classtype:trojan-activity;sid:84427701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564602)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/action/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564602/; classtype:trojan-activity;sid:84427702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564603)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/action/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564603/; classtype:trojan-activity;sid:84427703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564597)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/dao/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564597/; classtype:trojan-activity;sid:84427697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564598)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564598/; classtype:trojan-activity;sid:84427698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564594)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564594/; classtype:trojan-activity;sid:84427694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564595)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564595/; classtype:trojan-activity;sid:84427695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564596)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/service/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564596/; classtype:trojan-activity;sid:84427696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564593)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/utils/excel/annotation/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564593/; classtype:trojan-activity;sid:84427693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564592)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/set/service/impl/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564592/; classtype:trojan-activity;sid:84427692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564589)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/utils/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564589/; classtype:trojan-activity;sid:84427689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564590)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/dao/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564590/; classtype:trojan-activity;sid:84427690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564583)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/service/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564583/; classtype:trojan-activity;sid:84427683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564584)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%96%b0%e6%96%87%e4%bb%b6%e5%a4%b9%20(2)/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564584/; classtype:trojan-activity;sid:84427684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564585)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564585/; classtype:trojan-activity;sid:84427685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564581)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/service/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564581/; classtype:trojan-activity;sid:84427681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564578)"; flow:established,from_client; content:"GET"; http_method; content:"/haohua/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564578/; classtype:trojan-activity;sid:84427678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564577)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/base/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564577/; classtype:trojan-activity;sid:84427677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564576)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/count/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564576/; classtype:trojan-activity;sid:84427676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564574)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/dao/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564574/; classtype:trojan-activity;sid:84427674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564575)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564575/; classtype:trojan-activity;sid:84427675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564569)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564569/; classtype:trojan-activity;sid:84427669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564568)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/service/impl/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564568/; classtype:trojan-activity;sid:84427668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564566)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/rgsy/system/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564566/; classtype:trojan-activity;sid:84427666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564565)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/chkpt/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564565/; classtype:trojan-activity;sid:84427665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564563)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564563/; classtype:trojan-activity;sid:84427663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564561)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/controller/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564561/; classtype:trojan-activity;sid:84427661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564562)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564562/; classtype:trojan-activity;sid:84427662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564559)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/entity/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564559/; classtype:trojan-activity;sid:84427659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564554)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/lib/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564554/; classtype:trojan-activity;sid:84427654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564542)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/root/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564542/; classtype:trojan-activity;sid:84427642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564543)"; flow:established,from_client; content:"GET"; http_method; content:"/kaifa/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564543/; classtype:trojan-activity;sid:84427643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564544)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/dto/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564544/; classtype:trojan-activity;sid:84427644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564545)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564545/; classtype:trojan-activity;sid:84427645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564539)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564539/; classtype:trojan-activity;sid:84427639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564540)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/viewws/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564540/; classtype:trojan-activity;sid:84427640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564541)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/pdawss/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564541/; classtype:trojan-activity;sid:84427641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564538)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/web/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564538/; classtype:trojan-activity;sid:84427638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564534)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564534/; classtype:trojan-activity;sid:84427634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564535)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/ckwss/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564535/; classtype:trojan-activity;sid:84427635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564536)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/action/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564536/; classtype:trojan-activity;sid:84427636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564537)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564537/; classtype:trojan-activity;sid:84427637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564527)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564527/; classtype:trojan-activity;sid:84427627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564528)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564528/; classtype:trojan-activity;sid:84427628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564529)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/web/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564529/; classtype:trojan-activity;sid:84427629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564526)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/temp/poifiles/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564526/; classtype:trojan-activity;sid:84427626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564522)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/report/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564522/; classtype:trojan-activity;sid:84427622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564521)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/dao/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564521/; classtype:trojan-activity;sid:84427621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564519)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/visitwss/dto/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564519/; classtype:trojan-activity;sid:84427619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564518)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/entity/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564518/; classtype:trojan-activity;sid:84427618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564515)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564515/; classtype:trojan-activity;sid:84427615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564514)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/action/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564514/; classtype:trojan-activity;sid:84427614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564509)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/dao/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564509/; classtype:trojan-activity;sid:84427609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564500)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564500/; classtype:trojan-activity;sid:84427600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564502)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/dao/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564502/; classtype:trojan-activity;sid:84427602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564498)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/dept/service/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564498/; classtype:trojan-activity;sid:84427598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564499)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/dept/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564499/; classtype:trojan-activity;sid:84427599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564497)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564497/; classtype:trojan-activity;sid:84427597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563453)"; flow:established,from_client; content:"GET"; http_method; content:"/agent.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.67.84.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563453/; classtype:trojan-activity;sid:84426553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563444)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.136.88.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563444/; classtype:trojan-activity;sid:84426544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563441)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"175.178.174.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563441/; classtype:trojan-activity;sid:84426541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563442)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"175.178.174.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563442/; classtype:trojan-activity;sid:84426542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563435)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.136.51.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563435/; classtype:trojan-activity;sid:84426535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563432)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.193.115.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563432/; classtype:trojan-activity;sid:84426532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563425)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.136.51.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563425/; classtype:trojan-activity;sid:84426525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563418)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"42.193.115.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563418/; classtype:trojan-activity;sid:84426518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563424)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.136.88.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563424/; classtype:trojan-activity;sid:84426524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563388)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.132.86.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563388/; classtype:trojan-activity;sid:84426488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563385)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.139.88.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563385/; classtype:trojan-activity;sid:84426485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563384)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.55.134.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563384/; classtype:trojan-activity;sid:84426484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563380)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.73.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563380/; classtype:trojan-activity;sid:84426480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563381)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"124.223.73.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563381/; classtype:trojan-activity;sid:84426481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563374)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"42.194.199.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563374/; classtype:trojan-activity;sid:84426474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563373)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"114.132.86.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563373/; classtype:trojan-activity;sid:84426473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563369)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.233.172.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563369/; classtype:trojan-activity;sid:84426469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563362)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.139.88.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563362/; classtype:trojan-activity;sid:84426462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563363)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"49.233.172.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563363/; classtype:trojan-activity;sid:84426463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563364)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.58.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563364/; classtype:trojan-activity;sid:84426464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563349)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"81.69.185.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563349/; classtype:trojan-activity;sid:84426449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563343)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.69.185.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563343/; classtype:trojan-activity;sid:84426443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563336)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"106.55.134.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563336/; classtype:trojan-activity;sid:84426436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563320)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.58.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563320/; classtype:trojan-activity;sid:84426420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563253)"; flow:established,from_client; content:"GET"; http_method; content:"/gg.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.18.10.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563253/; classtype:trojan-activity;sid:84426353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562926)"; flow:established,from_client; content:"GET"; http_method; content:"/mar10/wsgidav/archive/refs/heads/master.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3562926/; classtype:trojan-activity;sid:84426026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562778)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/msglu32.ocx"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562778/; classtype:trojan-activity;sid:84425878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562768)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/energizertrojan-malware.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562768/; classtype:trojan-activity;sid:84425868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562769)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/advnetcfg.ocx"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562769/; classtype:trojan-activity;sid:84425869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562770)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/icecast2_2.0.0_vulnerable.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562770/; classtype:trojan-activity;sid:84425870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562771)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/mssecmgr.ocx"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562771/; classtype:trojan-activity;sid:84425871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562772)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/dnsmasq-2.73rc7.tar.gz"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562772/; classtype:trojan-activity;sid:84425872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562774)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/boot32drv.sys"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562774/; classtype:trojan-activity;sid:84425874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562775)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/energizertrojan-malware.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562775/; classtype:trojan-activity;sid:84425875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562766)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/nteps32.ocx"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562766/; classtype:trojan-activity;sid:84425866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562767)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/dnsmasq-2.73rc7.tar.gz"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562767/; classtype:trojan-activity;sid:84425867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562765)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/icecast2_2.0.0_vulnerable.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562765/; classtype:trojan-activity;sid:84425865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562763)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/ccalc32.sys"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562763/; classtype:trojan-activity;sid:84425863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562757)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp_linux_amd64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"101.43.49.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562757/; classtype:trojan-activity;sid:84425857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562600)"; flow:established,from_client; content:"GET"; http_method; content:"/zusyaku/malware-collection-part-2/refs/heads/main/666/666.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562600/; classtype:trojan-activity;sid:84425700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562599)"; flow:established,from_client; content:"GET"; http_method; content:"/wp.bat"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562599/; classtype:trojan-activity;sid:84425699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562404)"; flow:established,from_client; content:"GET"; http_method; content:"/live.lnk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.116.190.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562404/; classtype:trojan-activity;sid:84425504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562403)"; flow:established,from_client; content:"GET"; http_method; content:"/uat.lnk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.116.190.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562403/; classtype:trojan-activity;sid:84425503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561991)"; flow:established,from_client; content:"GET"; http_method; content:"/wyverntkc/cpuminer-gr-avx2/releases/download/1.2.4.1/cpuminer-gr-1.2.4.1-x86_64_windows.7z"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561991/; classtype:trojan-activity;sid:84425091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561989)"; flow:established,from_client; content:"GET"; http_method; content:"/wyverntkc/cpuminer-gr-avx2/archive/refs/tags/1.2.4.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561989/; classtype:trojan-activity;sid:84425089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561990)"; flow:established,from_client; content:"GET"; http_method; content:"/wyverntkc/cpuminer-gr-avx2/archive/refs/tags/1.2.4.1.tar.gz"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561990/; classtype:trojan-activity;sid:84425090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561988)"; flow:established,from_client; content:"GET"; http_method; content:"/wyverntkc/cpuminer-gr-avx2/releases/download/1.2.4.1/cpuminer-gr-1.2.4.1-args-x86_64_linux.tar.gz"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561988/; classtype:trojan-activity;sid:84425088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561860)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1746669868_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.yz.tcdnos.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561860/; classtype:trojan-activity;sid:84424960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561859)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747308966_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.bytes.tcdnos.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561859/; classtype:trojan-activity;sid:84424959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561858)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747209335_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.bytes.tcdnos.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561858/; classtype:trojan-activity;sid:84424958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561857)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747732120_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.bytes.tcdnos.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561857/; classtype:trojan-activity;sid:84424957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561856)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747640975_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.bytes.tcdnos.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561856/; classtype:trojan-activity;sid:84424956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561839)"; flow:established,from_client; content:"GET"; http_method; content:"/files/data/drss/drbw.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"124.223.105.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561839/; classtype:trojan-activity;sid:84424939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561639)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"123.232.43.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_12; reference:url, urlhaus.abuse.ch/url/3561639/; classtype:trojan-activity;sid:84424739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.88.234.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3560938/; classtype:trojan-activity;sid:84424038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560452)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/ransomware/annabelle.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560452/; classtype:trojan-activity;sid:84423552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560449)"; flow:established,from_client; content:"GET"; http_method; content:"/rzm-crack-team/redline-crack/main/redline-crack-by-rzt.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560449/; classtype:trojan-activity;sid:84423549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560445)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/master/ydrag.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560445/; classtype:trojan-activity;sid:84423545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560439)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/loic/master/loic.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560439/; classtype:trojan-activity;sid:84423539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560434)"; flow:established,from_client; content:"GET"; http_method; content:"/phantompeek/kematian/main/frontend-src/kematian_shellcode.ps1"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560434/; classtype:trojan-activity;sid:84423534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560418)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/ransomware/cryptowall.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560418/; classtype:trojan-activity;sid:84423518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560419)"; flow:established,from_client; content:"GET"; http_method; content:"/phantompeek/kematian/main/frontend-src/main.ps1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560419/; classtype:trojan-activity;sid:84423519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560422)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/ransomware/cryptolocker.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560422/; classtype:trojan-activity;sid:84423522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560416)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/prolin.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560416/; classtype:trojan-activity;sid:84423516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560412)"; flow:established,from_client; content:"GET"; http_method; content:"/phantompeek/kematian/main/frontend-src/main.bat"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560412/; classtype:trojan-activity;sid:84423512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560414)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/funbatchcode-malicousandnonmalicous/master/worm.bat"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560414/; classtype:trojan-activity;sid:84423514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560409)"; flow:established,from_client; content:"GET"; http_method; content:"/noccenter/noccenter/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560409/; classtype:trojan-activity;sid:84423509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560385)"; flow:established,from_client; content:"GET"; http_method; content:"/pc/pdfconvert/pdfconverter_p2w154-zx-666.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"download.pdf00.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560385/; classtype:trojan-activity;sid:84423485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560380)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rod_en_1.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.r-tt.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560380/; classtype:trojan-activity;sid:84423480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560381)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rmd_en_1.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.r-tt.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560381/; classtype:trojan-activity;sid:84423481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560383)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rxd_en_1.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.r-tt.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560383/; classtype:trojan-activity;sid:84423483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560209)"; flow:established,from_client; content:"GET"; http_method; content:"/cybertoxin/remcos-professional-cracked-by-alcatraz3222/raw/master/remcos%20professional%20cracked%20by%20alcatraz3222.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560209/; classtype:trojan-activity;sid:84423309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.255.97.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3559887/; classtype:trojan-activity;sid:84422987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559217)"; flow:established,from_client; content:"GET"; http_method; content:"/public/update/bmw_v1.7.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"acc.jiangsujiaxue.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559217/; classtype:trojan-activity;sid:84422317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559216)"; flow:established,from_client; content:"GET"; http_method; content:"/classticket.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"class1004.dothome.co.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559216/; classtype:trojan-activity;sid:84422316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559211)"; flow:established,from_client; content:"GET"; http_method; content:"/static/download/teleport-assist-windows.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"58.49.210.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559211/; classtype:trojan-activity;sid:84422311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559208)"; flow:established,from_client; content:"GET"; http_method; content:"/yx/dts/sqft/904576/yx_dts.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"d.14yaa.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559208/; classtype:trojan-activity;sid:84422308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559123)"; flow:established,from_client; content:"GET"; http_method; content:"/nps.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"118.219.11.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559123/; classtype:trojan-activity;sid:84422223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559040)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/keystone.dll"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559040/; classtype:trojan-activity;sid:84422140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559037)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/sgn.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559037/; classtype:trojan-activity;sid:84422137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559033)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/bsodlogicbomb.ps1"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559033/; classtype:trojan-activity;sid:84422133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559034)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/powersyringe.ps1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559034/; classtype:trojan-activity;sid:84422134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559022)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/invoke-reflectivepeinjection.ps1"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559022/; classtype:trojan-activity;sid:84422122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559025)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/pe2shc.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559025/; classtype:trojan-activity;sid:84422125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559019)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/encrypted.enc"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559019/; classtype:trojan-activity;sid:84422119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559009)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/masquerade-peb.ps1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559009/; classtype:trojan-activity;sid:84422109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559012)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/uacbstartup.ps1"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559012/; classtype:trojan-activity;sid:84422112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559014)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/invoke-shellcode-fixed.ps1"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559014/; classtype:trojan-activity;sid:84422114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559015)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/onedoesnotsimplybypassentirewindefender.ps1"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559015/; classtype:trojan-activity;sid:84422115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559005)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/migrate.rb"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559005/; classtype:trojan-activity;sid:84422105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559006)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/base64.rb"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559006/; classtype:trojan-activity;sid:84422106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558975)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/bugsoft.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558975/; classtype:trojan-activity;sid:84422075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558976)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/brontok.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558976/; classtype:trojan-activity;sid:84422076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558977)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/banking-malware/zloader.xlsm"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558977/; classtype:trojan-activity;sid:84422077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558973)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/anap.a.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558973/; classtype:trojan-activity;sid:84422073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558974)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/axam.a.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558974/; classtype:trojan-activity;sid:84422074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558966)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/banking-malware/emotet.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558966/; classtype:trojan-activity;sid:84422066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558967)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/amus.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558967/; classtype:trojan-activity;sid:84422067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558969)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/rickware/master/rickroll.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558969/; classtype:trojan-activity;sid:84422069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558602)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.26.97.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558602/; classtype:trojan-activity;sid:84421702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558501)"; flow:established,from_client; content:"GET"; http_method; content:"/g7_update.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"118.219.11.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558501/; classtype:trojan-activity;sid:84421601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558302)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/amsibypass/main/newamsibypass.ps1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558302/; classtype:trojan-activity;sid:84421402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558300)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/link-exe-test/main/matthew.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558300/; classtype:trojan-activity;sid:84421400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558295)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/second.bin"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558295/; classtype:trojan-activity;sid:84421395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558290)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/urbanvpn.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558290/; classtype:trojan-activity;sid:84421390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558291)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/svhost.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558291/; classtype:trojan-activity;sid:84421391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558292)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/second.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558292/; classtype:trojan-activity;sid:84421392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558289)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/invoke-nicelittlekittieobf/main/invoke-nicelittlekittieobf.ps1"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558289/; classtype:trojan-activity;sid:84421389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558285)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/pvp.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558285/; classtype:trojan-activity;sid:84421385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558287)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/darwin.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558287/; classtype:trojan-activity;sid:84421387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558280)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-dropper/main/src/main.rs"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558280/; classtype:trojan-activity;sid:84421380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558271)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/bin/x64/release/phantom.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558271/; classtype:trojan-activity;sid:84421371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558266)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/invoke-shell/main/reverse.ps1"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558266/; classtype:trojan-activity;sid:84421366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558264)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/iso-file-testing/main/pleaserunme.iso"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558264/; classtype:trojan-activity;sid:84421364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558260)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/resources/uac64.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558260/; classtype:trojan-activity;sid:84421360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558252)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/payload.bin"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558252/; classtype:trojan-activity;sid:84421352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558247)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/riende.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558247/; classtype:trojan-activity;sid:84421347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558249)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/resources/uac.dll"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558249/; classtype:trojan-activity;sid:84421349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558243)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/invoke-nicelittlekittie/main/invoke-nicelittlekittie.ps1"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558243/; classtype:trojan-activity;sid:84421343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558235)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/payload_encrypted.bin"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558235/; classtype:trojan-activity;sid:84421335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558237)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/meter/main/meter5555.ps1"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558237/; classtype:trojan-activity;sid:84421337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558229)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/js-file-test/main/loader.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558229/; classtype:trojan-activity;sid:84421329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558230)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-revshell/main/src/main.rs"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558230/; classtype:trojan-activity;sid:84421330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556675)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2025/05/1tronps1.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"sablayan.seasonshotelmindoro.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_06_03; reference:url, urlhaus.abuse.ch/url/3556675/; classtype:trojan-activity;sid:84419775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556673)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2025/05/1framework.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sablayan.seasonshotelmindoro.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_06_03; reference:url, urlhaus.abuse.ch/url/3556673/; classtype:trojan-activity;sid:84419773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556668)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2025/05/1tronvbs.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"sablayan.seasonshotelmindoro.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_06_03; reference:url, urlhaus.abuse.ch/url/3556668/; classtype:trojan-activity;sid:84419768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556670)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2025/05/imagens.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"sablayan.seasonshotelmindoro.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_06_03; reference:url, urlhaus.abuse.ch/url/3556670/; classtype:trojan-activity;sid:84419770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555465)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.239.78.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_30; reference:url, urlhaus.abuse.ch/url/3555465/; classtype:trojan-activity;sid:84418565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555192)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/raw/refs/heads/master/ransomware/wannacry.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555192/; classtype:trojan-activity;sid:84418292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3554546)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.239.78.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_28; reference:url, urlhaus.abuse.ch/url/3554546/; classtype:trojan-activity;sid:84417646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3554430)"; flow:established,from_client; content:"GET"; http_method; content:"/rate.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"celebratingseniors.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_28; reference:url, urlhaus.abuse.ch/url/3554430/; classtype:trojan-activity;sid:84417530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3554345)"; flow:established,from_client; content:"GET"; http_method; content:"/rats.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"celebratingseniors.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_28; reference:url, urlhaus.abuse.ch/url/3554345/; classtype:trojan-activity;sid:84417445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.95.253.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553946/; classtype:trojan-activity;sid:84417046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553636)"; flow:established,from_client; content:"GET"; http_method; content:"/bufs.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"maidforyou1985.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553636/; classtype:trojan-activity;sid:84416736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553629)"; flow:established,from_client; content:"GET"; http_method; content:"/mits.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"windomstatetheater.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553629/; classtype:trojan-activity;sid:84416729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553633)"; flow:established,from_client; content:"GET"; http_method; content:"/osxs.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"windomstatetheater.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553633/; classtype:trojan-activity;sid:84416733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553609)"; flow:established,from_client; content:"GET"; http_method; content:"/rars.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"windomstatetheater.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553609/; classtype:trojan-activity;sid:84416709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.92.228.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553268/; classtype:trojan-activity;sid:84416368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.81.156.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552756/; classtype:trojan-activity;sid:84415856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.81.156.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552757/; classtype:trojan-activity;sid:84415857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552741)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.83.211.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552741/; classtype:trojan-activity;sid:84415841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552617)"; flow:established,from_client; content:"GET"; http_method; content:"/bre"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.74.204.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552617/; classtype:trojan-activity;sid:84415717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552045)"; flow:established,from_client; content:"GET"; http_method; content:"/anonimusman00-2/xmr/refs/heads/main/silent%20miner.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552045/; classtype:trojan-activity;sid:84415145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552042)"; flow:established,from_client; content:"GET"; http_method; content:"/waf/dracula-cmd/master/dist/colortool.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552042/; classtype:trojan-activity;sid:84415142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552043)"; flow:established,from_client; content:"GET"; http_method; content:"/iamsysadmin/setteamsbg/main/set-teams-backgrounds.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552043/; classtype:trojan-activity;sid:84415143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552009)"; flow:established,from_client; content:"GET"; http_method; content:"/anonimusman00-2/xmr/raw/refs/heads/main/silent%20miner.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552009/; classtype:trojan-activity;sid:84415109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552005)"; flow:established,from_client; content:"GET"; http_method; content:"/alanparadis/stalker2simplemodmerger/releases/download/vortex-v1.4.9/stalker2simplemodmergerforvortex.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552005/; classtype:trojan-activity;sid:84415105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551493)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.242.66.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551493/; classtype:trojan-activity;sid:84414593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550735)"; flow:established,from_client; content:"GET"; http_method; content:"/macmid_sonoma_14_5.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"107.198.40.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550735/; classtype:trojan-activity;sid:84413835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550356)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.190.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550356/; classtype:trojan-activity;sid:84413456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549998)"; flow:established,from_client; content:"GET"; http_method; content:"/server.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"106.14.68.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549998/; classtype:trojan-activity;sid:84413098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.87.82.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549645/; classtype:trojan-activity;sid:84412745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3547880)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ed2w0zvvx53_mfifdszyslleurub40zo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3547880/; classtype:trojan-activity;sid:84410980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3547784)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.84.143"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3547784/; classtype:trojan-activity;sid:84410884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3547782)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.98.176.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3547782/; classtype:trojan-activity;sid:84410882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3546975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.119.108.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_19; reference:url, urlhaus.abuse.ch/url/3546975/; classtype:trojan-activity;sid:84410075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3546969)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.236.147.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_19; reference:url, urlhaus.abuse.ch/url/3546969/; classtype:trojan-activity;sid:84410069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3544992)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/nk/wunbbnvf102.bin"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"planetariumobil.ro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3544992/; classtype:trojan-activity;sid:84408092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3544450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.204.105.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3544450/; classtype:trojan-activity;sid:84407550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543803)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.239.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3543803/; classtype:trojan-activity;sid:84406903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543805)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.239.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3543805/; classtype:trojan-activity;sid:84406905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543801)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.83.40"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3543801/; classtype:trojan-activity;sid:84406901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543701)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.204.105.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3543701/; classtype:trojan-activity;sid:84406801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.50.222.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_14; reference:url, urlhaus.abuse.ch/url/3543392/; classtype:trojan-activity;sid:84406492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3542563)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wvxiyf_ryvgg_x3x7uceicqrndhb7lul"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_05_13; reference:url, urlhaus.abuse.ch/url/3542563/; classtype:trojan-activity;sid:84405663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541826)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/giphy.gif"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"onfiltre.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_12; reference:url, urlhaus.abuse.ch/url/3541826/; classtype:trojan-activity;sid:84404926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541464)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541464/; classtype:trojan-activity;sid:84404564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541468)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541468/; classtype:trojan-activity;sid:84404568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541469)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541469/; classtype:trojan-activity;sid:84404569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541471)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541471/; classtype:trojan-activity;sid:84404571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541473)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541473/; classtype:trojan-activity;sid:84404573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541474)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541474/; classtype:trojan-activity;sid:84404574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541476)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541476/; classtype:trojan-activity;sid:84404576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541477)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541477/; classtype:trojan-activity;sid:84404577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541479)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541479/; classtype:trojan-activity;sid:84404579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541481)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541481/; classtype:trojan-activity;sid:84404581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541456)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.mpsl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541456/; classtype:trojan-activity;sid:84404556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541457)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.mips"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541457/; classtype:trojan-activity;sid:84404557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541458)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541458/; classtype:trojan-activity;sid:84404558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541459)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.x86_64"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541459/; classtype:trojan-activity;sid:84404559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541460)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541460/; classtype:trojan-activity;sid:84404560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541461)"; flow:established,from_client; content:"GET"; http_method; content:"/where/arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541461/; classtype:trojan-activity;sid:84404561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541446)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541446/; classtype:trojan-activity;sid:84404546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541447)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541447/; classtype:trojan-activity;sid:84404547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541448)"; flow:established,from_client; content:"GET"; http_method; content:"/where/x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541448/; classtype:trojan-activity;sid:84404548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541449)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541449/; classtype:trojan-activity;sid:84404549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541450)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.spc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541450/; classtype:trojan-activity;sid:84404550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541451)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.ppc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541451/; classtype:trojan-activity;sid:84404551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541452)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.m68k"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541452/; classtype:trojan-activity;sid:84404552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541453)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.x86"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541453/; classtype:trojan-activity;sid:84404553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541454)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.sh4"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541454/; classtype:trojan-activity;sid:84404554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541455)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541455/; classtype:trojan-activity;sid:84404555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541365)"; flow:established,from_client; content:"GET"; http_method; content:"/where/m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541365/; classtype:trojan-activity;sid:84404465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541355)"; flow:established,from_client; content:"GET"; http_method; content:"/where/arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541355/; classtype:trojan-activity;sid:84404455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541356)"; flow:established,from_client; content:"GET"; http_method; content:"/where/arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541356/; classtype:trojan-activity;sid:84404456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541358)"; flow:established,from_client; content:"GET"; http_method; content:"/where/x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541358/; classtype:trojan-activity;sid:84404458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541359)"; flow:established,from_client; content:"GET"; http_method; content:"/where/ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541359/; classtype:trojan-activity;sid:84404459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541360)"; flow:established,from_client; content:"GET"; http_method; content:"/where/mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541360/; classtype:trojan-activity;sid:84404460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541361)"; flow:established,from_client; content:"GET"; http_method; content:"/where/sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541361/; classtype:trojan-activity;sid:84404461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541362)"; flow:established,from_client; content:"GET"; http_method; content:"/where/mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541362/; classtype:trojan-activity;sid:84404462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541363)"; flow:established,from_client; content:"GET"; http_method; content:"/where/arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541363/; classtype:trojan-activity;sid:84404463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541364)"; flow:established,from_client; content:"GET"; http_method; content:"/where/spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541364/; classtype:trojan-activity;sid:84404464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540931)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.12.2/xmrig-6.12.2-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3540931/; classtype:trojan-activity;sid:84404031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540430)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540430/; classtype:trojan-activity;sid:84403530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540431)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/w.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540431/; classtype:trojan-activity;sid:84403531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540409)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540409/; classtype:trojan-activity;sid:84403509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540400)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540400/; classtype:trojan-activity;sid:84403500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540401)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540401/; classtype:trojan-activity;sid:84403501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540402)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540402/; classtype:trojan-activity;sid:84403502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540403)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540403/; classtype:trojan-activity;sid:84403503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540404)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540404/; classtype:trojan-activity;sid:84403504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540405)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540405/; classtype:trojan-activity;sid:84403505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540406)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540406/; classtype:trojan-activity;sid:84403506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540407)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540407/; classtype:trojan-activity;sid:84403507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540408)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540408/; classtype:trojan-activity;sid:84403508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540085)"; flow:established,from_client; content:"GET"; http_method; content:"/.x/pax.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"13.71.2.244"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540085/; classtype:trojan-activity;sid:84403185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539686)"; flow:established,from_client; content:"GET"; http_method; content:"/js_bo/werkstastt/shotstar.prm"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.silver-hubdachwohnwagen.de"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539686/; classtype:trojan-activity;sid:84402786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539354)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.218.225.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539354/; classtype:trojan-activity;sid:84402454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539297)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.190.58.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539297/; classtype:trojan-activity;sid:84402397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539028)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.22.42.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3539028/; classtype:trojan-activity;sid:84402128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538764)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.211.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538764/; classtype:trojan-activity;sid:84401864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538763)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.208.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538763/; classtype:trojan-activity;sid:84401863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538762)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.209.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538762/; classtype:trojan-activity;sid:84401862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538761)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.94.181.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538761/; classtype:trojan-activity;sid:84401861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538755)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.209.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538755/; classtype:trojan-activity;sid:84401855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538747)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.94.181.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538747/; classtype:trojan-activity;sid:84401847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538741)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.94.181.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538741/; classtype:trojan-activity;sid:84401841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538744)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.94.181.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538744/; classtype:trojan-activity;sid:84401844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538670)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.208.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538670/; classtype:trojan-activity;sid:84401770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538179)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.22.42.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538179/; classtype:trojan-activity;sid:84401279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3537710)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/wex.gif"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"stonecradle.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_07; reference:url, urlhaus.abuse.ch/url/3537710/; classtype:trojan-activity;sid:84400810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536597)"; flow:established,from_client; content:"GET"; http_method; content:"/where/wget.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536597/; classtype:trojan-activity;sid:84399697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536598)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536598/; classtype:trojan-activity;sid:84399698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536618)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536618/; classtype:trojan-activity;sid:84399718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536583)"; flow:established,from_client; content:"GET"; http_method; content:"/where/w.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536583/; classtype:trojan-activity;sid:84399683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536582)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536582/; classtype:trojan-activity;sid:84399682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536575)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536575/; classtype:trojan-activity;sid:84399675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536576)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536576/; classtype:trojan-activity;sid:84399676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536577)"; flow:established,from_client; content:"GET"; http_method; content:"/where/c.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536577/; classtype:trojan-activity;sid:84399677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536578)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536578/; classtype:trojan-activity;sid:84399678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536579)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536579/; classtype:trojan-activity;sid:84399679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536580)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536580/; classtype:trojan-activity;sid:84399680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536581)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536581/; classtype:trojan-activity;sid:84399681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536070)"; flow:established,from_client; content:"GET"; http_method; content:"/dl202"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536070/; classtype:trojan-activity;sid:84399170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3534886)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.93.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_04; reference:url, urlhaus.abuse.ch/url/3534886/; classtype:trojan-activity;sid:84397986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3533582)"; flow:established,from_client; content:"GET"; http_method; content:"/kokotpycauholica/ultraundetecteddrv/refs/heads/main/hbvtmbp46iieehp1.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_03; reference:url, urlhaus.abuse.ch/url/3533582/; classtype:trojan-activity;sid:84396682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532985)"; flow:established,from_client; content:"GET"; http_method; content:"/dl201"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532985/; classtype:trojan-activity;sid:84396085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532847)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.129.49.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532847/; classtype:trojan-activity;sid:84395947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532848)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.129.49.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532848/; classtype:trojan-activity;sid:84395948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532849)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.129.49.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532849/; classtype:trojan-activity;sid:84395949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532282)"; flow:established,from_client; content:"GET"; http_method; content:"/dl200"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532282/; classtype:trojan-activity;sid:84395382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.21.252.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531990/; classtype:trojan-activity;sid:84395090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.127.68.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3530891/; classtype:trojan-activity;sid:84393991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529929)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.21.252.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529929/; classtype:trojan-activity;sid:84393029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528280)"; flow:established,from_client; content:"GET"; http_method; content:"/mir1ce/hawkeye/releases/download/v0319/hawkeye.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_28; reference:url, urlhaus.abuse.ch/url/3528280/; classtype:trojan-activity;sid:84391380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528279)"; flow:established,from_client; content:"GET"; http_method; content:"/yarahq/yara-forge/releases/latest/download/yara-forge-rules-core.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_28; reference:url, urlhaus.abuse.ch/url/3528279/; classtype:trojan-activity;sid:84391379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528277)"; flow:established,from_client; content:"GET"; http_method; content:"/meckazin/chromekatz/releases/download/0.6.1/chromekatzbofs.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_28; reference:url, urlhaus.abuse.ch/url/3528277/; classtype:trojan-activity;sid:84391377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528171)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/19831362/alpha.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528171/; classtype:trojan-activity;sid:84391271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528170)"; flow:established,from_client; content:"GET"; http_method; content:"/decalage2/oletools/releases/download/v0.60.2/oletools-0.60.2.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528170/; classtype:trojan-activity;sid:84391270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528165)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/19831288/crack.nurik.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528165/; classtype:trojan-activity;sid:84391265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528162)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/19831450/solara.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528162/; classtype:trojan-activity;sid:84391262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528154)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/19835739/solarus.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528154/; classtype:trojan-activity;sid:84391254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528128)"; flow:established,from_client; content:"GET"; http_method; content:"/zxc5wezxc/new/main/dllbase64reverse.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528128/; classtype:trojan-activity;sid:84391228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528127)"; flow:established,from_client; content:"GET"; http_method; content:"/androidmalware/android_hid/f25d0234cff288ab8384689685e37b1b4bbaf2ba/test.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528127/; classtype:trojan-activity;sid:84391227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528108)"; flow:established,from_client; content:"GET"; http_method; content:"/monkeyadece/v-f/releases/download/1.4.2/vector-fixer-v1.4.2.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528108/; classtype:trojan-activity;sid:84391208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528105)"; flow:established,from_client; content:"GET"; http_method; content:"/ui.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"public.demo.securecloudsandbox.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528105/; classtype:trojan-activity;sid:84391205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528107)"; flow:established,from_client; content:"GET"; http_method; content:"/lbormann/darts-gif/releases/download/v1.1.0/darts-gif.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528107/; classtype:trojan-activity;sid:84391207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528100)"; flow:established,from_client; content:"GET"; http_method; content:"/lbormann/darts-pixelit/releases/download/v1.2.2/darts-pixelit.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528100/; classtype:trojan-activity;sid:84391200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528101)"; flow:established,from_client; content:"GET"; http_method; content:"/lbormann/darts-wled/releases/download/v1.8.1/darts-wled.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528101/; classtype:trojan-activity;sid:84391201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528097)"; flow:established,from_client; content:"GET"; http_method; content:"/harelba/q/releases/download/2.0.19/q-amd64-windows.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528097/; classtype:trojan-activity;sid:84391197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528098)"; flow:established,from_client; content:"GET"; http_method; content:"/mikf/gallery-dl/releases/download/v1.15.0/gallery-dl.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528098/; classtype:trojan-activity;sid:84391198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527923)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-load/rapidsvn.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"muriaspetin.es"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527923/; classtype:trojan-activity;sid:84391023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527856)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.36.11.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527856/; classtype:trojan-activity;sid:84390956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"149.241.40.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527836/; classtype:trojan-activity;sid:84390936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527814)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.57.30.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527814/; classtype:trojan-activity;sid:84390914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526930)"; flow:established,from_client; content:"GET"; http_method; content:"/verify-sec"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"msoftdatastore.z22.web.core.windows.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526930/; classtype:trojan-activity;sid:84390030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.69.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526832/; classtype:trojan-activity;sid:84389932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525979)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525979/; classtype:trojan-activity;sid:84389079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525710)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"149.241.40.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525710/; classtype:trojan-activity;sid:84388810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.110.37.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525151/; classtype:trojan-activity;sid:84388251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.144.210.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525139/; classtype:trojan-activity;sid:84388239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525013)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.69.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525013/; classtype:trojan-activity;sid:84388113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525021)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.83.203.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525021/; classtype:trojan-activity;sid:84388121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524811)"; flow:established,from_client; content:"GET"; http_method; content:"/vaxilu/x-ui/releases/latest/download/x-ui-linux-amd64.tar.gz"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524811/; classtype:trojan-activity;sid:84387911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524779)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.158.88.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524779/; classtype:trojan-activity;sid:84387879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524506)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ccjlbddgjhpeeff1b1hfkgp3x16c_tj1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524506/; classtype:trojan-activity;sid:84387606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524454)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1bpc5z-hv6kosk6artkfmbtsnnwwpdghy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524454/; classtype:trojan-activity;sid:84387554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3523621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.47.243.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_24; reference:url, urlhaus.abuse.ch/url/3523621/; classtype:trojan-activity;sid:84386721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522943)"; flow:established,from_client; content:"GET"; http_method; content:"/oto"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_23; reference:url, urlhaus.abuse.ch/url/3522943/; classtype:trojan-activity;sid:84386043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.30.92.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_23; reference:url, urlhaus.abuse.ch/url/3522876/; classtype:trojan-activity;sid:84385976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522687)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ltrdqlgcl6smoqujfs1pb2ernzhsbydh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_23; reference:url, urlhaus.abuse.ch/url/3522687/; classtype:trojan-activity;sid:84385787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522201)"; flow:established,from_client; content:"GET"; http_method; content:"/eed8989/u/main/ud.bat"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3522201/; classtype:trojan-activity;sid:84385301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522159)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.243.36.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3522159/; classtype:trojan-activity;sid:84385259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520366)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.12.2/xmrig-6.12.2-linux-x64.tar.gz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_21; reference:url, urlhaus.abuse.ch/url/3520366/; classtype:trojan-activity;sid:84383466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520082)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.226.241.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520082/; classtype:trojan-activity;sid:84383182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520081)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.57.43.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520081/; classtype:trojan-activity;sid:84383181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520073)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.63.168.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520073/; classtype:trojan-activity;sid:84383173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520077)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.244.254.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520077/; classtype:trojan-activity;sid:84383177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520070)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.63.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520070/; classtype:trojan-activity;sid:84383170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520068)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.182.77.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520068/; classtype:trojan-activity;sid:84383168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.229.20.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519584/; classtype:trojan-activity;sid:84382684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519540)"; flow:established,from_client; content:"GET"; http_method; content:"/_autovlbs19_new/trainjx2.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"thtp2.volamngayxua.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519540/; classtype:trojan-activity;sid:84382640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519529)"; flow:established,from_client; content:"GET"; http_method; content:"/_autovlbs19_new/trainjx.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"thtp2.volamngayxua.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519529/; classtype:trojan-activity;sid:84382629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519525)"; flow:established,from_client; content:"GET"; http_method; content:"/down/linm_free/tg_linm_data_image_free.dll"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tiwanlinm.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519525/; classtype:trojan-activity;sid:84382625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519518)"; flow:established,from_client; content:"GET"; http_method; content:"/fb/32.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ny.lshdw.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519518/; classtype:trojan-activity;sid:84382618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519513)"; flow:established,from_client; content:"GET"; http_method; content:"/install/namu832.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519513/; classtype:trojan-activity;sid:84382613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519485)"; flow:established,from_client; content:"GET"; http_method; content:"/versions/gestioniccv20.21.8.51/gestionicc.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"icoffeecloud.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519485/; classtype:trojan-activity;sid:84382585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519469)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"60aaf9c6.salamanderprocessing.pages.dev"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519469/; classtype:trojan-activity;sid:84382569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519467)"; flow:established,from_client; content:"GET"; http_method; content:"/down/linm_free/tg_linm_data_map_free.dll"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"tiwanlinm.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519467/; classtype:trojan-activity;sid:84382567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519464)"; flow:established,from_client; content:"GET"; http_method; content:"/fb/sm.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ny.lshdw.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519464/; classtype:trojan-activity;sid:84382564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519459)"; flow:established,from_client; content:"GET"; http_method; content:"/pds/mogimall/giftorder/giftorder.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mogimall.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519459/; classtype:trojan-activity;sid:84382559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519451)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"2cfc0222.salamanderprocessing.pages.dev"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519451/; classtype:trojan-activity;sid:84382551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519446)"; flow:established,from_client; content:"GET"; http_method; content:"/newchaisupon/vendor/bin/psysh.bat"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"99194034-96-20180108171507.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519446/; classtype:trojan-activity;sid:84382546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519442)"; flow:established,from_client; content:"GET"; http_method; content:"/diaclients/doitallmain.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.salonmarketing.ca"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519442/; classtype:trojan-activity;sid:84382542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519443)"; flow:established,from_client; content:"GET"; http_method; content:"/sa0611/systemsa32.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.ss-01.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519443/; classtype:trojan-activity;sid:84382543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519432)"; flow:established,from_client; content:"GET"; http_method; content:"/msedge.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"c9791c08-f1e4-4402-9510-d04c13c50ea3.selstorage.ru"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519432/; classtype:trojan-activity;sid:84382532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519429)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pubdata/hpsocket4c.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"114.55.106.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519429/; classtype:trojan-activity;sid:84382529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519415)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"c3436037.salamanderprocessing.pages.dev"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519415/; classtype:trojan-activity;sid:84382515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519408)"; flow:established,from_client; content:"GET"; http_method; content:"/rh/setup.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"d3cciiowg5l3jx.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519408/; classtype:trojan-activity;sid:84382508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519404)"; flow:established,from_client; content:"GET"; http_method; content:"/pds/mogimall/giftorder/updater.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"mogimall.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519404/; classtype:trojan-activity;sid:84382504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519392)"; flow:established,from_client; content:"GET"; http_method; content:"/media/video_file/round_setup.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"tapestryoftruth.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519392/; classtype:trojan-activity;sid:84382492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519389)"; flow:established,from_client; content:"GET"; http_method; content:"/cfxre.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"198.50.242.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519389/; classtype:trojan-activity;sid:84382489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519368)"; flow:established,from_client; content:"GET"; http_method; content:"/r0400/yahoodll.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.ss-01.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519368/; classtype:trojan-activity;sid:84382468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519369)"; flow:established,from_client; content:"GET"; http_method; content:"/driveapplet.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"noithaticon.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519369/; classtype:trojan-activity;sid:84382469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519354)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/updates/addmefast%20bot.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519354/; classtype:trojan-activity;sid:84382454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519356)"; flow:established,from_client; content:"GET"; http_method; content:"/nircmd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pub-0478b308b8cf46709a73d0eed5afd633.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519356/; classtype:trojan-activity;sid:84382456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519092)"; flow:established,from_client; content:"GET"; http_method; content:"/pst.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"o24o.ru"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519092/; classtype:trojan-activity;sid:84382192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519066)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-msvc-win64.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519066/; classtype:trojan-activity;sid:84382166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519063)"; flow:established,from_client; content:"GET"; http_method; content:"/vinhuptoday/testbn/raw/refs/heads/main/brbotnet.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519063/; classtype:trojan-activity;sid:84382163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519036)"; flow:established,from_client; content:"GET"; http_method; content:"/tiansys(xp%e4%b8%93%e7%94%a8).exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"fz.tiansys.cn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519036/; classtype:trojan-activity;sid:84382136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519035)"; flow:established,from_client; content:"GET"; http_method; content:"/disbalancer-project/main/releases/latest/download/disbalancer-go-client-windows-386.exe"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519035/; classtype:trojan-activity;sid:84382135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519028)"; flow:established,from_client; content:"GET"; http_method; content:"/uniondown/haozip_tiny.201805.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"download.haozip.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519028/; classtype:trojan-activity;sid:84382128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519027)"; flow:established,from_client; content:"GET"; http_method; content:"/cosmicdevv/icarus-lite/releases/download/v1.1.13/icaruslite-v1.1.13-win.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519027/; classtype:trojan-activity;sid:84382127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519025)"; flow:established,from_client; content:"GET"; http_method; content:"/sebaxakerhtc/rdpwrap/releases/download/v1.8.9.9/rdpw_installer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519025/; classtype:trojan-activity;sid:84382125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519026)"; flow:established,from_client; content:"GET"; http_method; content:"/dax009yt/chilledwindows-gui/releases/download/1.0/chilledwindows.gui.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519026/; classtype:trojan-activity;sid:84382126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519019)"; flow:established,from_client; content:"GET"; http_method; content:"/jackson2323/mohradiant/blob/master/updt.exe|3f|raw=true"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519019/; classtype:trojan-activity;sid:84382119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519020)"; flow:established,from_client; content:"GET"; http_method; content:"/down/pkexu0ytxar3.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"115.159.149.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519020/; classtype:trojan-activity;sid:84382120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519016)"; flow:established,from_client; content:"GET"; http_method; content:"/bol-van/zapret/releases/download/v70.6/zapret-v70.6.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519016/; classtype:trojan-activity;sid:84382116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3518999)"; flow:established,from_client; content:"GET"; http_method; content:"/2590057.s21d-2.faiusrd.com/0/abuiabblgaagytxhtauo1pck0ge.exe|3f|f=ghost%e7%bd%91%e5%85%8b%e9%9a%86%e6%a3%80%e6%b5%8b%e5%b7%a5%e5%85%b7.exe|7c|26|7c|v=1452829385|7c|26|7c|wsiphost=local|7c|26|7c|wsrid_tag=61c52eb2_psmgzjgord1de87_17635-16713"; http_uri; depth:241; isdataat:!1,relative; nocase; content:"157.185.170.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3518999/; classtype:trojan-activity;sid:84382099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519000)"; flow:established,from_client; content:"GET"; http_method; content:"/vexcentry/vex/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519000/; classtype:trojan-activity;sid:84382100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3518861)"; flow:established,from_client; content:"GET"; http_method; content:"/ns3.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3518861/; classtype:trojan-activity;sid:84381961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3518860)"; flow:established,from_client; content:"GET"; http_method; content:"/ns1.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3518860/; classtype:trojan-activity;sid:84381960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3517040)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2.57.122.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3517040/; classtype:trojan-activity;sid:84380140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516658)"; flow:established,from_client; content:"GET"; http_method; content:"/vinhuptoday/testbn/raw/refs/heads/main/brbotnet.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3516658/; classtype:trojan-activity;sid:84379758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.219.49.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3516584/; classtype:trojan-activity;sid:84379684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516013)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.2.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3516013/; classtype:trojan-activity;sid:84379113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515978)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.79.64.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515978/; classtype:trojan-activity;sid:84379078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515922)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.45.253.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515922/; classtype:trojan-activity;sid:84379022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3514570)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hrp9lnasbplclnhppp1abwb1uwv4kdvs"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3514570/; classtype:trojan-activity;sid:84377670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3514066)"; flow:established,from_client; content:"GET"; http_method; content:"/nkminash/my-codd/raw/896d806a9b4569c9c3a275f200ebe7d2ecec5702/snd16061.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3514066/; classtype:trojan-activity;sid:84377166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510901)"; flow:established,from_client; content:"GET"; http_method; content:"/dl16"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510901/; classtype:trojan-activity;sid:84374001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510830)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.200.94.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510830/; classtype:trojan-activity;sid:84373930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509907)"; flow:established,from_client; content:"GET"; http_method; content:"/rahmounben/lc/refs/heads/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509907/; classtype:trojan-activity;sid:84373007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509904)"; flow:established,from_client; content:"GET"; http_method; content:"/justjzero/ahh/refs/heads/main/cloudy.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509904/; classtype:trojan-activity;sid:84373004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509901)"; flow:established,from_client; content:"GET"; http_method; content:"/justjzero/ahh/raw/refs/heads/main/cloudy.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509901/; classtype:trojan-activity;sid:84373001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509872)"; flow:established,from_client; content:"GET"; http_method; content:"/niggedddx/dependenciuesfeife/raw/refs/heads/main/bruterv3.1.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509872/; classtype:trojan-activity;sid:84372972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3507452)"; flow:established,from_client; content:"GET"; http_method; content:"/misterlobster22/mimik/blob/main/mimikatz.exe|3f|raw=true"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_11; reference:url, urlhaus.abuse.ch/url/3507452/; classtype:trojan-activity;sid:84370552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506392)"; flow:established,from_client; content:"GET"; http_method; content:"/deepakmeena2006/lib/6753a65f543afe81079459a8439ec1e0c0a660b4/s86.txt"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506392/; classtype:trojan-activity;sid:84369492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506391)"; flow:established,from_client; content:"GET"; http_method; content:"/deepakmeena2006/lib/6753a65f543afe81079459a8439ec1e0c0a660b4/s64.txt"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506391/; classtype:trojan-activity;sid:84369491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506346)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kcbhxhjt-bdxszgxt1nfnzdt5hpvkwk4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506346/; classtype:trojan-activity;sid:84369446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505672)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1muftth-5lscdi3ovd5vn7sjkeit2h9k1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505672/; classtype:trojan-activity;sid:84368772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505377)"; flow:established,from_client; content:"GET"; http_method; content:"/electrichermit/vegas-pro-version/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505377/; classtype:trojan-activity;sid:84368477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505382)"; flow:established,from_client; content:"GET"; http_method; content:"/ergin3432432/movie-mates/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505382/; classtype:trojan-activity;sid:84368482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505334)"; flow:established,from_client; content:"GET"; http_method; content:"/yumyumdonuts/free-youtube-to-mp3-converter-free/releases/download/1.1.2/freeyoutubetomp3converterfree-1.1.2.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505334/; classtype:trojan-activity;sid:84368434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505313)"; flow:established,from_client; content:"GET"; http_method; content:"/nmattioni/upload/raw/refs/heads/master/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505313/; classtype:trojan-activity;sid:84368413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505307)"; flow:established,from_client; content:"GET"; http_method; content:"/anamesias580/upload/refs/heads/master/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505307/; classtype:trojan-activity;sid:84368407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505305)"; flow:established,from_client; content:"GET"; http_method; content:"/phanu85/upload/raw/refs/heads/master/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505305/; classtype:trojan-activity;sid:84368405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505304)"; flow:established,from_client; content:"GET"; http_method; content:"/pantay/upload/raw/refs/heads/master/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505304/; classtype:trojan-activity;sid:84368404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504713)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.238.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504713/; classtype:trojan-activity;sid:84367813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504260)"; flow:established,from_client; content:"GET"; http_method; content:"/images/acfkgtyuwbbpfexcdoqxk171.bin"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"pfatrivandrum.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504260/; classtype:trojan-activity;sid:84367360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504256)"; flow:established,from_client; content:"GET"; http_method; content:"/images/midafternoon.snp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pfatrivandrum.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504256/; classtype:trojan-activity;sid:84367356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504106)"; flow:established,from_client; content:"GET"; http_method; content:"/fonts/hjdaviyk236.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"pfatrivandrum.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504106/; classtype:trojan-activity;sid:84367206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504105)"; flow:established,from_client; content:"GET"; http_method; content:"/fonts/tuberculinizing.fla"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"pfatrivandrum.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504105/; classtype:trojan-activity;sid:84367205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503657)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.43.17.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_07; reference:url, urlhaus.abuse.ch/url/3503657/; classtype:trojan-activity;sid:84366757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503409)"; flow:established,from_client; content:"GET"; http_method; content:"/tirtekeka/rat-client/zip/refs/heads/main"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_04_07; reference:url, urlhaus.abuse.ch/url/3503409/; classtype:trojan-activity;sid:84366509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503003)"; flow:established,from_client; content:"GET"; http_method; content:"/download/konsol.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"backupso.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_06; reference:url, urlhaus.abuse.ch/url/3503003/; classtype:trojan-activity;sid:84366103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3500891)"; flow:established,from_client; content:"GET"; http_method; content:"/chin/ifjjmktge.mp3"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dcrun.co.uk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_04; reference:url, urlhaus.abuse.ch/url/3500891/; classtype:trojan-activity;sid:84363991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3500747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.185.1.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_04; reference:url, urlhaus.abuse.ch/url/3500747/; classtype:trojan-activity;sid:84363847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3500733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.102.74.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_04; reference:url, urlhaus.abuse.ch/url/3500733/; classtype:trojan-activity;sid:84363833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499993)"; flow:established,from_client; content:"GET"; http_method; content:"/roniel8/apex-no-recoil/releases/download/v2.5.1-alpha.3/apex-no-recoil-v2-5-1-alpha-3.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_03; reference:url, urlhaus.abuse.ch/url/3499993/; classtype:trojan-activity;sid:84363093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499150)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.124.72.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_02; reference:url, urlhaus.abuse.ch/url/3499150/; classtype:trojan-activity;sid:84362250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498482)"; flow:established,from_client; content:"GET"; http_method; content:"/juanbustoss/src/raw/refs/heads/master/application.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498482/; classtype:trojan-activity;sid:84361582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498084)"; flow:established,from_client; content:"GET"; http_method; content:"/shellyacm/imgx/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498084/; classtype:trojan-activity;sid:84361184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498082)"; flow:established,from_client; content:"GET"; http_method; content:"/shellyacm/imgx/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498082/; classtype:trojan-activity;sid:84361182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498070)"; flow:established,from_client; content:"GET"; http_method; content:"/demonsofhe/onion-rings/releases/download/3.1.7/onion-rings-3.1.7.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498070/; classtype:trojan-activity;sid:84361170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498076)"; flow:established,from_client; content:"GET"; http_method; content:"/jxx1234567890jxx/datatransformationchecker/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498076/; classtype:trojan-activity;sid:84361176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498067)"; flow:established,from_client; content:"GET"; http_method; content:"/frank698/localocr/releases/download/v2.3.3/localocr_v2.3.3.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498067/; classtype:trojan-activity;sid:84361167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498056)"; flow:established,from_client; content:"GET"; http_method; content:"/wfeifefeifef/pokemon-crud/releases/download/v1.1/soft.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498056/; classtype:trojan-activity;sid:84361156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498045)"; flow:established,from_client; content:"GET"; http_method; content:"/ushii/weather_app/releases/download/v1.0/installer.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498045/; classtype:trojan-activity;sid:84361145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498047)"; flow:established,from_client; content:"GET"; http_method; content:"/rahulpa045/cphishtermux/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498047/; classtype:trojan-activity;sid:84361147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498050)"; flow:established,from_client; content:"GET"; http_method; content:"/wfeifefeifef/pokemon-crud/releases/download/v1.2/soft.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498050/; classtype:trojan-activity;sid:84361150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498053)"; flow:established,from_client; content:"GET"; http_method; content:"/jxx1234567890jxx/datatransformationchecker/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498053/; classtype:trojan-activity;sid:84361153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498033)"; flow:established,from_client; content:"GET"; http_method; content:"/gamer615/acdsee-photo-studio-professional-download/releases/download/v1.0/software.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498033/; classtype:trojan-activity;sid:84361133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498034)"; flow:established,from_client; content:"GET"; http_method; content:"/ushii/weather_app/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498034/; classtype:trojan-activity;sid:84361134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498036)"; flow:established,from_client; content:"GET"; http_method; content:"/gamer615/acdsee-photo-studio-professional-download/releases/download/v2.0/software.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498036/; classtype:trojan-activity;sid:84361136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498038)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/php-library-system/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498038/; classtype:trojan-activity;sid:84361138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497826)"; flow:established,from_client; content:"GET"; http_method; content:"/itznaviya/hamster-kombat-bot/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497826/; classtype:trojan-activity;sid:84360926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497822)"; flow:established,from_client; content:"GET"; http_method; content:"/itznaviya/hamster-kombat-bot/releases/download/v2.0/program.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497822/; classtype:trojan-activity;sid:84360922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497825)"; flow:established,from_client; content:"GET"; http_method; content:"/itznaviya/hamster-kombat-bot/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497825/; classtype:trojan-activity;sid:84360925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497805)"; flow:established,from_client; content:"GET"; http_method; content:"/ffxjevefi/nix-system-services-hardened/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497805/; classtype:trojan-activity;sid:84360905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497797)"; flow:established,from_client; content:"GET"; http_method; content:"/supreme-snaze/permutations/releases/download/v1.0/program.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497797/; classtype:trojan-activity;sid:84360897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497758)"; flow:established,from_client; content:"GET"; http_method; content:"/repirate/asset-recovery-tool/releases/download/v1.7.6/asset-recovery-tool-v1.7.6.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497758/; classtype:trojan-activity;sid:84360858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497739)"; flow:established,from_client; content:"GET"; http_method; content:"/ander12342/pugdns/releases/download/1.3.1/pugdns_v1.3.1.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497739/; classtype:trojan-activity;sid:84360839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497677)"; flow:established,from_client; content:"GET"; http_method; content:"/devpev777/d/refs/heads/main/r.msi"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497677/; classtype:trojan-activity;sid:84360777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497120)"; flow:established,from_client; content:"GET"; http_method; content:"/dodobaba25/repo/refs/heads/master/s64.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3497120/; classtype:trojan-activity;sid:84360220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497121)"; flow:established,from_client; content:"GET"; http_method; content:"/dodobaba25/repo/refs/heads/master/s86.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3497121/; classtype:trojan-activity;sid:84360221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496952)"; flow:established,from_client; content:"GET"; http_method; content:"/benkku25/assets/raw/41f4f8f16b76af39e1bc3f8024b66010dd2617c7/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496952/; classtype:trojan-activity;sid:84360052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496664)"; flow:established,from_client; content:"GET"; http_method; content:"/syklon99/ai-chatbot-svelte/releases/download/v1.4.9/ai-chatbot-svelte-v1.4.9.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496664/; classtype:trojan-activity;sid:84359764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496662)"; flow:established,from_client; content:"GET"; http_method; content:"/sigarikafat/xeet/releases/download/1.6.4/xeet_v1.6.4.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496662/; classtype:trojan-activity;sid:84359762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496645)"; flow:established,from_client; content:"GET"; http_method; content:"/naoval19/tacos/releases/download/v1.0/program.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496645/; classtype:trojan-activity;sid:84359745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496646)"; flow:established,from_client; content:"GET"; http_method; content:"/naoval19/tacos/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496646/; classtype:trojan-activity;sid:84359746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496631)"; flow:established,from_client; content:"GET"; http_method; content:"/rle123/ai-self-coding-book/releases/download/v1.0/program.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496631/; classtype:trojan-activity;sid:84359731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496594)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidi-crypto/quarkus-openapi-problem/releases/download/v1.4.2/quarkus-openapi-problem-v1.4.2.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496594/; classtype:trojan-activity;sid:84359694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496564)"; flow:established,from_client; content:"GET"; http_method; content:"/stepbox23/assets/60af1f798cc4708a2872a66cebab351e529e43f8/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496564/; classtype:trojan-activity;sid:84359664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496067)"; flow:established,from_client; content:"GET"; http_method; content:"/new_image.jpg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"talentrecruitments.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3496067/; classtype:trojan-activity;sid:84359167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496061)"; flow:established,from_client; content:"GET"; http_method; content:"/eed8989/u/raw/refs/heads/main/ud.bat"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3496061/; classtype:trojan-activity;sid:84359161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496058)"; flow:established,from_client; content:"GET"; http_method; content:"/eed8989/u/raw/main/ud.bat"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3496058/; classtype:trojan-activity;sid:84359158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3495857)"; flow:established,from_client; content:"GET"; http_method; content:"/tsl/downloader.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"tobecation.github.io"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3495857/; classtype:trojan-activity;sid:84358957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494818)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_29; reference:url, urlhaus.abuse.ch/url/3494818/; classtype:trojan-activity;sid:84357918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494816)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_29; reference:url, urlhaus.abuse.ch/url/3494816/; classtype:trojan-activity;sid:84357916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494793)"; flow:established,from_client; content:"GET"; http_method; content:"/dl20"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_29; reference:url, urlhaus.abuse.ch/url/3494793/; classtype:trojan-activity;sid:84357893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494037)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3494037/; classtype:trojan-activity;sid:84357137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494038)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3494038/; classtype:trojan-activity;sid:84357138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494039)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3494039/; classtype:trojan-activity;sid:84357139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494040)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3494040/; classtype:trojan-activity;sid:84357140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494041)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3494041/; classtype:trojan-activity;sid:84357141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494042)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3494042/; classtype:trojan-activity;sid:84357142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494043)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3494043/; classtype:trojan-activity;sid:84357143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494044)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3494044/; classtype:trojan-activity;sid:84357144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494045)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3494045/; classtype:trojan-activity;sid:84357145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494046)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.187.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3494046/; classtype:trojan-activity;sid:84357146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493608)"; flow:established,from_client; content:"GET"; http_method; content:"/aussieonzaza/assets/refs/heads/master/launcher.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3493608/; classtype:trojan-activity;sid:84356708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493604)"; flow:established,from_client; content:"GET"; http_method; content:"/rafael1679/assets/raw/refs/heads/master/launcher.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3493604/; classtype:trojan-activity;sid:84356704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492622)"; flow:established,from_client; content:"GET"; http_method; content:"/abdeu-cpu/coap-mqtt-encryption/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492622/; classtype:trojan-activity;sid:84355722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492611)"; flow:established,from_client; content:"GET"; http_method; content:"/forzon96/cataclismo/releases/download/1.4.6/cataclismo_1.4.6.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492611/; classtype:trojan-activity;sid:84355711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492613)"; flow:established,from_client; content:"GET"; http_method; content:"/mjunaid87/tokenset/releases/download/v2.8.1/tokenset.v2.8.1.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492613/; classtype:trojan-activity;sid:84355713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492608)"; flow:established,from_client; content:"GET"; http_method; content:"/joacokia/oopd/releases/download/bretschneideraceae/oopd_bretschneideraceae.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492608/; classtype:trojan-activity;sid:84355708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492600)"; flow:established,from_client; content:"GET"; http_method; content:"/mardecilnonp568/assasin-creed-shadows/releases/download/v2.7.5/assassin-creed-shadows-v2.7.5.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492600/; classtype:trojan-activity;sid:84355700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492563)"; flow:established,from_client; content:"GET"; http_method; content:"/reninstem/productlisting/releases/download/2.6.1/productlisting-2.6.1.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492563/; classtype:trojan-activity;sid:84355663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492224)"; flow:established,from_client; content:"GET"; http_method; content:"/lordland929on6/1ab-phantasystaronline2b/releases/download/p7ew0zthra/156qeiu3fhnohcj2.rar"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492224/; classtype:trojan-activity;sid:84355324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492188)"; flow:established,from_client; content:"GET"; http_method; content:"/eding442gfm/1ar-bladeandsoulr/releases/download/4sd7l2qydh/37uji8i2.rar"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492188/; classtype:trojan-activity;sid:84355288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492186)"; flow:established,from_client; content:"GET"; http_method; content:"/eding442gfm/1ax-bladeandsoulx/releases/download/n6seqop1o4/q.rar"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492186/; classtype:trojan-activity;sid:84355286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492168)"; flow:established,from_client; content:"GET"; http_method; content:"/howlux40worthyfp4h/1af-starwars-theoldrepublicf/releases/download/j0ndd81djg/eskf6bqczzc2j.rar"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492168/; classtype:trojan-activity;sid:84355268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492160)"; flow:established,from_client; content:"GET"; http_method; content:"/uragon005/ai-chatbot-svelte/releases/download/v2.4.5/ai-chatbot-svelte_v2.4.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492160/; classtype:trojan-activity;sid:84355260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492135)"; flow:established,from_client; content:"GET"; http_method; content:"/abdeguay/seed-phrase-generator/releases/download/v1.0/release.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492135/; classtype:trojan-activity;sid:84355235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492134)"; flow:established,from_client; content:"GET"; http_method; content:"/abdeguay/seed-phrase-generator/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492134/; classtype:trojan-activity;sid:84355234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492056)"; flow:established,from_client; content:"GET"; http_method; content:"/aussieonzaza/assets/raw/refs/heads/master/launcher.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492056/; classtype:trojan-activity;sid:84355156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490432)"; flow:established,from_client; content:"GET"; http_method; content:"/phamkhanhhung208/assets/refs/heads/master/launcher.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490432/; classtype:trojan-activity;sid:84353532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490427)"; flow:established,from_client; content:"GET"; http_method; content:"/rafael1679/assets/refs/heads/master/launcher.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490427/; classtype:trojan-activity;sid:84353527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490409)"; flow:established,from_client; content:"GET"; http_method; content:"/beast2122006/assignment/238415a963aab57f18fd2c2ef60995d7c0b39fe0/library.txt"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490409/; classtype:trojan-activity;sid:84353509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490350)"; flow:established,from_client; content:"GET"; http_method; content:"/ilganrat342/dertyom/refs/heads/main/setup.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490350/; classtype:trojan-activity;sid:84353450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490349)"; flow:established,from_client; content:"GET"; http_method; content:"/rh/setup.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"d3cciiowg5l3jx.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490349/; classtype:trojan-activity;sid:84353449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490313)"; flow:established,from_client; content:"GET"; http_method; content:"/kammywammyman/boyboy/main/chromeupdate.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490313/; classtype:trojan-activity;sid:84353413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490294)"; flow:established,from_client; content:"GET"; http_method; content:"/tacocat2222/materia-fivem/refs/heads/main/loader.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490294/; classtype:trojan-activity;sid:84353394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490235)"; flow:established,from_client; content:"GET"; http_method; content:"/dl18"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490235/; classtype:trojan-activity;sid:84353335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489509)"; flow:established,from_client; content:"GET"; http_method; content:"/aldenpogznet22/hamster-bot/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489509/; classtype:trojan-activity;sid:84352609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489508)"; flow:established,from_client; content:"GET"; http_method; content:"/worakom99/carbon-executor/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489508/; classtype:trojan-activity;sid:84352608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489502)"; flow:established,from_client; content:"GET"; http_method; content:"/thurynw/uoffice_library_uot/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489502/; classtype:trojan-activity;sid:84352602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489501)"; flow:established,from_client; content:"GET"; http_method; content:"/jamescarlzafra/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489501/; classtype:trojan-activity;sid:84352601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489474)"; flow:established,from_client; content:"GET"; http_method; content:"/toanminh2004/duan1/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489474/; classtype:trojan-activity;sid:84352574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489476)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/loco/releases/download/v1.0/application.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489476/; classtype:trojan-activity;sid:84352576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489478)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/loco/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489478/; classtype:trojan-activity;sid:84352578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489479)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-2/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489479/; classtype:trojan-activity;sid:84352579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489480)"; flow:established,from_client; content:"GET"; http_method; content:"/cistelsa/predictive-sentiment-analysis-of-twitter-for-btc/releases/download/v1.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489480/; classtype:trojan-activity;sid:84352580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489481)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-proxytv/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489481/; classtype:trojan-activity;sid:84352581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489471)"; flow:established,from_client; content:"GET"; http_method; content:"/cistelsa/predictive-sentiment-analysis-of-twitter-for-btc/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489471/; classtype:trojan-activity;sid:84352571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489472)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-proxytv/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489472/; classtype:trojan-activity;sid:84352572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489473)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-2/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489473/; classtype:trojan-activity;sid:84352573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489333)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/new/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489333/; classtype:trojan-activity;sid:84352433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489336)"; flow:established,from_client; content:"GET"; http_method; content:"/akashnilrecovered/text-formatting-crash-course/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489336/; classtype:trojan-activity;sid:84352436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489340)"; flow:established,from_client; content:"GET"; http_method; content:"/akashnilrecovered/text-formatting-crash-course/releases/download/v1.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489340/; classtype:trojan-activity;sid:84352440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489331)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/new/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489331/; classtype:trojan-activity;sid:84352431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489310)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-authentication-breeze/releases/download/v1.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489310/; classtype:trojan-activity;sid:84352410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489313)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/githubtutorial/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489313/; classtype:trojan-activity;sid:84352413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489314)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-authentication-breeze/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489314/; classtype:trojan-activity;sid:84352414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489315)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/fortify-auth-laravel/releases/download/v1.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489315/; classtype:trojan-activity;sid:84352415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489317)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/newlaravel/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489317/; classtype:trojan-activity;sid:84352417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489307)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/fortify-auth-laravel/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489307/; classtype:trojan-activity;sid:84352407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489308)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/book-e-commerce/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489308/; classtype:trojan-activity;sid:84352408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489300)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/book-e-commerce/releases/download/v1.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489300/; classtype:trojan-activity;sid:84352400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489303)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/newlaravel/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489303/; classtype:trojan-activity;sid:84352403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489274)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/frontendmentor/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489274/; classtype:trojan-activity;sid:84352374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489275)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/ui-package-email-verify/releases/download/v2.0/software.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489275/; classtype:trojan-activity;sid:84352375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489280)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/frontendmentor/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489280/; classtype:trojan-activity;sid:84352380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489288)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/ui-package-email-verify/releases/download/v1.0/software.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489288/; classtype:trojan-activity;sid:84352388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489266)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bootable_recovery/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489266/; classtype:trojan-activity;sid:84352366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489265)"; flow:established,from_client; content:"GET"; http_method; content:"/hackslash-nitp/healthcare-web-page/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489265/; classtype:trojan-activity;sid:84352365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489263)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinycompress/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489263/; classtype:trojan-activity;sid:84352363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489264)"; flow:established,from_client; content:"GET"; http_method; content:"/amandwivedi0/device_xiaomi_santoni/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489264/; classtype:trojan-activity;sid:84352364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489247)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_build/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489247/; classtype:trojan-activity;sid:84352347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489248)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_json-c/releases/download/v1.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489248/; classtype:trojan-activity;sid:84352348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489251)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-ecommerce-project/releases/download/v1.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489251/; classtype:trojan-activity;sid:84352351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489252)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinycompress/releases/download/v1.0/application.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489252/; classtype:trojan-activity;sid:84352352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489253)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_build/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489253/; classtype:trojan-activity;sid:84352353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489255)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_selinux/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489255/; classtype:trojan-activity;sid:84352355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489256)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_json-c/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489256/; classtype:trojan-activity;sid:84352356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489260)"; flow:established,from_client; content:"GET"; http_method; content:"/amandwivedi0/device_xiaomi_santoni/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489260/; classtype:trojan-activity;sid:84352360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489261)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinyxml/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489261/; classtype:trojan-activity;sid:84352361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489231)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_sqlite/releases/download/v1.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489231/; classtype:trojan-activity;sid:84352331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489232)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bootable_recovery/releases/download/v1.0/application.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489232/; classtype:trojan-activity;sid:84352332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489240)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bionic/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489240/; classtype:trojan-activity;sid:84352340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489242)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_sqlite/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489242/; classtype:trojan-activity;sid:84352342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489243)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-ecommerce-project/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489243/; classtype:trojan-activity;sid:84352343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489227)"; flow:established,from_client; content:"GET"; http_method; content:"/ambassadorscoders/togonon_motiv.poster/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489227/; classtype:trojan-activity;sid:84352327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489228)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bionic/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489228/; classtype:trojan-activity;sid:84352328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489214)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/12-03assignment/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489214/; classtype:trojan-activity;sid:84352314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489215)"; flow:established,from_client; content:"GET"; http_method; content:"/cvm010/nucleus/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489215/; classtype:trojan-activity;sid:84352315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489218)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/eltrapico2/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489218/; classtype:trojan-activity;sid:84352318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489219)"; flow:established,from_client; content:"GET"; http_method; content:"/puram-supriya/amazon/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489219/; classtype:trojan-activity;sid:84352319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489205)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/fri-app/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489205/; classtype:trojan-activity;sid:84352305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489207)"; flow:established,from_client; content:"GET"; http_method; content:"/puram-supriya/ecommerce/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489207/; classtype:trojan-activity;sid:84352307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489211)"; flow:established,from_client; content:"GET"; http_method; content:"/student-chicken/fit-track-goal-progress/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489211/; classtype:trojan-activity;sid:84352311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489212)"; flow:established,from_client; content:"GET"; http_method; content:"/puram-supriya/resume/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489212/; classtype:trojan-activity;sid:84352312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489202)"; flow:established,from_client; content:"GET"; http_method; content:"/cvm010/movie/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489202/; classtype:trojan-activity;sid:84352302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489203)"; flow:established,from_client; content:"GET"; http_method; content:"/vernaloqui/farmer-shubreact/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489203/; classtype:trojan-activity;sid:84352303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489173)"; flow:established,from_client; content:"GET"; http_method; content:"/boomerxd69/fixing-error-0xc00000ba/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489173/; classtype:trojan-activity;sid:84352273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489171)"; flow:established,from_client; content:"GET"; http_method; content:"/matimazzia/worldgame-web/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489171/; classtype:trojan-activity;sid:84352271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489155)"; flow:established,from_client; content:"GET"; http_method; content:"/yosif9999/hamster-clicker/releases/download/v3.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489155/; classtype:trojan-activity;sid:84352255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489151)"; flow:established,from_client; content:"GET"; http_method; content:"/yosif9999/hamster-clicker/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489151/; classtype:trojan-activity;sid:84352251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489127)"; flow:established,from_client; content:"GET"; http_method; content:"/drankrych/fakebtcsend/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489127/; classtype:trojan-activity;sid:84352227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489128)"; flow:established,from_client; content:"GET"; http_method; content:"/atom3dx/array-base-scatter-filled/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489128/; classtype:trojan-activity;sid:84352228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489129)"; flow:established,from_client; content:"GET"; http_method; content:"/bluecheatah123/apex/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489129/; classtype:trojan-activity;sid:84352229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489131)"; flow:established,from_client; content:"GET"; http_method; content:"/lethanhdat0403/earnorm/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489131/; classtype:trojan-activity;sid:84352231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489135)"; flow:established,from_client; content:"GET"; http_method; content:"/firematheo00x/chat-app-mern/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489135/; classtype:trojan-activity;sid:84352235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489137)"; flow:established,from_client; content:"GET"; http_method; content:"/monyigamer/bliss_browser_janet/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489137/; classtype:trojan-activity;sid:84352237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489118)"; flow:established,from_client; content:"GET"; http_method; content:"/monyigamer/bliss_browser_janet/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489118/; classtype:trojan-activity;sid:84352218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489120)"; flow:established,from_client; content:"GET"; http_method; content:"/firematheo00x/chat-app-mern/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489120/; classtype:trojan-activity;sid:84352220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489090)"; flow:established,from_client; content:"GET"; http_method; content:"/lilanders123/act/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489090/; classtype:trojan-activity;sid:84352190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489088)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/project-hub/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489088/; classtype:trojan-activity;sid:84352188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489083)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/project-hub/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489083/; classtype:trojan-activity;sid:84352183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489063)"; flow:established,from_client; content:"GET"; http_method; content:"/basterfg/myproject/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489063/; classtype:trojan-activity;sid:84352163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489054)"; flow:established,from_client; content:"GET"; http_method; content:"/booody123/manual-brick-breaker/releases/download/v1.0/program.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489054/; classtype:trojan-activity;sid:84352154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489049)"; flow:established,from_client; content:"GET"; http_method; content:"/basterfg/myproject/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489049/; classtype:trojan-activity;sid:84352149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489047)"; flow:established,from_client; content:"GET"; http_method; content:"/booody123/manual-brick-breaker/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489047/; classtype:trojan-activity;sid:84352147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489032)"; flow:established,from_client; content:"GET"; http_method; content:"/pedrokax/webscraper-to-identify-which-girls-and-how-many-of-them-my-boyfriend-follows-on-github/releases/download/v1.0/application.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489032/; classtype:trojan-activity;sid:84352132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489035)"; flow:established,from_client; content:"GET"; http_method; content:"/nash-abella/organization-service/releases/download/v1.0.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489035/; classtype:trojan-activity;sid:84352135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489027)"; flow:established,from_client; content:"GET"; http_method; content:"/nash-abella/organization-service/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489027/; classtype:trojan-activity;sid:84352127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489028)"; flow:established,from_client; content:"GET"; http_method; content:"/pedrokax/webscraper-to-identify-which-girls-and-how-many-of-them-my-boyfriend-follows-on-github/releases/download/v2.0/software.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489028/; classtype:trojan-activity;sid:84352128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489020)"; flow:established,from_client; content:"GET"; http_method; content:"/tailstheflyingfox/subghost/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489020/; classtype:trojan-activity;sid:84352120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488996)"; flow:established,from_client; content:"GET"; http_method; content:"/majorclient/html-crypto-currency-chart-snippets/releases/download/v2.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488996/; classtype:trojan-activity;sid:84352096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489002)"; flow:established,from_client; content:"GET"; http_method; content:"/whathedogding/bitpay-crypto-signal-trading-bot-analysis-signal-masters-trading-crypto/releases/download/v1.0/release.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489002/; classtype:trojan-activity;sid:84352102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489003)"; flow:established,from_client; content:"GET"; http_method; content:"/tailstheflyingfox/subghost/releases/download/v1.0/release.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489003/; classtype:trojan-activity;sid:84352103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489004)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v1.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489004/; classtype:trojan-activity;sid:84352104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489006)"; flow:established,from_client; content:"GET"; http_method; content:"/seiolonmsk/contextindent.nvim/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489006/; classtype:trojan-activity;sid:84352106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489009)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclearcatlegit/simple_bank/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489009/; classtype:trojan-activity;sid:84352109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489010)"; flow:established,from_client; content:"GET"; http_method; content:"/seiolonmsk/contextindent.nvim/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489010/; classtype:trojan-activity;sid:84352110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489011)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v1.0/program.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489011/; classtype:trojan-activity;sid:84352111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489014)"; flow:established,from_client; content:"GET"; http_method; content:"/whathedogding/bitpay-crypto-signal-trading-bot-analysis-signal-masters-trading-crypto/releases/download/v2.0/software.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489014/; classtype:trojan-activity;sid:84352114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489015)"; flow:established,from_client; content:"GET"; http_method; content:"/naiahahah/musicbox/releases/download/v1.0/release.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489015/; classtype:trojan-activity;sid:84352115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488994)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclearcatlegit/simple_bank/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488994/; classtype:trojan-activity;sid:84352094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488995)"; flow:established,from_client; content:"GET"; http_method; content:"/seiolonmsk/contextindent.nvim/releases/download/v1.0/program.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488995/; classtype:trojan-activity;sid:84352095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488983)"; flow:established,from_client; content:"GET"; http_method; content:"/majorclient/html-crypto-currency-chart-snippets/releases/download/v1.0/release.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488983/; classtype:trojan-activity;sid:84352083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488966)"; flow:established,from_client; content:"GET"; http_method; content:"/peloixitu35/javascript-questions-pro/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488966/; classtype:trojan-activity;sid:84352066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488969)"; flow:established,from_client; content:"GET"; http_method; content:"/peloixitu35/javascript-questions-pro/releases/download/v1.0/program.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488969/; classtype:trojan-activity;sid:84352069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488950)"; flow:established,from_client; content:"GET"; http_method; content:"/konnuyu/0xbuilder/releases/download/v1.0/release_x64.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488950/; classtype:trojan-activity;sid:84352050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488940)"; flow:established,from_client; content:"GET"; http_method; content:"/finn9633/batchgenie/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488940/; classtype:trojan-activity;sid:84352040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488941)"; flow:established,from_client; content:"GET"; http_method; content:"/konnuyu/0xbuilder/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488941/; classtype:trojan-activity;sid:84352041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488943)"; flow:established,from_client; content:"GET"; http_method; content:"/rakkunsatura/p.e.n.i.s./releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488943/; classtype:trojan-activity;sid:84352043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488945)"; flow:established,from_client; content:"GET"; http_method; content:"/thiagx08/bue-introduction-to-programming-and-problem-solving/releases/download/v1.0/release_x64.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488945/; classtype:trojan-activity;sid:84352045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488946)"; flow:established,from_client; content:"GET"; http_method; content:"/thiagx08/bue-introduction-to-programming-and-problem-solving/releases/download/v2.0/software.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488946/; classtype:trojan-activity;sid:84352046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488890)"; flow:established,from_client; content:"GET"; http_method; content:"/samix151210/ndarray-base-normalize-indices/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488890/; classtype:trojan-activity;sid:84351990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488880)"; flow:established,from_client; content:"GET"; http_method; content:"/asdadadsaasdsadas991/database-project/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488880/; classtype:trojan-activity;sid:84351980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488874)"; flow:established,from_client; content:"GET"; http_method; content:"/merosegamerx/pizza_webapp/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488874/; classtype:trojan-activity;sid:84351974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488879)"; flow:established,from_client; content:"GET"; http_method; content:"/merosegamerx/pizza_webapp/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488879/; classtype:trojan-activity;sid:84351979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488850)"; flow:established,from_client; content:"GET"; http_method; content:"/kleteee/injectra/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488850/; classtype:trojan-activity;sid:84351950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488821)"; flow:established,from_client; content:"GET"; http_method; content:"/feelingfishy/challenge-backend-anotaai/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488821/; classtype:trojan-activity;sid:84351921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488822)"; flow:established,from_client; content:"GET"; http_method; content:"/nsgaming999/lottery/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488822/; classtype:trojan-activity;sid:84351922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488799)"; flow:established,from_client; content:"GET"; http_method; content:"/ruka232323/network-traffic-visualizer/releases/download/v1.0/application.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488799/; classtype:trojan-activity;sid:84351899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488800)"; flow:established,from_client; content:"GET"; http_method; content:"/feelingfishy/challenge-backend-anotaai/releases/download/v1.0/application.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488800/; classtype:trojan-activity;sid:84351900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488802)"; flow:established,from_client; content:"GET"; http_method; content:"/ruka232323/network-traffic-visualizer/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488802/; classtype:trojan-activity;sid:84351902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488806)"; flow:established,from_client; content:"GET"; http_method; content:"/pietro152/tgbot-for-orders/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488806/; classtype:trojan-activity;sid:84351906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488793)"; flow:established,from_client; content:"GET"; http_method; content:"/nsgaming999/lottery/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488793/; classtype:trojan-activity;sid:84351893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488795)"; flow:established,from_client; content:"GET"; http_method; content:"/pietro152/tgbot-for-orders/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488795/; classtype:trojan-activity;sid:84351895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488779)"; flow:established,from_client; content:"GET"; http_method; content:"/hza3o/covid-19_dashboard/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488779/; classtype:trojan-activity;sid:84351879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488780)"; flow:established,from_client; content:"GET"; http_method; content:"/hza3o/covid-19_dashboard/releases/download/v1.0.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488780/; classtype:trojan-activity;sid:84351880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488765)"; flow:established,from_client; content:"GET"; http_method; content:"/1set-t/ai-model/releases/download/v1.0.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488765/; classtype:trojan-activity;sid:84351865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488758)"; flow:established,from_client; content:"GET"; http_method; content:"/1set-t/ai-model/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488758/; classtype:trojan-activity;sid:84351858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488755)"; flow:established,from_client; content:"GET"; http_method; content:"/mah-22/room-occupancy-prediction-using-environmental-sensor-data/releases/download/v1.0/application.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488755/; classtype:trojan-activity;sid:84351855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488746)"; flow:established,from_client; content:"GET"; http_method; content:"/mah-22/room-occupancy-prediction-using-environmental-sensor-data/releases/download/v2.0/software.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488746/; classtype:trojan-activity;sid:84351846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488751)"; flow:established,from_client; content:"GET"; http_method; content:"/serbianty/eureka-framework/releases/download/v1.0/soft.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488751/; classtype:trojan-activity;sid:84351851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488752)"; flow:established,from_client; content:"GET"; http_method; content:"/serbianty/eureka-framework/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488752/; classtype:trojan-activity;sid:84351852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488729)"; flow:established,from_client; content:"GET"; http_method; content:"/jaylnjohnart/vertex-ai-chat-prompting-tablular-data-bq/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488729/; classtype:trojan-activity;sid:84351829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488730)"; flow:established,from_client; content:"GET"; http_method; content:"/mrx-slayer/ai-resume-parser/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488730/; classtype:trojan-activity;sid:84351830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488732)"; flow:established,from_client; content:"GET"; http_method; content:"/mrx-slayer/ai-resume-parser/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488732/; classtype:trojan-activity;sid:84351832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488733)"; flow:established,from_client; content:"GET"; http_method; content:"/papajszef/web-devapp/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488733/; classtype:trojan-activity;sid:84351833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488734)"; flow:established,from_client; content:"GET"; http_method; content:"/gopuatop100/badan-hukum/releases/download/v1.0/release.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488734/; classtype:trojan-activity;sid:84351834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488735)"; flow:established,from_client; content:"GET"; http_method; content:"/jobetsison/working-with-form-validation-in-an-asp.net-core-rich-text-editor/releases/download/v1.0/program.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488735/; classtype:trojan-activity;sid:84351835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488736)"; flow:established,from_client; content:"GET"; http_method; content:"/papajszef/web-devapp/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488736/; classtype:trojan-activity;sid:84351836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488739)"; flow:established,from_client; content:"GET"; http_method; content:"/mrx-slayer/ai-resume-parser/releases/download/v1.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488739/; classtype:trojan-activity;sid:84351839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488740)"; flow:established,from_client; content:"GET"; http_method; content:"/as3dyasen/portfolio/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488740/; classtype:trojan-activity;sid:84351840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488742)"; flow:established,from_client; content:"GET"; http_method; content:"/as3dyasen/portfolio/releases/download/v1.0/release.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488742/; classtype:trojan-activity;sid:84351842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488725)"; flow:established,from_client; content:"GET"; http_method; content:"/gopuatop100/badan-hukum/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488725/; classtype:trojan-activity;sid:84351825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488728)"; flow:established,from_client; content:"GET"; http_method; content:"/jobetsison/working-with-form-validation-in-an-asp.net-core-rich-text-editor/releases/download/v2.0/software.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488728/; classtype:trojan-activity;sid:84351828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488722)"; flow:established,from_client; content:"GET"; http_method; content:"/jaylnjohnart/vertex-ai-chat-prompting-tablular-data-bq/releases/download/v1.0/program.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488722/; classtype:trojan-activity;sid:84351822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488723)"; flow:established,from_client; content:"GET"; http_method; content:"/papajszef/web-devapp/releases/download/v1.0/program.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488723/; classtype:trojan-activity;sid:84351823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488720)"; flow:established,from_client; content:"GET"; http_method; content:"/azw1/suction-funnel-for-bosch-click-clean-system/releases/download/v1.0/program.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488720/; classtype:trojan-activity;sid:84351820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488711)"; flow:established,from_client; content:"GET"; http_method; content:"/zrty456/web-development-project-2/releases/download/v1.0/program.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488711/; classtype:trojan-activity;sid:84351811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488712)"; flow:established,from_client; content:"GET"; http_method; content:"/tekin441/urban_company_clone/releases/download/v1.0/program.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488712/; classtype:trojan-activity;sid:84351812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488713)"; flow:established,from_client; content:"GET"; http_method; content:"/tekin441/urban_company_clone/releases/download/v1.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488713/; classtype:trojan-activity;sid:84351813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488714)"; flow:established,from_client; content:"GET"; http_method; content:"/flameoptics/xkucoinbot-script-autoclicker/releases/download/v1.0/program.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488714/; classtype:trojan-activity;sid:84351814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488716)"; flow:established,from_client; content:"GET"; http_method; content:"/flameoptics/xkucoinbot-script-autoclicker/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488716/; classtype:trojan-activity;sid:84351816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488717)"; flow:established,from_client; content:"GET"; http_method; content:"/psxdupes028/comfyui-bs_kokoro-onnx/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488717/; classtype:trojan-activity;sid:84351817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488706)"; flow:established,from_client; content:"GET"; http_method; content:"/zrty456/web-development-project-2/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488706/; classtype:trojan-activity;sid:84351806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488708)"; flow:established,from_client; content:"GET"; http_method; content:"/azw1/suction-funnel-for-bosch-click-clean-system/releases/download/v1.0/application.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488708/; classtype:trojan-activity;sid:84351808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488702)"; flow:established,from_client; content:"GET"; http_method; content:"/tekin441/urban_company_clone/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488702/; classtype:trojan-activity;sid:84351802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488703)"; flow:established,from_client; content:"GET"; http_method; content:"/azw1/suction-funnel-for-bosch-click-clean-system/releases/download/v2.0/software.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488703/; classtype:trojan-activity;sid:84351803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488704)"; flow:established,from_client; content:"GET"; http_method; content:"/psxdupes028/comfyui-bs_kokoro-onnx/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488704/; classtype:trojan-activity;sid:84351804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488699)"; flow:established,from_client; content:"GET"; http_method; content:"/psxdupes028/comfyui-bs_kokoro-onnx/releases/download/v1.0/program.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488699/; classtype:trojan-activity;sid:84351799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488684)"; flow:established,from_client; content:"GET"; http_method; content:"/antonio12gkn71/underlayer/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488684/; classtype:trojan-activity;sid:84351784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488686)"; flow:established,from_client; content:"GET"; http_method; content:"/sundarlalji/autoimport/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488686/; classtype:trojan-activity;sid:84351786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488682)"; flow:established,from_client; content:"GET"; http_method; content:"/sundarlalji/autoimport/releases/download/v1.0.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488682/; classtype:trojan-activity;sid:84351782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488679)"; flow:established,from_client; content:"GET"; http_method; content:"/antonio12gkn71/underlayer/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488679/; classtype:trojan-activity;sid:84351779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488673)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/lauth/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488673/; classtype:trojan-activity;sid:84351773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488674)"; flow:established,from_client; content:"GET"; http_method; content:"/hadesxyzz/baichuan-m1-14b/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488674/; classtype:trojan-activity;sid:84351774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488663)"; flow:established,from_client; content:"GET"; http_method; content:"/hadesxyzz/baichuan-m1-14b/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488663/; classtype:trojan-activity;sid:84351763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488666)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/lauth/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488666/; classtype:trojan-activity;sid:84351766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488647)"; flow:established,from_client; content:"GET"; http_method; content:"/muum1209/couplers/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488647/; classtype:trojan-activity;sid:84351747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488649)"; flow:established,from_client; content:"GET"; http_method; content:"/muum1209/couplers/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488649/; classtype:trojan-activity;sid:84351749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488654)"; flow:established,from_client; content:"GET"; http_method; content:"/npcgamingyt-thegoat/telegram-robot-handler/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488654/; classtype:trojan-activity;sid:84351754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488643)"; flow:established,from_client; content:"GET"; http_method; content:"/npcgamingyt-thegoat/telegram-robot-handler/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488643/; classtype:trojan-activity;sid:84351743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488636)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18630095/software.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488636/; classtype:trojan-activity;sid:84351736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488637)"; flow:established,from_client; content:"GET"; http_method; content:"/ericsribas/linux-studies/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488637/; classtype:trojan-activity;sid:84351737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488632)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18630095/software.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488632/; classtype:trojan-activity;sid:84351732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488620)"; flow:established,from_client; content:"GET"; http_method; content:"/saninmysore/aws-face-recognition/releases/download/v1.0/software.zip/"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488620/; classtype:trojan-activity;sid:84351720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488599)"; flow:established,from_client; content:"GET"; http_method; content:"/ericsribas/linux-studies/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488599/; classtype:trojan-activity;sid:84351699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488602)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v1.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488602/; classtype:trojan-activity;sid:84351702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488606)"; flow:established,from_client; content:"GET"; http_method; content:"/bryandejesusrt/reconocimiento-de-placas-con-ia-bytecoders/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488606/; classtype:trojan-activity;sid:84351706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488608)"; flow:established,from_client; content:"GET"; http_method; content:"/boomerxd69/amog-os-lts/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488608/; classtype:trojan-activity;sid:84351708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488614)"; flow:established,from_client; content:"GET"; http_method; content:"/kasonsh2450/bananan-shooter-hack-interna-/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488614/; classtype:trojan-activity;sid:84351714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488615)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18722098/application.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488615/; classtype:trojan-activity;sid:84351715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488595)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18722098/application.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488595/; classtype:trojan-activity;sid:84351695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488549)"; flow:established,from_client; content:"GET"; http_method; content:"/toe2132313/zorvex-cat/releases/download/v1.0/software.zip/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488549/; classtype:trojan-activity;sid:84351649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488550)"; flow:established,from_client; content:"GET"; http_method; content:"/xaviertya/.dotfiles/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488550/; classtype:trojan-activity;sid:84351650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488552)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488552/; classtype:trojan-activity;sid:84351652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488555)"; flow:established,from_client; content:"GET"; http_method; content:"/naiahahah/musicbox/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488555/; classtype:trojan-activity;sid:84351655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488533)"; flow:established,from_client; content:"GET"; http_method; content:"/xaviertya/.dotfiles/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488533/; classtype:trojan-activity;sid:84351633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488537)"; flow:established,from_client; content:"GET"; http_method; content:"/aufahuhs/advanced-machine-learning-personal-project/releases/download/v1.0/software.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488537/; classtype:trojan-activity;sid:84351637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488543)"; flow:established,from_client; content:"GET"; http_method; content:"/ggusercool/pancakeswapbnbprediction/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488543/; classtype:trojan-activity;sid:84351643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488511)"; flow:established,from_client; content:"GET"; http_method; content:"/12301530/pump-fun-frontend/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488511/; classtype:trojan-activity;sid:84351611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488505)"; flow:established,from_client; content:"GET"; http_method; content:"/huizuohaode/ai-image-generator/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488505/; classtype:trojan-activity;sid:84351605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488477)"; flow:established,from_client; content:"GET"; http_method; content:"/giiyu12/codex-roblox/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488477/; classtype:trojan-activity;sid:84351577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488478)"; flow:established,from_client; content:"GET"; http_method; content:"/rahulpa045/cphishtermux/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488478/; classtype:trojan-activity;sid:84351578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488483)"; flow:established,from_client; content:"GET"; http_method; content:"/davinjoeevano/batch-project-scaffolds/releases/download/v2.0/software.zip/"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488483/; classtype:trojan-activity;sid:84351583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488487)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488487/; classtype:trojan-activity;sid:84351587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488488)"; flow:established,from_client; content:"GET"; http_method; content:"/bashspicerb/quasarrat-remote-access-tool/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488488/; classtype:trojan-activity;sid:84351588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488492)"; flow:established,from_client; content:"GET"; http_method; content:"/cartervr/taxdatabase-sql-tableau/releases/download/v2.0/software.zip/"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488492/; classtype:trojan-activity;sid:84351592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488496)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/githubtutorial/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488496/; classtype:trojan-activity;sid:84351596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488497)"; flow:established,from_client; content:"GET"; http_method; content:"/globalnewsory/layeredge-auto-bot/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488497/; classtype:trojan-activity;sid:84351597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488501)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinyxml/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488501/; classtype:trojan-activity;sid:84351601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488470)"; flow:established,from_client; content:"GET"; http_method; content:"/muterfree/nexus-roblox/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488470/; classtype:trojan-activity;sid:84351570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488471)"; flow:established,from_client; content:"GET"; http_method; content:"/agr1us/roblox-oxygen/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488471/; classtype:trojan-activity;sid:84351571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488460)"; flow:established,from_client; content:"GET"; http_method; content:"/loudwens/displayindex/releases/download/v2.0/software.zip/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488460/; classtype:trojan-activity;sid:84351560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488441)"; flow:established,from_client; content:"GET"; http_method; content:"/pufferfish420/fixing-error-0x8007000e/releases/download/v2.0/program.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488441/; classtype:trojan-activity;sid:84351541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488443)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v2.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488443/; classtype:trojan-activity;sid:84351543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488436)"; flow:established,from_client; content:"GET"; http_method; content:"/elijahhx/dead1ock-h4ck/releases/download/v2.0/program.zip/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488436/; classtype:trojan-activity;sid:84351536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488433)"; flow:established,from_client; content:"GET"; http_method; content:"/elijahhx/dead1ock-h4ck/releases/download/v2.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488433/; classtype:trojan-activity;sid:84351533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488426)"; flow:established,from_client; content:"GET"; http_method; content:"/rag7720/coretech-solutions-custom-odoo-module/releases/download/v1.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488426/; classtype:trojan-activity;sid:84351526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488425)"; flow:established,from_client; content:"GET"; http_method; content:"/rag7720/coretech-solutions-custom-odoo-module/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488425/; classtype:trojan-activity;sid:84351525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488403)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinborgesz/the-data-engineering-academy/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488403/; classtype:trojan-activity;sid:84351503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488406)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinborgesz/the-data-engineering-academy/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488406/; classtype:trojan-activity;sid:84351506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488368)"; flow:established,from_client; content:"GET"; http_method; content:"/notready155/whatsapp-chat-analysis/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488368/; classtype:trojan-activity;sid:84351468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488350)"; flow:established,from_client; content:"GET"; http_method; content:"/ilovedoo/ted-lasso-gpt/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488350/; classtype:trojan-activity;sid:84351450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488359)"; flow:established,from_client; content:"GET"; http_method; content:"/notready155/whatsapp-chat-analysis/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488359/; classtype:trojan-activity;sid:84351459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488360)"; flow:established,from_client; content:"GET"; http_method; content:"/ilovedoo/ted-lasso-gpt/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488360/; classtype:trojan-activity;sid:84351460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488346)"; flow:established,from_client; content:"GET"; http_method; content:"/bigdaveyy/react-form-validator-pro/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488346/; classtype:trojan-activity;sid:84351446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin49/gym-management-system-/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488334/; classtype:trojan-activity;sid:84351434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin49/gym-management-system-/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488336/; classtype:trojan-activity;sid:84351436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488339)"; flow:established,from_client; content:"GET"; http_method; content:"/bigdaveyy/react-form-validator-pro/releases/download/v1.0/installer.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488339/; classtype:trojan-activity;sid:84351439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488325)"; flow:established,from_client; content:"GET"; http_method; content:"/yunichi/livekit-voice-ai-agent-setup/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488325/; classtype:trojan-activity;sid:84351425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488314)"; flow:established,from_client; content:"GET"; http_method; content:"/hvkleon/text-classification-sentiment-analysis/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488314/; classtype:trojan-activity;sid:84351414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488306)"; flow:established,from_client; content:"GET"; http_method; content:"/hvkleon/text-classification-sentiment-analysis/releases/download/v1.0/installer.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488306/; classtype:trojan-activity;sid:84351406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488307)"; flow:established,from_client; content:"GET"; http_method; content:"/thandoman/seedtool/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488307/; classtype:trojan-activity;sid:84351407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488304)"; flow:established,from_client; content:"GET"; http_method; content:"/thandoman/seedtool/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488304/; classtype:trojan-activity;sid:84351404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488294)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/solana-trading-bot/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488294/; classtype:trojan-activity;sid:84351394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488268)"; flow:established,from_client; content:"GET"; http_method; content:"/bashspicerb/quasarrat-remote-access-tool/releases/download/v1.0/installer.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488268/; classtype:trojan-activity;sid:84351368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488269)"; flow:established,from_client; content:"GET"; http_method; content:"/marig1204/dmail_classicemail/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488269/; classtype:trojan-activity;sid:84351369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488273)"; flow:established,from_client; content:"GET"; http_method; content:"/itztoastie/email2_classicemail/releases/download/v1.0/installer.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488273/; classtype:trojan-activity;sid:84351373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488274)"; flow:established,from_client; content:"GET"; http_method; content:"/marig1204/dmail_classicemail/releases/download/v1.0/installer.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488274/; classtype:trojan-activity;sid:84351374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488278)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/solana-trading-bot/releases/download/v1.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488278/; classtype:trojan-activity;sid:84351378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488282)"; flow:established,from_client; content:"GET"; http_method; content:"/cartervr/taxdatabase-sql-tableau/releases/download/v1.0/release.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488282/; classtype:trojan-activity;sid:84351382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488264)"; flow:established,from_client; content:"GET"; http_method; content:"/itztoastie/email2_classicemail/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488264/; classtype:trojan-activity;sid:84351364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488261)"; flow:established,from_client; content:"GET"; http_method; content:"/bashspicerb/quasarrat-remote-access-tool/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488261/; classtype:trojan-activity;sid:84351361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488243)"; flow:established,from_client; content:"GET"; http_method; content:"/pyc888/dbcachinglayer/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488243/; classtype:trojan-activity;sid:84351343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488233)"; flow:established,from_client; content:"GET"; http_method; content:"/bolfymcplayer/intermag/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488233/; classtype:trojan-activity;sid:84351333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488234)"; flow:established,from_client; content:"GET"; http_method; content:"/bolfymcplayer/intermag/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488234/; classtype:trojan-activity;sid:84351334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488239)"; flow:established,from_client; content:"GET"; http_method; content:"/pyc888/dbcachinglayer/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488239/; classtype:trojan-activity;sid:84351339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488214)"; flow:established,from_client; content:"GET"; http_method; content:"/kirito1110/licenses/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488214/; classtype:trojan-activity;sid:84351314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488213)"; flow:established,from_client; content:"GET"; http_method; content:"/vsparedes/pycalc/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488213/; classtype:trojan-activity;sid:84351313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488208)"; flow:established,from_client; content:"GET"; http_method; content:"/skibiditoilet123xx/sinav-otomasyonu-prototip/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488208/; classtype:trojan-activity;sid:84351308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488209)"; flow:established,from_client; content:"GET"; http_method; content:"/skibiditoilet123xx/sinav-otomasyonu-prototip/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488209/; classtype:trojan-activity;sid:84351309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488210)"; flow:established,from_client; content:"GET"; http_method; content:"/fluidx2/roombooking_application/releases/download/v1.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488210/; classtype:trojan-activity;sid:84351310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488211)"; flow:established,from_client; content:"GET"; http_method; content:"/viper700pro/serum-vst-installer-2024-free/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488211/; classtype:trojan-activity;sid:84351311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488203)"; flow:established,from_client; content:"GET"; http_method; content:"/ella00311/erugo/releases/download/v1.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488203/; classtype:trojan-activity;sid:84351303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488182)"; flow:established,from_client; content:"GET"; http_method; content:"/nour10381/cosmicstar/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488182/; classtype:trojan-activity;sid:84351282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488184)"; flow:established,from_client; content:"GET"; http_method; content:"/nour10381/cosmicstar/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488184/; classtype:trojan-activity;sid:84351284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488185)"; flow:established,from_client; content:"GET"; http_method; content:"/powerangermerah/esp8266_esp32_web_file_manager/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488185/; classtype:trojan-activity;sid:84351285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488186)"; flow:established,from_client; content:"GET"; http_method; content:"/powerangermerah/esp8266_esp32_web_file_manager/releases/download/v1.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488186/; classtype:trojan-activity;sid:84351286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488181)"; flow:established,from_client; content:"GET"; http_method; content:"/aufahuhs/advanced-machine-learning-personal-project/releases/download/v1.0/software.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488181/; classtype:trojan-activity;sid:84351281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488162)"; flow:established,from_client; content:"GET"; http_method; content:"/berstarhunter/deepseek-start/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488162/; classtype:trojan-activity;sid:84351262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488157)"; flow:established,from_client; content:"GET"; http_method; content:"/davinjoeevano/batch-project-scaffolds/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488157/; classtype:trojan-activity;sid:84351257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488156)"; flow:established,from_client; content:"GET"; http_method; content:"/irfanr-source/synthtweet/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488156/; classtype:trojan-activity;sid:84351256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488147)"; flow:established,from_client; content:"GET"; http_method; content:"/arya-gg/axium/releases/download/v1.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488147/; classtype:trojan-activity;sid:84351247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488148)"; flow:established,from_client; content:"GET"; http_method; content:"/davinjoeevano/batch-project-scaffolds/releases/download/v1.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488148/; classtype:trojan-activity;sid:84351248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488152)"; flow:established,from_client; content:"GET"; http_method; content:"/berstarhunter/deepseek-start/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488152/; classtype:trojan-activity;sid:84351252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488153)"; flow:established,from_client; content:"GET"; http_method; content:"/toe2132313/zorvex-cat/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488153/; classtype:trojan-activity;sid:84351253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488146)"; flow:established,from_client; content:"GET"; http_method; content:"/irfanr-source/synthtweet/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488146/; classtype:trojan-activity;sid:84351246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488128)"; flow:established,from_client; content:"GET"; http_method; content:"/loudwens/displayindex/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488128/; classtype:trojan-activity;sid:84351228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488131)"; flow:established,from_client; content:"GET"; http_method; content:"/12301530/pump-fun-frontend/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488131/; classtype:trojan-activity;sid:84351231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488132)"; flow:established,from_client; content:"GET"; http_method; content:"/loudwens/displayindex/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488132/; classtype:trojan-activity;sid:84351232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488125)"; flow:established,from_client; content:"GET"; http_method; content:"/12301530/pump-fun-frontend/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488125/; classtype:trojan-activity;sid:84351225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488103)"; flow:established,from_client; content:"GET"; http_method; content:"/saninmysore/aws-face-recognition/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488103/; classtype:trojan-activity;sid:84351203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488110)"; flow:established,from_client; content:"GET"; http_method; content:"/flarerealfr/url-biblioteca-web/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488110/; classtype:trojan-activity;sid:84351210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488098)"; flow:established,from_client; content:"GET"; http_method; content:"/prakrititz/deepwater/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488098/; classtype:trojan-activity;sid:84351198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488100)"; flow:established,from_client; content:"GET"; http_method; content:"/huizuohaode/leaf/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488100/; classtype:trojan-activity;sid:84351200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488102)"; flow:established,from_client; content:"GET"; http_method; content:"/futurinav/esteai/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488102/; classtype:trojan-activity;sid:84351202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488079)"; flow:established,from_client; content:"GET"; http_method; content:"/alsooory/svg-templates/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488079/; classtype:trojan-activity;sid:84351179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488085)"; flow:established,from_client; content:"GET"; http_method; content:"/bobbysaremine/hb2/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488085/; classtype:trojan-activity;sid:84351185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488075)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_airbnb-lottie/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488075/; classtype:trojan-activity;sid:84351175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488061)"; flow:established,from_client; content:"GET"; http_method; content:"/ayobcoding/deep-research-py/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488061/; classtype:trojan-activity;sid:84351161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488054)"; flow:established,from_client; content:"GET"; http_method; content:"/keanusmall/sahimatch.ai/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488054/; classtype:trojan-activity;sid:84351154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488057)"; flow:established,from_client; content:"GET"; http_method; content:"/alejandro5486/infestuswebapp/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488057/; classtype:trojan-activity;sid:84351157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488035)"; flow:established,from_client; content:"GET"; http_method; content:"/kossiw/olievra/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488035/; classtype:trojan-activity;sid:84351135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488034)"; flow:established,from_client; content:"GET"; http_method; content:"/yogeshnicks/loader-ldtk/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488034/; classtype:trojan-activity;sid:84351134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488023)"; flow:established,from_client; content:"GET"; http_method; content:"/vukhang16/ggg/releases/download/v1.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488023/; classtype:trojan-activity;sid:84351123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488021)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_airbnb-lottie/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488021/; classtype:trojan-activity;sid:84351121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488000)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/invenstock/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488000/; classtype:trojan-activity;sid:84351100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487983)"; flow:established,from_client; content:"GET"; http_method; content:"/zeidmakic/quorixjwt/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487983/; classtype:trojan-activity;sid:84351083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487977)"; flow:established,from_client; content:"GET"; http_method; content:"/zeidmakic/quorixjwt/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487977/; classtype:trojan-activity;sid:84351077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487974)"; flow:established,from_client; content:"GET"; http_method; content:"/amoni2019/fonepaw-screen-recorder-free/releases/download/v1.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487974/; classtype:trojan-activity;sid:84351074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487975)"; flow:established,from_client; content:"GET"; http_method; content:"/brotimer24/chargingassignment.withtests/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487975/; classtype:trojan-activity;sid:84351075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487947)"; flow:established,from_client; content:"GET"; http_method; content:"/jay3x/auto-commit/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487947/; classtype:trojan-activity;sid:84351047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487950)"; flow:established,from_client; content:"GET"; http_method; content:"/brotimer24/chargingassignment.withtests/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487950/; classtype:trojan-activity;sid:84351050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487952)"; flow:established,from_client; content:"GET"; http_method; content:"/amoni2019/fonepaw-screen-recorder-free/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487952/; classtype:trojan-activity;sid:84351052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487953)"; flow:established,from_client; content:"GET"; http_method; content:"/daveyisbricked/movie-finder-react/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487953/; classtype:trojan-activity;sid:84351053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487954)"; flow:established,from_client; content:"GET"; http_method; content:"/daveyisbricked/movie-finder-react/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487954/; classtype:trojan-activity;sid:84351054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487955)"; flow:established,from_client; content:"GET"; http_method; content:"/jay3x/auto-commit/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487955/; classtype:trojan-activity;sid:84351055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487956)"; flow:established,from_client; content:"GET"; http_method; content:"/quynh814/teafibot/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487956/; classtype:trojan-activity;sid:84351056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487944)"; flow:established,from_client; content:"GET"; http_method; content:"/hafijulkhan786/fhnw-dashboard/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487944/; classtype:trojan-activity;sid:84351044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487939)"; flow:established,from_client; content:"GET"; http_method; content:"/quynh814/teafibot/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487939/; classtype:trojan-activity;sid:84351039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487935)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/invenstock/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487935/; classtype:trojan-activity;sid:84351035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487930)"; flow:established,from_client; content:"GET"; http_method; content:"/justnem/deep-research/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487930/; classtype:trojan-activity;sid:84351030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487931)"; flow:established,from_client; content:"GET"; http_method; content:"/rofix12/spring-microservices/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487931/; classtype:trojan-activity;sid:84351031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487929)"; flow:established,from_client; content:"GET"; http_method; content:"/justnem/deep-research/releases/download/v1.0/app.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487929/; classtype:trojan-activity;sid:84351029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487918)"; flow:established,from_client; content:"GET"; http_method; content:"/jeff2807/githubaipy/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487918/; classtype:trojan-activity;sid:84351018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487920)"; flow:established,from_client; content:"GET"; http_method; content:"/rahul110110/rocket-telemetry-logger-using-raspberry-pi-pico/releases/download/v1.0/software.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487920/; classtype:trojan-activity;sid:84351020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487921)"; flow:established,from_client; content:"GET"; http_method; content:"/jeff2807/githubaipy/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487921/; classtype:trojan-activity;sid:84351021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487916)"; flow:established,from_client; content:"GET"; http_method; content:"/binnizenobiocordovaleandro/apachimuhkayqui-server/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487916/; classtype:trojan-activity;sid:84351016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487909)"; flow:established,from_client; content:"GET"; http_method; content:"/rofix12/spring-microservices/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487909/; classtype:trojan-activity;sid:84351009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487905)"; flow:established,from_client; content:"GET"; http_method; content:"/rahul110110/rocket-telemetry-logger-using-raspberry-pi-pico/releases/download/v2.0/software.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487905/; classtype:trojan-activity;sid:84351005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487902)"; flow:established,from_client; content:"GET"; http_method; content:"/bryandejesusrt/reconocimiento-de-placas-con-ia-bytecoders/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487902/; classtype:trojan-activity;sid:84351002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487360)"; flow:established,from_client; content:"GET"; http_method; content:"/wer812/bhh666666666666/raw/refs/heads/main/service.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487360/; classtype:trojan-activity;sid:84350460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487363)"; flow:established,from_client; content:"GET"; http_method; content:"/wer812/vbvgghjjio999000/raw/refs/heads/main/bnoaprihjatuasss.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487363/; classtype:trojan-activity;sid:84350463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487364)"; flow:established,from_client; content:"GET"; http_method; content:"/wer812/bbgy555555551/raw/refs/heads/main/ntladlklthawd.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487364/; classtype:trojan-activity;sid:84350464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487069)"; flow:established,from_client; content:"GET"; http_method; content:"/dl19"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487069/; classtype:trojan-activity;sid:84350169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486184)"; flow:established,from_client; content:"GET"; http_method; content:"/ilganrat342/dgasgxc/refs/heads/main/setup.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486184/; classtype:trojan-activity;sid:84349284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485331)"; flow:established,from_client; content:"GET"; http_method; content:"/sh.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485331/; classtype:trojan-activity;sid:84348431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485332)"; flow:established,from_client; content:"GET"; http_method; content:"/aasdasdqrunshkkkkkkk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485332/; classtype:trojan-activity;sid:84348432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485330)"; flow:established,from_client; content:"GET"; http_method; content:"/asdqsadsdahhhhhtxt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485330/; classtype:trojan-activity;sid:84348430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485329)"; flow:established,from_client; content:"GET"; http_method; content:"/ps_z.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485329/; classtype:trojan-activity;sid:84348429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485213)"; flow:established,from_client; content:"GET"; http_method; content:"/curly3/n3xus-scr1pt-r0bl0x/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485213/; classtype:trojan-activity;sid:84348313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485193)"; flow:established,from_client; content:"GET"; http_method; content:"/khalid2344/mint-executor/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485193/; classtype:trojan-activity;sid:84348293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485144)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1k4idibw1vtsntpbqtvbfabfgm2h5s14d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485144/; classtype:trojan-activity;sid:84348244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485126)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1km_hwk7sn_amuk7q2dk9kttzwk1taelw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485126/; classtype:trojan-activity;sid:84348226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484493)"; flow:established,from_client; content:"GET"; http_method; content:"/dl17"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484493/; classtype:trojan-activity;sid:84347593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484465)"; flow:established,from_client; content:"GET"; http_method; content:"/stepegemeyod/codex-roblox/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484465/; classtype:trojan-activity;sid:84347565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484464)"; flow:established,from_client; content:"GET"; http_method; content:"/stepegemeyod/codex-roblox/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484464/; classtype:trojan-activity;sid:84347564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483995)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483995/; classtype:trojan-activity;sid:84347095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483984)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v3.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483984/; classtype:trojan-activity;sid:84347084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483979)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v2.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483979/; classtype:trojan-activity;sid:84347079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483980)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483980/; classtype:trojan-activity;sid:84347080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483406)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1q6iji-1uq5ksrr3luufy3to-jfs4ec4d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483406/; classtype:trojan-activity;sid:84346506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483319)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1inbpqtz2qyus0zqldnbhutbzwgdghhs0"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483319/; classtype:trojan-activity;sid:84346419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483317)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1g4q6iay5qjzlgigjqnwftkdc5-o_2pqx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483317/; classtype:trojan-activity;sid:84346417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483309)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cl-nvhrrue_wg2zkpuxmvk40tk3knacb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483309/; classtype:trojan-activity;sid:84346409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482360)"; flow:established,from_client; content:"GET"; http_method; content:"/omio-saha/spotify_data_pipe_snowflake/releases/download/v1.0/release_x64.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482360/; classtype:trojan-activity;sid:84345460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482367)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v1.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482367/; classtype:trojan-activity;sid:84345467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482368)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482368/; classtype:trojan-activity;sid:84345468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482262)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/css/colors/sunrise/xundfaxgnsp84.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"www.automobile-bk.de"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482262/; classtype:trojan-activity;sid:84345362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482257)"; flow:established,from_client; content:"GET"; http_method; content:"/bear/2020/goldarnedest.aca"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.support-data.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482257/; classtype:trojan-activity;sid:84345357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481956)"; flow:established,from_client; content:"GET"; http_method; content:"/numonehittaboy/cdn/refs/heads/main/cvf.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481956/; classtype:trojan-activity;sid:84345056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.103.130.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481610/; classtype:trojan-activity;sid:84344710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.218.189.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481600/; classtype:trojan-activity;sid:84344700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481344)"; flow:established,from_client; content:"GET"; http_method; content:"/alishazara/api/refs/heads/master/rh_s.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481344/; classtype:trojan-activity;sid:84344444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480616)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/u/raw/main/ud.bat"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480616/; classtype:trojan-activity;sid:84343716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480361)"; flow:established,from_client; content:"GET"; http_method; content:"/elijahhx/dead1ock-h4ck/releases/download/v2.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480361/; classtype:trojan-activity;sid:84343461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480359)"; flow:established,from_client; content:"GET"; http_method; content:"/nurraif/mytonwallet/releases/download/v2.0/program.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480359/; classtype:trojan-activity;sid:84343459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480274)"; flow:established,from_client; content:"GET"; http_method; content:"/gollfinho/browser-testing/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480274/; classtype:trojan-activity;sid:84343374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475656)"; flow:established,from_client; content:"GET"; http_method; content:"/pufferfish420/fixing-error-0x8007000e/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475656/; classtype:trojan-activity;sid:84338756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475642)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/githubtutorial/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475642/; classtype:trojan-activity;sid:84338742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475644)"; flow:established,from_client; content:"GET"; http_method; content:"/phamtaino/fixing-error-0x80004005-unspecified/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475644/; classtype:trojan-activity;sid:84338744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475645)"; flow:established,from_client; content:"GET"; http_method; content:"/attorneywenn/pragati_backend_2025/releases/download/v2.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475645/; classtype:trojan-activity;sid:84338745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475646)"; flow:established,from_client; content:"GET"; http_method; content:"/pufferfish420/fixing-error-0x8007000e/releases/download/v2.0/program.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475646/; classtype:trojan-activity;sid:84338746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475651)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_selinux/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475651/; classtype:trojan-activity;sid:84338751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475624)"; flow:established,from_client; content:"GET"; http_method; content:"/boomerxd69/amog-os-lts/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475624/; classtype:trojan-activity;sid:84338724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475630)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinyxml/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475630/; classtype:trojan-activity;sid:84338730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475635)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/realtime-chat-app/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475635/; classtype:trojan-activity;sid:84338735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475636)"; flow:established,from_client; content:"GET"; http_method; content:"/itznaviya/hamster-kombat-bot/releases/download/v3.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475636/; classtype:trojan-activity;sid:84338736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475637)"; flow:established,from_client; content:"GET"; http_method; content:"/kasonsh2450/fixing-error-0x80070005-access-denied/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475637/; classtype:trojan-activity;sid:84338737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475639)"; flow:established,from_client; content:"GET"; http_method; content:"/toanminh2004/fixing-error-0x80070424-specified-service/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475639/; classtype:trojan-activity;sid:84338739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475615)"; flow:established,from_client; content:"GET"; http_method; content:"/naiahahah/musicbox/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475615/; classtype:trojan-activity;sid:84338715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475620)"; flow:established,from_client; content:"GET"; http_method; content:"/kasonsh2450/bananan-shooter-hack-interna-/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475620/; classtype:trojan-activity;sid:84338720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475623)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475623/; classtype:trojan-activity;sid:84338723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474801)"; flow:established,from_client; content:"GET"; http_method; content:"/muterfree/nexus-roblox/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474801/; classtype:trojan-activity;sid:84337901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474808)"; flow:established,from_client; content:"GET"; http_method; content:"/giiyu12/codex-roblox/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474808/; classtype:trojan-activity;sid:84337908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474817)"; flow:established,from_client; content:"GET"; http_method; content:"/agr1us/roblox-oxygen/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474817/; classtype:trojan-activity;sid:84337917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474749)"; flow:established,from_client; content:"GET"; http_method; content:"/ishratali007/n3xus-scr1pt-r0bl0x/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474749/; classtype:trojan-activity;sid:84337849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473787)"; flow:established,from_client; content:"GET"; http_method; content:"/cartervr/taxdatabase-sql-tableau/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473787/; classtype:trojan-activity;sid:84336887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473766)"; flow:established,from_client; content:"GET"; http_method; content:"/ggusercool/pancakeswapbnbprediction/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473766/; classtype:trojan-activity;sid:84336866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473774)"; flow:established,from_client; content:"GET"; http_method; content:"/huizuohaode/ai-image-generator/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473774/; classtype:trojan-activity;sid:84336874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473777)"; flow:established,from_client; content:"GET"; http_method; content:"/yosif9999/hamster-clicker/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473777/; classtype:trojan-activity;sid:84336877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473779)"; flow:established,from_client; content:"GET"; http_method; content:"/led-sol/mental-health-chatbot/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473779/; classtype:trojan-activity;sid:84336879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473576)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ovluq0bdu-cys5xvyogyjd5qidqb1per"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473576/; classtype:trojan-activity;sid:84336676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473160)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1d4aper-gjv3agk8yeny5scayonlc68yo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473160/; classtype:trojan-activity;sid:84336260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472675)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472675/; classtype:trojan-activity;sid:84335775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468872)"; flow:established,from_client; content:"GET"; http_method; content:"/xraqwapfu.pdf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"galerisenimutiara.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468872/; classtype:trojan-activity;sid:84331972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467628)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1eczx8yjtfxwos26grqtdixajed3ukcao"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467628/; classtype:trojan-activity;sid:84330728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467629)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1drptefwc7xybtum52bikrhp4j4l6lttc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467629/; classtype:trojan-activity;sid:84330729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467546)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2d42ffe-779b-4107-ac42-7f36375aab37/downloads/fojik.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467546/; classtype:trojan-activity;sid:84330646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467537)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/61705749605.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467537/; classtype:trojan-activity;sid:84330637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467538)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dd3b43cd-389e-413e-87b9-e21f40c2630d/downloads/guledazawabumoda.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467538/; classtype:trojan-activity;sid:84330638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467533)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/637623a6-af9b-4a69-90a8-85cd562c999e/downloads/niwexokaburule.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467533/; classtype:trojan-activity;sid:84330633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467528)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96f90b6e-3939-4cac-a3ad-eba9fb8219bf/downloads/71599608952.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467528/; classtype:trojan-activity;sid:84330628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467523)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3e712c63-2f24-4e6b-a5dc-ff3233100bea/downloads/72290413200.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467523/; classtype:trojan-activity;sid:84330623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467524)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2eabcd0a-1fbf-48aa-8399-71392232a891/downloads/rafubagosewuniwudob.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467524/; classtype:trojan-activity;sid:84330624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467525)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/70485427967.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467525/; classtype:trojan-activity;sid:84330625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467526)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e9dc005a-39e6-474d-bf2f-ef67b812a261/downloads/xenogipojadamomixaxulute.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467526/; classtype:trojan-activity;sid:84330626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467527)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/9089368795.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467527/; classtype:trojan-activity;sid:84330627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467516)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96b6a2f4-8317-413b-a7e3-44adb2eb81f5/downloads/safari_magazine_2019_download.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467516/; classtype:trojan-activity;sid:84330616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467517)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8014aeaa-17b8-4bcd-a9d7-094ad1ff7644/downloads/fusoze.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467517/; classtype:trojan-activity;sid:84330617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467519)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/plan_technique_piscine_a_debordement.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467519/; classtype:trojan-activity;sid:84330619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467521)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/83838390139.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467521/; classtype:trojan-activity;sid:84330621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467510)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6104a42e-c9ca-496d-9156-92538fddca06/downloads/vevowezirebojikidebof.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467510/; classtype:trojan-activity;sid:84330610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467513)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/temisipilotiba.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467513/; classtype:trojan-activity;sid:84330613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467501)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/79427765137.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467501/; classtype:trojan-activity;sid:84330601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467478)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/examples_of_employee_goals_for_performance_review.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467478/; classtype:trojan-activity;sid:84330578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467477)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/50228966329.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467477/; classtype:trojan-activity;sid:84330577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467475)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/educational_leadership_philosophy_examples.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467475/; classtype:trojan-activity;sid:84330575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467476)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/299c0676-bac5-4db6-8fea-3075091e1687/downloads/61526216713.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467476/; classtype:trojan-activity;sid:84330576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467465)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/gumofeke.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467465/; classtype:trojan-activity;sid:84330565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467466)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/mawanigokur.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467466/; classtype:trojan-activity;sid:84330566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467469)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/36054141231.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467469/; classtype:trojan-activity;sid:84330569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467470)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37fc73a-27ae-4e8d-87b6-7c807b298be6/downloads/85925649248.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467470/; classtype:trojan-activity;sid:84330570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467471)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/educacion_financiera_avanzada_partiendo_de_cero_autor_gregor.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467471/; classtype:trojan-activity;sid:84330571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467472)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/663ae0bf-1142-4d7a-8653-755553f6852e/downloads/lejafarezafig.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467472/; classtype:trojan-activity;sid:84330572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467474)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/biwejukajurel.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467474/; classtype:trojan-activity;sid:84330574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467458)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/6083216094.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467458/; classtype:trojan-activity;sid:84330558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467459)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62128af0-82d0-4bae-b967-d393a4304003/downloads/69065118383.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467459/; classtype:trojan-activity;sid:84330559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467461)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51e053ea-8122-46e3-bee6-6c00a935619c/downloads/40061082597.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467461/; classtype:trojan-activity;sid:84330561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467462)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/94224235634.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467462/; classtype:trojan-activity;sid:84330562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467463)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/739cff78-28a4-4749-8c7f-abf371b6a947/downloads/62789327536.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467463/; classtype:trojan-activity;sid:84330563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467464)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ee12fbcb-3848-4c54-8690-0d9c760d3837/downloads/5683334295.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467464/; classtype:trojan-activity;sid:84330564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467453)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d9b3f7f8-355a-428e-bb44-74bff775274d/downloads/supix.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467453/; classtype:trojan-activity;sid:84330553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467454)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/670646a4-4ce8-4367-bccc-c52d2083c9a3/downloads/chronogramme_dune_these_de_doctorat.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467454/; classtype:trojan-activity;sid:84330554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467455)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1e222df8-d197-4254-b90b-be3d3b023ef4/downloads/zopawakabubijipek.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467455/; classtype:trojan-activity;sid:84330555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467456)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/27590969755.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467456/; classtype:trojan-activity;sid:84330556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467457)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kudokexogikekuporeso.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467457/; classtype:trojan-activity;sid:84330557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467452)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/48255006417.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467452/; classtype:trojan-activity;sid:84330552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467448)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09540d0c-1db9-4e3c-a32d-6eed7b48ae00/downloads/3841723103.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467448/; classtype:trojan-activity;sid:84330548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467443)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/exemple_de_dossier_raep_redige.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467443/; classtype:trojan-activity;sid:84330543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467444)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3007465f-aa28-4ea8-964e-00ec10d6daef/downloads/reinforced_concrete_wall_design_examples.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467444/; classtype:trojan-activity;sid:84330544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467445)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/munich_tourist_attractions_map.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467445/; classtype:trojan-activity;sid:84330545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467438)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4a17de4-bdbb-4d1a-aaee-49990939d4cf/downloads/problue_7_nordson_manual.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467438/; classtype:trojan-activity;sid:84330538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467440)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/30229793875.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467440/; classtype:trojan-activity;sid:84330540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467433)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/cooling_tower_working.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467433/; classtype:trojan-activity;sid:84330533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467434)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/corporate_signature_authority_matrix_template_printable.pdf"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467434/; classtype:trojan-activity;sid:84330534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467425)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/continental_online_assessment_test_answers.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467425/; classtype:trojan-activity;sid:84330525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467426)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/465f36af-7a24-4906-9c2a-986dcb6b15f8/downloads/where_can_i_get_edo_state_of_origin_certificate_in_lagos.pdf"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467426/; classtype:trojan-activity;sid:84330526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467427)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/sample_testimonials_for_employees.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467427/; classtype:trojan-activity;sid:84330527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467428)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bf8d6b31-0867-4cc2-b138-2d2dbb23ec3a/downloads/bawananulufobomoderawulen.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467428/; classtype:trojan-activity;sid:84330528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467429)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/90dc87b4-fd7e-4412-9a6a-76e20db16dbd/downloads/23425133870.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467429/; classtype:trojan-activity;sid:84330529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467422)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37fc73a-27ae-4e8d-87b6-7c807b298be6/downloads/86119351354.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467422/; classtype:trojan-activity;sid:84330522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467423)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/kagoferoxotopelabalim.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467423/; classtype:trojan-activity;sid:84330523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467411)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/how_to_write_letter_against_show_cause_notice.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467411/; classtype:trojan-activity;sid:84330511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467412)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/bevakabopodo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467412/; classtype:trojan-activity;sid:84330512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467416)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/55669141050.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467416/; classtype:trojan-activity;sid:84330516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467417)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fb13673c-7b10-403f-be9e-1b04622101d6/downloads/61656569082.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467417/; classtype:trojan-activity;sid:84330517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467418)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/98264302577.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467418/; classtype:trojan-activity;sid:84330518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467408)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/grammar_plus_class_8.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467408/; classtype:trojan-activity;sid:84330508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467409)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/32575227287.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467409/; classtype:trojan-activity;sid:84330509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467410)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/xavibow.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467410/; classtype:trojan-activity;sid:84330510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467400)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b566d4a5-149a-4042-a2b5-fa837a998781/downloads/62246613540.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467400/; classtype:trojan-activity;sid:84330500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467401)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a5d43283-67be-4a3b-9041-1427b691166f/downloads/dotadaxokokimidupoz.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467401/; classtype:trojan-activity;sid:84330501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467403)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a19a3dcf-f832-45fe-91ff-ed566d492286/downloads/31803450103.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467403/; classtype:trojan-activity;sid:84330503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467404)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/26449761459.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467404/; classtype:trojan-activity;sid:84330504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467395)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/manual_de_uso_cummins_insite.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467395/; classtype:trojan-activity;sid:84330495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467397)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/83127272265.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467397/; classtype:trojan-activity;sid:84330497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467389)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/50013116393.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467389/; classtype:trojan-activity;sid:84330489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467391)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/sowuluxoranevoxivobu.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467391/; classtype:trojan-activity;sid:84330491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467392)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/jw_public_talk_outlines.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467392/; classtype:trojan-activity;sid:84330492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467386)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/muxem.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467386/; classtype:trojan-activity;sid:84330486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467381)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aa930190-2e12-4ce7-8bd7-0454f2ef6721/downloads/remonstration_visum_ablehnung_muster.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467381/; classtype:trojan-activity;sid:84330481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467382)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1cd14ca4-3aaa-4349-a92b-5919cb2c71ee/downloads/37493963429.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467382/; classtype:trojan-activity;sid:84330482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467383)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/26417869572.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467383/; classtype:trojan-activity;sid:84330483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467384)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zutufukatozoxogunubikok.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467384/; classtype:trojan-activity;sid:84330484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467385)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/vawazu.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467385/; classtype:trojan-activity;sid:84330485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467370)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4240411-5b76-4ebe-95b9-c00242399cf6/downloads/libevisuxalozusofaze.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467370/; classtype:trojan-activity;sid:84330470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467371)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d07e2353-3643-42fe-ba11-ffa772b1a28d/downloads/61695596025.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467371/; classtype:trojan-activity;sid:84330471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467372)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/remebemakuvomurixulat.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467372/; classtype:trojan-activity;sid:84330472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467377)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/35713869772.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467377/; classtype:trojan-activity;sid:84330477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467363)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/popezefere.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467363/; classtype:trojan-activity;sid:84330463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467365)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/57373027197.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467365/; classtype:trojan-activity;sid:84330465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467367)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1e00f0b9-c207-4cb1-9a9a-c11d057e31a3/downloads/request_letter_for_hold_amount_release.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467367/; classtype:trojan-activity;sid:84330467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467369)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9569c183-65dc-4f14-a45e-e7944584cb65/downloads/58650400832.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467369/; classtype:trojan-activity;sid:84330469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467358)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0684881f-11f6-455b-9188-fb070acdb368/downloads/you_too_can_be_prosperous.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467358/; classtype:trojan-activity;sid:84330458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467359)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e51c42a2-48a1-43ea-b124-a034de3679a6/downloads/sizusobimemitu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467359/; classtype:trojan-activity;sid:84330459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467360)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/fosodevo.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467360/; classtype:trojan-activity;sid:84330460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467353)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/her_yonuyle_modern_almanca_dursun_zengin.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467353/; classtype:trojan-activity;sid:84330453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467354)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/towedokunorazageleside.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467354/; classtype:trojan-activity;sid:84330454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467355)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/65604431763.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467355/; classtype:trojan-activity;sid:84330455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467357)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/ruwuxa.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467357/; classtype:trojan-activity;sid:84330457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467347)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c725aa89-ce3b-4b0b-861e-e7c40702153d/downloads/sulupob.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467347/; classtype:trojan-activity;sid:84330447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467348)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a2e88a7-385b-4aed-a81e-123c037cba5d/downloads/57067255053.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467348/; classtype:trojan-activity;sid:84330448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467350)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2ad58263-1b5c-4da7-bc4a-7b8f99e22218/downloads/2544897802.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467350/; classtype:trojan-activity;sid:84330450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467352)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/66812037618.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467352/; classtype:trojan-activity;sid:84330452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467344)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b4da0e1a-7caf-4ed8-aaa9-0949952990f3/downloads/49347806429.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467344/; classtype:trojan-activity;sid:84330444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467339)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7399f648-106b-4174-b8c0-6d6694895ad3/downloads/vakoxumem.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467339/; classtype:trojan-activity;sid:84330439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467340)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/gununemedusotojipime.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467340/; classtype:trojan-activity;sid:84330440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467334)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/92c7bb30-769c-4722-92cc-8b01b59910e0/downloads/36512394005.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467334/; classtype:trojan-activity;sid:84330434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467337)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7592d1e2-3dca-48f2-9f42-bb08c23dfb67/downloads/zutav.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467337/; classtype:trojan-activity;sid:84330437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467326)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8f97cb07-1cfa-4fca-b6d8-3f1bf47f56b3/downloads/dulerugufep.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467326/; classtype:trojan-activity;sid:84330426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467328)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/nopurumonufulelu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467328/; classtype:trojan-activity;sid:84330428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467329)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2b44aaa8-926a-4cbd-9774-e30385fa65ac/downloads/zexesotusipedelew.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467329/; classtype:trojan-activity;sid:84330429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467321)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/security_daily_activity_report_template.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467321/; classtype:trojan-activity;sid:84330421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467312)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a3d7189d-efc6-47e1-bbe5-dc5eeaf610a0/downloads/rtca_do-160g.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467312/; classtype:trojan-activity;sid:84330412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467313)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ac66f4da-754b-4df9-b080-4728fb201349/downloads/nimoma.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467313/; classtype:trojan-activity;sid:84330413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467314)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c877865a-29ce-446f-b8f8-42c8a2318eff/downloads/personal_loan_closure_letter_format_in_word.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467314/; classtype:trojan-activity;sid:84330414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467317)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/11677680583.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467317/; classtype:trojan-activity;sid:84330417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467318)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/elkonin_boxes_word_list.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467318/; classtype:trojan-activity;sid:84330418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467320)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f4482b02-adbc-4511-a01d-8f5a32444a75/downloads/zudelejanegine.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467320/; classtype:trojan-activity;sid:84330420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467307)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c3d6560-d229-4015-8af2-a70ad89bde0a/downloads/80071621679.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467307/; classtype:trojan-activity;sid:84330407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467305)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lapeke.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467305/; classtype:trojan-activity;sid:84330405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467303)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/kapabemirowajuzaxadirokef.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467303/; classtype:trojan-activity;sid:84330403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467304)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/modexad.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467304/; classtype:trojan-activity;sid:84330404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467298)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0bdc9896-149c-4815-8e37-9e55432c4120/downloads/bofugesugipufibutunida.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467298/; classtype:trojan-activity;sid:84330398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467300)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c30937d-c8da-4e7b-9f7a-432344b46400/downloads/xuguxupevubitutuzoju.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467300/; classtype:trojan-activity;sid:84330400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467301)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/rubejemi.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467301/; classtype:trojan-activity;sid:84330401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467286)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/atividades_de_concordancia_verbal_5o_ano_com_gabarito.pdf"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467286/; classtype:trojan-activity;sid:84330386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467287)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/78c14b69-39ed-4d94-8d63-a7b29776e43c/downloads/45524925955.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467287/; classtype:trojan-activity;sid:84330387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467292)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/cyberark_psmp_admin_guide.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467292/; classtype:trojan-activity;sid:84330392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467295)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/kitab_shams_al_maarif.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467295/; classtype:trojan-activity;sid:84330395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467283)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3298be68-ecf2-4e6e-8fa7-1bf1d7657489/downloads/xagoje.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467283/; classtype:trojan-activity;sid:84330383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467279)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/83df8ca9-16c2-4244-8f9e-8be918c4b8a3/downloads/86611585002.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467279/; classtype:trojan-activity;sid:84330379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467280)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/41138401642.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467280/; classtype:trojan-activity;sid:84330380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467281)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/hepatorenales_syndrom.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467281/; classtype:trojan-activity;sid:84330381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467271)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fae029f6-27b1-4578-94bc-ae0bbaeebde4/downloads/53744052149.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467271/; classtype:trojan-activity;sid:84330371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467274)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9927c1c5-c61c-4f5e-807e-67bd1833b3e4/downloads/nijalox.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467274/; classtype:trojan-activity;sid:84330374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467275)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/how_to_change_font_size_in_xchange_editor.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467275/; classtype:trojan-activity;sid:84330375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467277)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/limitorque_mx_ordering_guide.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467277/; classtype:trojan-activity;sid:84330377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467266)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/timex_expedition_indiglo_wr50m_manual.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467266/; classtype:trojan-activity;sid:84330366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467269)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a3b63b5-3e6a-48ac-8e49-14ed0037cbc4/downloads/hitachi_cd_sem_operation_manual.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467269/; classtype:trojan-activity;sid:84330369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467264)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/87483152555.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467264/; classtype:trojan-activity;sid:84330364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467259)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/36672004653.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467259/; classtype:trojan-activity;sid:84330359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467260)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9dc6fd8e-b629-406d-be34-231dfc94d5e9/downloads/catia_v5_simulation_tutorial.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467260/; classtype:trojan-activity;sid:84330360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467262)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/80e9e7c7-d97b-4b5a-96c4-9a83854a3065/downloads/vuzabovamipavowaseke.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467262/; classtype:trojan-activity;sid:84330362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467254)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09077edc-9c07-4d95-9708-b2f62b12ca6a/downloads/jikiluwuruwewomurenix.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467254/; classtype:trojan-activity;sid:84330354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467258)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/weguma.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467258/; classtype:trojan-activity;sid:84330358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467246)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/119d5b03-e78f-4725-87b7-ed496b267f6d/downloads/attributes_of_a_good_research_topic_ppt.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467246/; classtype:trojan-activity;sid:84330346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467249)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1663535d-289f-4a17-902d-0bb53881ce69/downloads/kurupojofuxerixutalo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467249/; classtype:trojan-activity;sid:84330349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467250)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/mizibatazikitawejubidodog.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467250/; classtype:trojan-activity;sid:84330350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467251)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/gibabasakofalulizuwa.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467251/; classtype:trojan-activity;sid:84330351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467240)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/meravinuvisudome.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467240/; classtype:trojan-activity;sid:84330340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467241)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/64114a94-94a3-4f5d-866a-beee254b955f/downloads/70815730326.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467241/; classtype:trojan-activity;sid:84330341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467235)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/86649529175.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467235/; classtype:trojan-activity;sid:84330335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467236)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/nims_703_b_answers.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467236/; classtype:trojan-activity;sid:84330336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467237)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cf660a09-f805-468d-bb57-fa3593615f41/downloads/tojanigawexulametuzuk.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467237/; classtype:trojan-activity;sid:84330337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467230)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bc2ad79b-5832-4a2d-a335-92537db54849/downloads/pinestars_choice.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467230/; classtype:trojan-activity;sid:84330330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467231)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/vupegazezo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467231/; classtype:trojan-activity;sid:84330331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467221)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/18985117210.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467221/; classtype:trojan-activity;sid:84330321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467223)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/03167ecf-a61c-49ea-b541-7a074a81e1da/downloads/6655537579.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467223/; classtype:trojan-activity;sid:84330323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467225)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/41957679215.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467225/; classtype:trojan-activity;sid:84330325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467226)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/exemple_de_livret_2_vae_rempli.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467226/; classtype:trojan-activity;sid:84330326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467228)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f569f34e-b7af-41eb-9a21-0f9939c54b3f/downloads/64195657437.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467228/; classtype:trojan-activity;sid:84330328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467220)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/aspen_pims_manual.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467220/; classtype:trojan-activity;sid:84330320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467219)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/fivojudu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467219/; classtype:trojan-activity;sid:84330319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467210)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/20019605198.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467210/; classtype:trojan-activity;sid:84330310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467212)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/45706940387.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467212/; classtype:trojan-activity;sid:84330312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467213)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/xajuxe.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467213/; classtype:trojan-activity;sid:84330313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467214)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/81f7a7ad-d4fe-4147-943f-584c2d1e9bf5/downloads/because_of_mr_terupt_online.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467214/; classtype:trojan-activity;sid:84330314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467215)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/fajupip.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467215/; classtype:trojan-activity;sid:84330315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467205)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/minetest_wiki_commands.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467205/; classtype:trojan-activity;sid:84330305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467206)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/ohanian_physics_volume_1.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467206/; classtype:trojan-activity;sid:84330306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467207)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1c97d706-1093-417b-afec-0c60fc1d8547/downloads/74906999263.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467207/; classtype:trojan-activity;sid:84330307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467208)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/900d123a-2557-4fa9-92f6-1446b602b979/downloads/deporiramuga.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467208/; classtype:trojan-activity;sid:84330308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467209)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/traffic_light_risk_assessment_template_mental_health.pdf"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467209/; classtype:trojan-activity;sid:84330309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467202)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/suritotowid.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467202/; classtype:trojan-activity;sid:84330302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467196)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/41821413009.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467196/; classtype:trojan-activity;sid:84330296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467200)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/804274b4-5f10-4c26-9de6-df56f38aac7c/downloads/14312384720.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467200/; classtype:trojan-activity;sid:84330300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467187)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/37654458598.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467187/; classtype:trojan-activity;sid:84330287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467188)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/23776368177.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467188/; classtype:trojan-activity;sid:84330288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467190)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/eb8ff9f7-37bb-4420-bfa0-f018b38dcfa6/downloads/17065535031.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467190/; classtype:trojan-activity;sid:84330290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467191)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/432a6cf0-f63b-4132-8b03-52615cd2c1c3/downloads/41591669011.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467191/; classtype:trojan-activity;sid:84330291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467193)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/2634956565.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467193/; classtype:trojan-activity;sid:84330293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467177)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/437a989b-0a84-4105-b8c7-1870eb56af29/downloads/sbi_disbursement_request_form.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467177/; classtype:trojan-activity;sid:84330277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467180)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/27f26436-44ad-4647-8929-a76a4ea0ea67/downloads/sample_query_letter_for_negligence_of_duty.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467180/; classtype:trojan-activity;sid:84330280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467181)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/sapebufuj.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467181/; classtype:trojan-activity;sid:84330281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467184)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4365da4a-8d29-4708-8e67-b3b566794d83/downloads/fovizijazobupukototofosop.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467184/; classtype:trojan-activity;sid:84330284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467186)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/93759555539.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467186/; classtype:trojan-activity;sid:84330286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467175)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/ligitove.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467175/; classtype:trojan-activity;sid:84330275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467176)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/62404701972.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467176/; classtype:trojan-activity;sid:84330276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467171)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/069f5eef-b21d-41b6-aaa6-569b53af1c5a/downloads/rawidesukusutalunug.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467171/; classtype:trojan-activity;sid:84330271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467172)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d102a54e-7197-4308-a937-d70c58240642/downloads/26442784020.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467172/; classtype:trojan-activity;sid:84330272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467167)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/83882971503.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467167/; classtype:trojan-activity;sid:84330267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467168)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/modelo_carta_entrega_de_inmueble_word.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467168/; classtype:trojan-activity;sid:84330268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467163)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/61905f2a-55dd-4144-8c7c-fce5e91063a8/downloads/british_army_all_arms_tactical_aide_memoire.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467163/; classtype:trojan-activity;sid:84330263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467166)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/rakotojifodonosanilorefa.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467166/; classtype:trojan-activity;sid:84330266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467157)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1ec2f808-78a9-4c99-aa80-be96e23bf450/downloads/gewikunobapizati.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467157/; classtype:trojan-activity;sid:84330257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467158)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7dda8154-e680-4c60-8651-19cf13768d49/downloads/jadol.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467158/; classtype:trojan-activity;sid:84330258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467154)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/nojivurajojirezizi.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467154/; classtype:trojan-activity;sid:84330254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467156)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98571e96-4bd9-4ee2-bb76-481ac550907e/downloads/genebugutisevijuk.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467156/; classtype:trojan-activity;sid:84330256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467148)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/jiwekonuwokesarejibezan.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467148/; classtype:trojan-activity;sid:84330248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467149)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/159e5f7b-5078-45c9-9b36-63f21684101f/downloads/94962104148.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467149/; classtype:trojan-activity;sid:84330249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467150)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9483bc30-bb1c-4c04-9cf3-38d205924dab/downloads/jugilususosu.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467150/; classtype:trojan-activity;sid:84330250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467151)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/virapajoridubibakoxofa.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467151/; classtype:trojan-activity;sid:84330251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467152)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/319984769.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467152/; classtype:trojan-activity;sid:84330252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467142)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/makusikarubikowaxosop.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467142/; classtype:trojan-activity;sid:84330242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467143)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/gikuxuze.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467143/; classtype:trojan-activity;sid:84330243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467146)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/voxuba.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467146/; classtype:trojan-activity;sid:84330246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467147)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/wokaselu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467147/; classtype:trojan-activity;sid:84330247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467135)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/963d457e-5dea-4a7e-aae8-47aada2a7cc0/downloads/velafeke.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467135/; classtype:trojan-activity;sid:84330235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467137)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/97fcff61-ad1b-4591-bfda-ed7d6d6690f0/downloads/49593663309.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467137/; classtype:trojan-activity;sid:84330237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467138)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5e489076-b026-43ca-95da-8c6fe49f6d00/downloads/49103789197.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467138/; classtype:trojan-activity;sid:84330238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467132)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/zafekupegagasaza.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467132/; classtype:trojan-activity;sid:84330232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467133)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/55585429936.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467133/; classtype:trojan-activity;sid:84330233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467125)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/siwevewedelo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467125/; classtype:trojan-activity;sid:84330225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467126)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/fedex_air_waybill_form.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467126/; classtype:trojan-activity;sid:84330226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467127)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d567d1b9-5a9f-4b97-a387-65a7c02f8ff4/downloads/barapinawowaja.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467127/; classtype:trojan-activity;sid:84330227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467114)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/44443741873.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467114/; classtype:trojan-activity;sid:84330214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467115)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/ravibopegaxipodek.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467115/; classtype:trojan-activity;sid:84330215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467116)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/haojue_chopper_road_150_manual.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467116/; classtype:trojan-activity;sid:84330216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467117)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/23c146af-6c5b-426f-944d-9bf55106e4d8/downloads/de_quien_es_hija_elisa_salinas.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467117/; classtype:trojan-activity;sid:84330217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467118)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rewekawejujawidubekafebur.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467118/; classtype:trojan-activity;sid:84330218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467121)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3425f1f9-2741-4cdd-9a85-f51cd8a77838/downloads/pyidaungsu_font_keyboard_layout.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467121/; classtype:trojan-activity;sid:84330221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467123)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/carte_du_voyage_d_ulysse.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467123/; classtype:trojan-activity;sid:84330223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467109)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f11cc6f-a645-4f71-bee4-e3848f35abf2/downloads/livro_domain_driven_design_portugues.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467109/; classtype:trojan-activity;sid:84330209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467110)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kulefenev.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467110/; classtype:trojan-activity;sid:84330210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467111)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/lobola_letter_example.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467111/; classtype:trojan-activity;sid:84330211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467108)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/acquisition_value_negative_in_area_01_aa617.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467108/; classtype:trojan-activity;sid:84330208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467101)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d8f5bd9b-2c75-4c1f-8d4d-84a7de1d3443/downloads/widavizuxorig.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467101/; classtype:trojan-activity;sid:84330201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467102)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/chris_mccandless_travel_route.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467102/; classtype:trojan-activity;sid:84330202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467103)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/17ef1a7d-be6f-43bc-ac3a-a9c4fb65005e/downloads/powejavatunepoxaj.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467103/; classtype:trojan-activity;sid:84330203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467106)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/937a3a5d-28a9-4a6d-983b-63f9d4fe1460/downloads/90328489234.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467106/; classtype:trojan-activity;sid:84330206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467098)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0319bbe-78e1-4446-90fc-2b4b4cc85a3e/downloads/wurowujezodabod.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467098/; classtype:trojan-activity;sid:84330198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467099)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pubobagawu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467099/; classtype:trojan-activity;sid:84330199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467100)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/forest_fire_causes_and_effects.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467100/; classtype:trojan-activity;sid:84330200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467086)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6b07c7a9-24ea-41b4-835a-7daa4871c250/downloads/16_personality_factors_by_cattell.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467086/; classtype:trojan-activity;sid:84330186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467087)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/725aea16-586d-4b26-8216-cd50b4981a76/downloads/wiley_organic_chemistry_solutions_manual.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467087/; classtype:trojan-activity;sid:84330187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467088)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2224247e-29ce-4f8d-b838-abfcbdf269c0/downloads/psicoweb_respuestas_2019.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467088/; classtype:trojan-activity;sid:84330188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467091)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8e32f5a5-6a1a-4ade-b57e-fa54871724ef/downloads/2040244551.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467091/; classtype:trojan-activity;sid:84330191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467092)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/koxisiranarigavod.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467092/; classtype:trojan-activity;sid:84330192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467093)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59d4bc6c-1e33-45d9-a430-f89e52f3f795/downloads/subazituwa.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467093/; classtype:trojan-activity;sid:84330193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467094)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6f72d87-e560-495a-a5bd-684e976b53e4/downloads/lettre_promesse_dembauche.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467094/; classtype:trojan-activity;sid:84330194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467080)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/971e893d-d96e-4c35-b8d0-897850ea3ce6/downloads/ice_quarterly_development_report_example.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467080/; classtype:trojan-activity;sid:84330180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467081)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/testigos_tablero_foton.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467081/; classtype:trojan-activity;sid:84330181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467082)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/how_to_get_gst_invoice_for_amazon_purchase.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467082/; classtype:trojan-activity;sid:84330182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467083)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8df58291-e0db-425a-9cda-a9882386ada6/downloads/24365322622.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467083/; classtype:trojan-activity;sid:84330183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467085)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4831e354-44dc-4759-9d14-0dd6cfda589f/downloads/91284214985.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467085/; classtype:trojan-activity;sid:84330185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467078)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c5dd25fc-7740-402b-aa70-862b15f3342c/downloads/8958005659.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467078/; classtype:trojan-activity;sid:84330178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467079)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/wewofolivofometu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467079/; classtype:trojan-activity;sid:84330179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467072)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9e5b6b40-f934-4273-a65f-cbaee9aa4b00/downloads/9665669589.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467072/; classtype:trojan-activity;sid:84330172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467073)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/konibaxixim.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467073/; classtype:trojan-activity;sid:84330173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467074)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/20a6346a-1701-43f8-be7d-6426912a09c2/downloads/self_introduction_during_interview_example.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467074/; classtype:trojan-activity;sid:84330174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467075)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ff494cbe-9d2a-4ae4-802e-f50cfad48f0a/downloads/74334894285.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467075/; classtype:trojan-activity;sid:84330175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467077)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/55534301355.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467077/; classtype:trojan-activity;sid:84330177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467065)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/tevolutirasuvujivol.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467065/; classtype:trojan-activity;sid:84330165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467066)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3f5ecf8d-ba74-430f-ac11-9eb6ace92d02/downloads/73100246338.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467066/; classtype:trojan-activity;sid:84330166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467067)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6f72d87-e560-495a-a5bd-684e976b53e4/downloads/earth_making_of_a_planet_national_geographic_worksheet.pdf"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467067/; classtype:trojan-activity;sid:84330167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467068)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/exercice_vitesse_6eme_physique.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467068/; classtype:trojan-activity;sid:84330168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467069)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rapport_de_stage_3eme_agence_immobiliere.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467069/; classtype:trojan-activity;sid:84330169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467070)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/bisebinalujivefiwugagabu.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467070/; classtype:trojan-activity;sid:84330170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467064)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/miludafat.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467064/; classtype:trojan-activity;sid:84330164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467061)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ea6e6a77-ad86-47ad-bec1-a500695628d4/downloads/66906319004.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467061/; classtype:trojan-activity;sid:84330161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467062)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b77102f9-1066-4a92-8a14-af011902d081/downloads/75162502331.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467062/; classtype:trojan-activity;sid:84330162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467063)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/mapisirukuw.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467063/; classtype:trojan-activity;sid:84330163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467058)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/guzupuzuradadutov.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467058/; classtype:trojan-activity;sid:84330158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467059)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/081e0348-3bf0-4a3e-a723-749adc1aa630/downloads/teks_ratib_al_attas.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467059/; classtype:trojan-activity;sid:84330159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467060)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d07e2353-3643-42fe-ba11-ffa772b1a28d/downloads/49693757117.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467060/; classtype:trojan-activity;sid:84330160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467050)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800cff82-04ba-4c47-9f8b-d21367acb04d/downloads/sabre_red_workspace_commands.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467050/; classtype:trojan-activity;sid:84330150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467051)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6702c9de-d943-4d22-b78e-7985c91f7713/downloads/84525111813.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467051/; classtype:trojan-activity;sid:84330151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467052)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/26bbb7e6-2f83-462e-b1a0-c9b7b5a50d38/downloads/training_needs_assessment_questionnaire_for_sales.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467052/; classtype:trojan-activity;sid:84330152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467053)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/najovozulubameto.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467053/; classtype:trojan-activity;sid:84330153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467054)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/225bb15f-2915-4639-a3a1-bcedb142b1ef/downloads/letter_format_for_reply_to_show_cause_notice.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467054/; classtype:trojan-activity;sid:84330154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467055)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c718f9e1-28ba-4c02-b434-4456f7af09a8/downloads/masizaz.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467055/; classtype:trojan-activity;sid:84330155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467049)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/51274200809.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467049/; classtype:trojan-activity;sid:84330149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467044)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/rolinejagogid.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467044/; classtype:trojan-activity;sid:84330144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467042)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/buxam.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467042/; classtype:trojan-activity;sid:84330142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467032)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6be9a470-c465-4776-ab76-53713c51537a/downloads/nokura.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467032/; classtype:trojan-activity;sid:84330132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467033)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/69da2f53-c229-4dc7-a889-7b67b52b1a78/downloads/nokejafowikazuvojoj.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467033/; classtype:trojan-activity;sid:84330133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467035)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e43067a0-6374-4a70-a00d-00ee3b01ce8d/downloads/93917384180.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467035/; classtype:trojan-activity;sid:84330135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467037)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0336533-680f-4ead-a55e-7e292796b70a/downloads/veteluruxoge.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467037/; classtype:trojan-activity;sid:84330137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467024)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/sirijega.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467024/; classtype:trojan-activity;sid:84330124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467025)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5c2804a6-aa9c-48a0-92fa-b4e2830d3e94/downloads/ladakh_tourist_map.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467025/; classtype:trojan-activity;sid:84330125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467027)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cc5e3c0a-70ce-48cf-a48d-87f83c6b3256/downloads/major_problems_in_african_american_history.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467027/; classtype:trojan-activity;sid:84330127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467029)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d38d43db-37ad-45ec-b237-63ac8c84a196/downloads/latovin.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467029/; classtype:trojan-activity;sid:84330129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467018)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c10f3982-2d8c-41ef-9c88-95b9c7e0984b/downloads/exagrid_admin_guide.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467018/; classtype:trojan-activity;sid:84330118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467019)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/2880955338.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467019/; classtype:trojan-activity;sid:84330119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467020)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f4350e3-635b-45ba-b69f-b1a7e95f309e/downloads/24638138520.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467020/; classtype:trojan-activity;sid:84330120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467022)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/54349718441.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467022/; classtype:trojan-activity;sid:84330122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467023)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/satyanarayan_puja_vidhi_in_sanskrit.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467023/; classtype:trojan-activity;sid:84330123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467016)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/sample_letter_to_be_excused_from_jury_service.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467016/; classtype:trojan-activity;sid:84330116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467011)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cf660a09-f805-468d-bb57-fa3593615f41/downloads/vumemaxexepemetesa.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467011/; classtype:trojan-activity;sid:84330111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467012)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/93a7eb93-9eef-4244-8f20-7f48de1f8294/downloads/95493308607.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467012/; classtype:trojan-activity;sid:84330112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467013)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/91589198920.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467013/; classtype:trojan-activity;sid:84330113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467014)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/learn_korean_language_in_30_days.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467014/; classtype:trojan-activity;sid:84330114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467015)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/right_to_information_act_application_form_malayalam.pdf"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467015/; classtype:trojan-activity;sid:84330115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467006)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zesowafasunufezef.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467006/; classtype:trojan-activity;sid:84330106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467008)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8e46fb0c-8d21-4b8c-82fc-88315c96ddde/downloads/bevurusip.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467008/; classtype:trojan-activity;sid:84330108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467002)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09d72da9-ee58-43de-9ce0-8696fa874a10/downloads/zanozibiwakixubunifelok.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467002/; classtype:trojan-activity;sid:84330102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467003)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5d8bfe2e-b91e-431f-9bdc-3f0ea97e388e/downloads/hbc_radiomatic_fse_727_manual.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467003/; classtype:trojan-activity;sid:84330103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466999)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e4335d81-d2e5-4638-9638-30640b1be91f/downloads/sofipidegib.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466999/; classtype:trojan-activity;sid:84330099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467000)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/54040f30-acd4-4a4c-a314-5c4c261b537d/downloads/printable_foods_high_in_uric_acid_chart.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467000/; classtype:trojan-activity;sid:84330100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466992)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/15318963311.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466992/; classtype:trojan-activity;sid:84330092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466993)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0f7f4ed-2d7c-4134-aa94-503b1eb6600b/downloads/pagulabomezex.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466993/; classtype:trojan-activity;sid:84330093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466996)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/katisugenifikipevas.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466996/; classtype:trojan-activity;sid:84330096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466997)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/xowawetavudazinomo.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466997/; classtype:trojan-activity;sid:84330097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466985)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7662afb9-5d02-4eb9-bd3b-6426a66215ee/downloads/2312138967.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466985/; classtype:trojan-activity;sid:84330085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466986)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/evaluation_geographie_6eme_habiter_une_metropole.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466986/; classtype:trojan-activity;sid:84330086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466987)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9441f8ad-6e79-4d4a-9602-3585b1269b7e/downloads/kobumedigudopixemevuwef.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466987/; classtype:trojan-activity;sid:84330087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466989)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8fc62093-f93e-447d-8e21-b1e235f4d9cc/downloads/vadigoxevujo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466989/; classtype:trojan-activity;sid:84330089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466991)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/64414313920.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466991/; classtype:trojan-activity;sid:84330091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466979)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/mizoxuloniwi.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466979/; classtype:trojan-activity;sid:84330079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466984)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/66244318284.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466984/; classtype:trojan-activity;sid:84330084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466971)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6cdacb6d-7fbf-4d09-a986-56cdfa4edeb2/downloads/15247939327.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466971/; classtype:trojan-activity;sid:84330071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466972)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/example_of_a_lobola_letter_in_zulu.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466972/; classtype:trojan-activity;sid:84330072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466973)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ea25ddad-ebb0-4880-b714-a3f2cdadcbd9/downloads/notas_de_dinheiro_para_imprimir.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466973/; classtype:trojan-activity;sid:84330073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466975)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/606585da-2917-4da6-a9df-810ae6e7fbc1/downloads/asme_sec_8_div_1_appendix_8.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466975/; classtype:trojan-activity;sid:84330075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466976)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/segaxifalawanevake.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466976/; classtype:trojan-activity;sid:84330076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466968)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/3d_converter_for_autodesk_navisworks.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466968/; classtype:trojan-activity;sid:84330068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466969)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2c827e54-9a2c-449a-9d97-e20f9555c87a/downloads/pearson_iit_foundation_class_9_maths.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466969/; classtype:trojan-activity;sid:84330069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466970)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d2c6212-591e-450b-b673-947709e569a9/downloads/jidikegegudafipi.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466970/; classtype:trojan-activity;sid:84330070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466966)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62bebe3a-24c2-4a56-9b26-65d7a4a8233d/downloads/gupira.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466966/; classtype:trojan-activity;sid:84330066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466958)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/79599984772.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466958/; classtype:trojan-activity;sid:84330058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466957)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/actaris_meter_manual.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466957/; classtype:trojan-activity;sid:84330057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466946)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/passaic_county_technical_institute_salary_guide.pdf"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466946/; classtype:trojan-activity;sid:84330046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466950)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0c2227e9-a807-4022-9307-9c68c8629142/downloads/59021495355.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466950/; classtype:trojan-activity;sid:84330050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466951)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3abea8f6-1776-4586-b4e6-47b414d29e30/downloads/mozosadoboligemuwisuwet.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466951/; classtype:trojan-activity;sid:84330051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466952)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/malaysia_company_employee_handbook.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466952/; classtype:trojan-activity;sid:84330052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466937)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/988c0021-e131-496b-8725-ae310052894b/downloads/berakigevep.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466937/; classtype:trojan-activity;sid:84330037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466938)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0325f5e-ab4f-48af-8631-8757a310624e/downloads/87631223928.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466938/; classtype:trojan-activity;sid:84330038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466941)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/majisumilorenanevivo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466941/; classtype:trojan-activity;sid:84330041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466944)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/risukepidupapa.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466944/; classtype:trojan-activity;sid:84330044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466933)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c272bee0-a4e4-45f4-a8ce-0b066973e0cb/downloads/gateman_wk_20_english_manual.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466933/; classtype:trojan-activity;sid:84330033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466934)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/koxid.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466934/; classtype:trojan-activity;sid:84330034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466935)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/sasufazovosonufowam.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466935/; classtype:trojan-activity;sid:84330035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466929)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/6554737977.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466929/; classtype:trojan-activity;sid:84330029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466931)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4b7c63a1-8c4d-413e-83dc-2db6954011c6/downloads/42942412664.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466931/; classtype:trojan-activity;sid:84330031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466928)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/43589756342.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466928/; classtype:trojan-activity;sid:84330028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466923)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/juporuko.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466923/; classtype:trojan-activity;sid:84330023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466924)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1d231bc1-15b8-4d3d-b451-c05909392126/downloads/71014366481.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466924/; classtype:trojan-activity;sid:84330024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466920)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/29389545569.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466920/; classtype:trojan-activity;sid:84330020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466915)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fbb7d95c-19ce-4e6b-832c-1ccce7746b31/downloads/jebagokapinezax.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466915/; classtype:trojan-activity;sid:84330015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466916)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cb46680e-64d4-4308-8a44-9926381d0750/downloads/85747587751.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466916/; classtype:trojan-activity;sid:84330016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466919)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/ending_a_lease_letter_to_landlord.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466919/; classtype:trojan-activity;sid:84330019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466909)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/possession_letter_format_from_builder.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466909/; classtype:trojan-activity;sid:84330009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466910)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/mopuma.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466910/; classtype:trojan-activity;sid:84330010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466911)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a618ca0f-2608-47c2-ab22-bbc2ca127bb7/downloads/saziva.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466911/; classtype:trojan-activity;sid:84330011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466912)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/229e00b6-6232-4273-bd27-55f919ca28b8/downloads/financas_corporativas_teoria_e_pratica.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466912/; classtype:trojan-activity;sid:84330012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466913)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/76c40511-888a-4b14-bb65-87429974a9ff/downloads/gemotukuwitawusagulobez.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466913/; classtype:trojan-activity;sid:84330013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466903)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/vupenamubow.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466903/; classtype:trojan-activity;sid:84330003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466904)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/10269055308.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466904/; classtype:trojan-activity;sid:84330004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466905)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ab86f22-a419-4e4f-91d4-5a654823f744/downloads/21711123451.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466905/; classtype:trojan-activity;sid:84330005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466900)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9e5b6b40-f934-4273-a65f-cbaee9aa4b00/downloads/14203617612.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466900/; classtype:trojan-activity;sid:84330000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466902)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e4ad6e04-69d1-4aa9-ba9f-c194e0ac5eef/downloads/lotavawofasopupe.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466902/; classtype:trojan-activity;sid:84330002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466898)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/mental_state_examination_checklist.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466898/; classtype:trojan-activity;sid:84329998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466893)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e5728c18-e5b3-4c69-bf59-a4be42aea8ac/downloads/22515332125.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466893/; classtype:trojan-activity;sid:84329993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466894)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/metso_neles_positioner_manual.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466894/; classtype:trojan-activity;sid:84329994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466895)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/9840498620.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466895/; classtype:trojan-activity;sid:84329995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466897)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3fffd8a4-4d1d-42f8-a3e8-f124f6724c06/downloads/kejawisenukasi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466897/; classtype:trojan-activity;sid:84329997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466885)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/72065953692.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466885/; classtype:trojan-activity;sid:84329985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466890)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1ecb10a4-49e9-4fe5-a6bc-f0f227949dd2/downloads/60627448414.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466890/; classtype:trojan-activity;sid:84329990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466881)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/ramevedasap.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466881/; classtype:trojan-activity;sid:84329981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466882)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fbb7d95c-19ce-4e6b-832c-1ccce7746b31/downloads/67882203250.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466882/; classtype:trojan-activity;sid:84329982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466877)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/df312c7d-f650-4c0e-a98f-02aee1a43694/downloads/77125885812.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466877/; classtype:trojan-activity;sid:84329977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466864)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37e9011-77af-43eb-9e7b-dd6853450512/downloads/27721436213.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466864/; classtype:trojan-activity;sid:84329964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466866)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6abf7f7e-d12c-48f3-aa9a-703f4ccff8d7/downloads/81403469667.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466866/; classtype:trojan-activity;sid:84329966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466869)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zikirifusotuxusomel.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466869/; classtype:trojan-activity;sid:84329969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466870)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/antibiotic_sensitivity_chart_sanford_guide.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466870/; classtype:trojan-activity;sid:84329970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466872)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c8a6489-894f-4446-8722-19ef31b6a173/downloads/26803015720.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466872/; classtype:trojan-activity;sid:84329972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466873)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4d2b55bf-cda3-4071-bf2e-8c27282b789f/downloads/chambre_de_tirage_telecom.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466873/; classtype:trojan-activity;sid:84329973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466875)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/48283c5b-b198-4860-9bf9-7f30a2f8146b/downloads/10387443769.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466875/; classtype:trojan-activity;sid:84329975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466876)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zasuporuxumuza.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466876/; classtype:trojan-activity;sid:84329976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466861)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d0a6e54-c95b-4e67-871e-882f39f9c203/downloads/77235011630.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466861/; classtype:trojan-activity;sid:84329961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466863)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/luvuges.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466863/; classtype:trojan-activity;sid:84329963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466858)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tovidesukowoxam.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466858/; classtype:trojan-activity;sid:84329958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466859)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a5a93100-d349-4291-8bce-18547efeb268/downloads/14773335318.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466859/; classtype:trojan-activity;sid:84329959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466845)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62bebe3a-24c2-4a56-9b26-65d7a4a8233d/downloads/xijawef.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466845/; classtype:trojan-activity;sid:84329945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466846)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a6301bc9-fbf1-4861-936b-8ce401d46d09/downloads/non_renewal_of_contract_letter_sample.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466846/; classtype:trojan-activity;sid:84329946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466847)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98fd26ea-5c50-4ebf-945e-7ed158ebe1b6/downloads/75925905792.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466847/; classtype:trojan-activity;sid:84329947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466848)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/561eb1da-cbac-4811-84b8-e841d63e56cb/downloads/fomogivazugararux.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466848/; classtype:trojan-activity;sid:84329948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466849)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3ccd9234-721c-480b-91a1-84bae34c2069/downloads/votudomafuze.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466849/; classtype:trojan-activity;sid:84329949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466851)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ed3e7e73-6deb-4ec1-95e4-868a6659fe93/downloads/manning_guide_hotel_sample.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466851/; classtype:trojan-activity;sid:84329951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466852)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/45596981954.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466852/; classtype:trojan-activity;sid:84329952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466853)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/tilovapexof.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466853/; classtype:trojan-activity;sid:84329953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466838)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/najufijirubedejalu.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466838/; classtype:trojan-activity;sid:84329938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466839)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/ludejawirusoxodofe.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466839/; classtype:trojan-activity;sid:84329939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466843)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/4959938645.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466843/; classtype:trojan-activity;sid:84329943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466832)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/52e9408f-c536-4a35-bd81-6078a5dce549/downloads/98085965001.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466832/; classtype:trojan-activity;sid:84329932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466833)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/dasuxugolod.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466833/; classtype:trojan-activity;sid:84329933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466827)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/804274b4-5f10-4c26-9de6-df56f38aac7c/downloads/attestation_de_non_affiliation_cnas_algerie.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466827/; classtype:trojan-activity;sid:84329927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466828)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72502959-bd3f-431c-9582-055fb0eb9e9d/downloads/vw_gehaltstabelle_2022.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466828/; classtype:trojan-activity;sid:84329928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466830)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nidugapageru.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466830/; classtype:trojan-activity;sid:84329930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466831)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f6f33080-7dde-4e51-88ef-59c9fd931fca/downloads/latoletevuwogerovug.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466831/; classtype:trojan-activity;sid:84329931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466818)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/40119004199.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466818/; classtype:trojan-activity;sid:84329918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466822)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d128fcda-7fcc-4d89-85b3-e79c54d4414e/downloads/talivejo.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466822/; classtype:trojan-activity;sid:84329922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466824)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/ansul_piranha_system_installation_manual.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466824/; classtype:trojan-activity;sid:84329924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466813)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/scada_system_architecture.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466813/; classtype:trojan-activity;sid:84329913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466814)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/63541235931.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466814/; classtype:trojan-activity;sid:84329914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466802)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/gaylord_texan_hotel_map.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466802/; classtype:trojan-activity;sid:84329902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466803)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/laxokuzigurebudisinatonu.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466803/; classtype:trojan-activity;sid:84329903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466805)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09d72da9-ee58-43de-9ce0-8696fa874a10/downloads/kojutaz.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466805/; classtype:trojan-activity;sid:84329905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466808)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/civil_engineer_experience_certificate_word_format.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466808/; classtype:trojan-activity;sid:84329908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466799)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/55d28ff0-9d0b-42b4-8190-887f90038148/downloads/gimisomogaro.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466799/; classtype:trojan-activity;sid:84329899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466800)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/950f7924-fa6b-44be-bda3-22eaf526f43f/downloads/how_to_write_a_letter_to_society_for_car_parking.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466800/; classtype:trojan-activity;sid:84329900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466801)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/78dac1c1-e6f9-4066-ad39-7cbcdc39e651/downloads/93448099882.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466801/; classtype:trojan-activity;sid:84329901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466794)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/payment_under_protest_letter_sample.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466794/; classtype:trojan-activity;sid:84329894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466797)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/43447829480.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466797/; classtype:trojan-activity;sid:84329897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466798)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/97374790135.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466798/; classtype:trojan-activity;sid:84329898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466788)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/71423402684.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466788/; classtype:trojan-activity;sid:84329888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466790)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5c9ed0ab-abf7-4895-9a79-d81e87aed60a/downloads/nezumizegorazulamalit.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466790/; classtype:trojan-activity;sid:84329890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466791)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a4c519f1-5301-485e-9e9c-56d1397df289/downloads/79371210580.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466791/; classtype:trojan-activity;sid:84329891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466792)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kekososiwixokaz.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466792/; classtype:trojan-activity;sid:84329892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466778)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/14889765830.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466778/; classtype:trojan-activity;sid:84329878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466779)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rikisiwudepelapopazi.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466779/; classtype:trojan-activity;sid:84329879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466781)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/boriwivamafegujiser.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466781/; classtype:trojan-activity;sid:84329881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466782)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/seaworld_donation_request_orlando.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466782/; classtype:trojan-activity;sid:84329882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466786)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/schumacher_battery_charger_parts_se-4022.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466786/; classtype:trojan-activity;sid:84329886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466787)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d83328cf-50de-409a-9bf6-de7a48f66ed6/downloads/40650293844.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466787/; classtype:trojan-activity;sid:84329887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466777)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/ap_cm_relief_fund_application_process.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466777/; classtype:trojan-activity;sid:84329877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466768)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/narigokukeminozitema.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466768/; classtype:trojan-activity;sid:84329868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466770)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/32231114245.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466770/; classtype:trojan-activity;sid:84329870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466771)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fa0b65d5-8cfc-4875-922a-b490488b42be/downloads/schmersal_de-_42279_datasheet.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466771/; classtype:trojan-activity;sid:84329871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466772)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/checklist_format_for_housekeeping_in_hospital.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466772/; classtype:trojan-activity;sid:84329872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466773)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/91812224211.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466773/; classtype:trojan-activity;sid:84329873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466774)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/rizepigarebovubugebo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466774/; classtype:trojan-activity;sid:84329874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466775)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/kawopixar.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466775/; classtype:trojan-activity;sid:84329875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466767)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/58311665155.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466767/; classtype:trojan-activity;sid:84329867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466763)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0325f5e-ab4f-48af-8631-8757a310624e/downloads/93503353547.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466763/; classtype:trojan-activity;sid:84329863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466764)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6974f1eb-71bf-4f90-8572-d8ac4e4f765d/downloads/wazakovefonetak.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466764/; classtype:trojan-activity;sid:84329864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466758)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9978fe41-dbcb-4b88-8a80-a839de3f86b5/downloads/42576721881.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466758/; classtype:trojan-activity;sid:84329858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466759)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/73769466656.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466759/; classtype:trojan-activity;sid:84329859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466761)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/suvuraxelikubok.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466761/; classtype:trojan-activity;sid:84329861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466762)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3e09336e-0817-489c-96db-d43d5fd51fc4/downloads/i9_birth_certificate_example.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466762/; classtype:trojan-activity;sid:84329862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466750)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/stromer_st1_owners_manual.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466750/; classtype:trojan-activity;sid:84329850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466753)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/7215421885.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466753/; classtype:trojan-activity;sid:84329853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466754)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/37979647215.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466754/; classtype:trojan-activity;sid:84329854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466755)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af0be9d0-b995-4f2a-8f66-25f04f50db42/downloads/tejovejujepotobafoba.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466755/; classtype:trojan-activity;sid:84329855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466756)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/43947647531.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466756/; classtype:trojan-activity;sid:84329856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466747)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/97640682614.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466747/; classtype:trojan-activity;sid:84329847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466748)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2ec5b631-127b-4a5e-84ff-7de19674a208/downloads/daxukipavibipukoj.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466748/; classtype:trojan-activity;sid:84329848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466740)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/66a9f463-0ae0-4403-bef2-3061bb9e36ef/downloads/rate_list_of_test_in_dr.lal_pathlabs.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466740/; classtype:trojan-activity;sid:84329840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466742)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c8939508-8a93-4f90-8b11-ddca3342e83a/downloads/4803379677.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466742/; classtype:trojan-activity;sid:84329842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466745)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/taski_procarpet_45_manual.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466745/; classtype:trojan-activity;sid:84329845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466738)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/gomik.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466738/; classtype:trojan-activity;sid:84329838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466736)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ef27ce0e-c911-4d37-baad-bea065e796b8/downloads/kirekafusofo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466736/; classtype:trojan-activity;sid:84329836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466732)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/wiremabodopigotaf.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466732/; classtype:trojan-activity;sid:84329832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466733)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/67856105857.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466733/; classtype:trojan-activity;sid:84329833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466734)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af0be9d0-b995-4f2a-8f66-25f04f50db42/downloads/rubetugetafapojopodibom.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466734/; classtype:trojan-activity;sid:84329834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466724)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/3048437595.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466724/; classtype:trojan-activity;sid:84329824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466726)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cc370600-8080-4216-8e6c-52a7f34eeccf/downloads/iso_weld_symbols_chart.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466726/; classtype:trojan-activity;sid:84329826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466728)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/47b969d8-0664-43a5-a1cb-4ec8411e9eef/downloads/powerflex_755_user_manual_espanol.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466728/; classtype:trojan-activity;sid:84329828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466729)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7539d3e4-198a-4c91-addc-38e6066bfe55/downloads/2305786492.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466729/; classtype:trojan-activity;sid:84329829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466730)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/kangwon_land_inc_annual_report.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466730/; classtype:trojan-activity;sid:84329830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466731)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c0bdcf4-6f9c-40c3-8219-8cbbbcfb4026/downloads/wanigukanewalew.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466731/; classtype:trojan-activity;sid:84329831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466715)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/watiwime.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466715/; classtype:trojan-activity;sid:84329815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466716)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/638993752.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466716/; classtype:trojan-activity;sid:84329816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466717)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/milagetuxinofu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466717/; classtype:trojan-activity;sid:84329817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466719)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7eafcf9d-33bd-4fd4-8489-654d240ab2f3/downloads/51295545026.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466719/; classtype:trojan-activity;sid:84329819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466720)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/xezumiriruko.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466720/; classtype:trojan-activity;sid:84329820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466721)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/cleavage_front_row_amy_measurements.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466721/; classtype:trojan-activity;sid:84329821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466708)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/diamond_sieve_chart.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466708/; classtype:trojan-activity;sid:84329808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466710)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09b152c4-bf66-44a7-8224-2992cea3ed0a/downloads/sample_indian_renunciation_form.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466710/; classtype:trojan-activity;sid:84329810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466711)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/pelebesepasirokirefukew.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466711/; classtype:trojan-activity;sid:84329811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466712)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/455fd801-8453-4cfe-b6ee-1af9e2a627f6/downloads/7558215776.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466712/; classtype:trojan-activity;sid:84329812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466713)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e262bb3c-3205-4bb6-954b-f565479d59e0/downloads/50787175728.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466713/; classtype:trojan-activity;sid:84329813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466706)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/rotem_sigma_user_manual.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466706/; classtype:trojan-activity;sid:84329806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466705)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/lista_de_verbos_em_italiano.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466705/; classtype:trojan-activity;sid:84329805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466702)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a580c741-29a0-435a-a011-6aa538a5edae/downloads/25870917787.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466702/; classtype:trojan-activity;sid:84329802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466694)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/siwetofulugo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466694/; classtype:trojan-activity;sid:84329794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466695)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0739216d-b619-42bb-83b4-7432b4331862/downloads/26798739628.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466695/; classtype:trojan-activity;sid:84329795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466696)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/23513409250.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466696/; classtype:trojan-activity;sid:84329796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466697)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/the_long_dark_crumbling_highway_map.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466697/; classtype:trojan-activity;sid:84329797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466698)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2eabcd0a-1fbf-48aa-8399-71392232a891/downloads/92332863676.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466698/; classtype:trojan-activity;sid:84329798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466682)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c633c3b-7c73-43a9-a161-0e7459f617b4/downloads/popajuzokovuluboz.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466682/; classtype:trojan-activity;sid:84329782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466684)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4b7c63a1-8c4d-413e-83dc-2db6954011c6/downloads/6759358871.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466684/; classtype:trojan-activity;sid:84329784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466686)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41809607-5bd4-4a52-8a62-530dfb6fcdd7/downloads/gelumoxosudasikaxo.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466686/; classtype:trojan-activity;sid:84329786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466687)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cb46680e-64d4-4308-8a44-9926381d0750/downloads/47722224691.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466687/; classtype:trojan-activity;sid:84329787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466689)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/57326063662.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466689/; classtype:trojan-activity;sid:84329789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466690)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8aa13dbf-c0c5-4fe7-ae15-62e5c33a20e4/downloads/hewlett-packard_18e7_motherboard_specs.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466690/; classtype:trojan-activity;sid:84329790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466691)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/porebejotenojudud.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466691/; classtype:trojan-activity;sid:84329791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466681)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72502959-bd3f-431c-9582-055fb0eb9e9d/downloads/duff_and_phelps_size_premium_2022.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466681/; classtype:trojan-activity;sid:84329781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466674)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pass_the_pigs_scoring_sheet.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466674/; classtype:trojan-activity;sid:84329774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466679)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ae40ccb-f0fa-4b6b-bfcc-06032a30498c/downloads/logical_thinking_worksheets_for_kindergarten.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466679/; classtype:trojan-activity;sid:84329779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466670)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cb46680e-64d4-4308-8a44-9926381d0750/downloads/151743582.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466670/; classtype:trojan-activity;sid:84329770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466671)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/13792310994.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466671/; classtype:trojan-activity;sid:84329771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466666)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/cessna_172_instrument_panel_layout.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466666/; classtype:trojan-activity;sid:84329766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466667)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/24459864622.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466667/; classtype:trojan-activity;sid:84329767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466658)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c0bdcf4-6f9c-40c3-8219-8cbbbcfb4026/downloads/10451479360.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466658/; classtype:trojan-activity;sid:84329758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466659)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/sap_fico_cutover_activities.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466659/; classtype:trojan-activity;sid:84329759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466662)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/98444125074.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466662/; classtype:trojan-activity;sid:84329762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466663)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/686c0a2e-9a90-4936-9f96-7d72f3c65f03/downloads/54960661120.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466663/; classtype:trojan-activity;sid:84329763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466664)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c30937d-c8da-4e7b-9f7a-432344b46400/downloads/3262231356.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466664/; classtype:trojan-activity;sid:84329764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466648)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/livro_pesquisa_bibliografica.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466648/; classtype:trojan-activity;sid:84329748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466650)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/37ff6e83-e399-4f09-b7f3-13b9438039c2/downloads/54456550535.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466650/; classtype:trojan-activity;sid:84329750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466652)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41780010-2245-4f59-96ea-abe2bb04704f/downloads/request_letter_format_in_marathi_language.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466652/; classtype:trojan-activity;sid:84329752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466645)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5809a244-7d90-46f4-9de4-ee86dda3a2de/downloads/evaluation_emc_6eme_devenir_collegien.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466645/; classtype:trojan-activity;sid:84329745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466640)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dd809168-aa55-4437-9a0e-42447fbc16fd/downloads/22731947285.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466640/; classtype:trojan-activity;sid:84329740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466641)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41780010-2245-4f59-96ea-abe2bb04704f/downloads/hypothecation_cancellation_request_letter_format.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466641/; classtype:trojan-activity;sid:84329741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466642)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/182ae1b8-0b64-4790-be7b-698d5e8b3d57/downloads/gidatigexapufalumiwolagad.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466642/; classtype:trojan-activity;sid:84329742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466634)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/aocs_official_method_ce_1b_89.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466634/; classtype:trojan-activity;sid:84329734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466635)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pigogini.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466635/; classtype:trojan-activity;sid:84329735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466639)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ab158387-fd14-4136-be83-18d2feafd209/downloads/regonadafufosofujerijasur.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466639/; classtype:trojan-activity;sid:84329739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466625)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/xewegemodigu.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466625/; classtype:trojan-activity;sid:84329725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466626)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f9b61407-e9a0-4bfb-ac42-6ba811f07eed/downloads/daycare_reference_letter_template.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466626/; classtype:trojan-activity;sid:84329726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466629)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/displayport_1.4_spec.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466629/; classtype:trojan-activity;sid:84329729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466632)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a49e03e-1cf9-44ed-ac44-c378f90fa5f8/downloads/63521883486.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466632/; classtype:trojan-activity;sid:84329732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466633)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/262ea410-a887-458b-b5ec-65748ef01e57/downloads/75258476975.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466633/; classtype:trojan-activity;sid:84329733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466619)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9441f8ad-6e79-4d4a-9602-3585b1269b7e/downloads/dajagunowe.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466619/; classtype:trojan-activity;sid:84329719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466620)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/432a6cf0-f63b-4132-8b03-52615cd2c1c3/downloads/hypochondria_ielts_reading_answers.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466620/; classtype:trojan-activity;sid:84329720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466622)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/migolijidawononavez.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466622/; classtype:trojan-activity;sid:84329722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466623)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6286d8b4-6ffa-4d84-aeea-f2a9bc58a594/downloads/hotel_courtesy_call_template.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466623/; classtype:trojan-activity;sid:84329723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466617)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/48cf8ef6-fe89-47b6-9b8e-43119a3d3833/downloads/89759746182.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466617/; classtype:trojan-activity;sid:84329717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466613)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/poquito_mas_nutrition_facts.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466613/; classtype:trojan-activity;sid:84329713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466610)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9a32841c-0d54-4ad0-8acd-a5b15c41cae1/downloads/luxutevosevuke.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466610/; classtype:trojan-activity;sid:84329710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466611)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/vamiralu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466611/; classtype:trojan-activity;sid:84329711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466605)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/bonunorovekofa.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466605/; classtype:trojan-activity;sid:84329705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466606)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/36407415595.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466606/; classtype:trojan-activity;sid:84329706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466607)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/82707682561.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466607/; classtype:trojan-activity;sid:84329707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466608)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a0620227-6f33-427f-8ac7-1fb80d24bd78/downloads/loxabafefomukewizirefa.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466608/; classtype:trojan-activity;sid:84329708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466609)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/metric_bolt_specification_chart.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466609/; classtype:trojan-activity;sid:84329709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466597)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6875802-d83d-45fa-a01c-dd9f30c53739/downloads/22305465780.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466597/; classtype:trojan-activity;sid:84329697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466598)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/efeaa59e-2423-41d8-b482-9a37e80979c7/downloads/ge_disconnect_switch.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466598/; classtype:trojan-activity;sid:84329698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466600)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7518eff6-349e-4445-8380-e1c43aacea7b/downloads/gemudewefedevovep.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466600/; classtype:trojan-activity;sid:84329700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466601)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41809607-5bd4-4a52-8a62-530dfb6fcdd7/downloads/tugojokuru.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466601/; classtype:trojan-activity;sid:84329701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466602)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/hadoop_notes_by_durgasoft_ramakrishna.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466602/; classtype:trojan-activity;sid:84329702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466603)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/compassionate_leave_letter_examples.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466603/; classtype:trojan-activity;sid:84329703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466604)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2294c0f6-d737-4b16-8fca-94076227dda5/downloads/garrison_carbon_monoxide_and_gas_detector_manual.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466604/; classtype:trojan-activity;sid:84329704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466593)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/kuradorug.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466593/; classtype:trojan-activity;sid:84329693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466594)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7eafcf9d-33bd-4fd4-8489-654d240ab2f3/downloads/38053692779.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466594/; classtype:trojan-activity;sid:84329694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466595)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4240411-5b76-4ebe-95b9-c00242399cf6/downloads/26107131918.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466595/; classtype:trojan-activity;sid:84329695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466587)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tozivagal.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466587/; classtype:trojan-activity;sid:84329687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466591)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1b026e03-5af6-461d-a832-b5e23f93b19f/downloads/rojumedevunez.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466591/; classtype:trojan-activity;sid:84329691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466585)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nefusajoxepisajejod.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466585/; classtype:trojan-activity;sid:84329685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466581)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/tubewerapip.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466581/; classtype:trojan-activity;sid:84329681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466583)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/18645484853.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466583/; classtype:trojan-activity;sid:84329683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466584)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/50ab7773-f1d2-4be6-a8e2-1065b2477787/downloads/4850921377.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466584/; classtype:trojan-activity;sid:84329684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466567)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/basimonuje.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466567/; classtype:trojan-activity;sid:84329667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466568)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4490da21-0774-43c2-8f10-26fe1384ffab/downloads/convention_collective_ucanss_mutatio.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466568/; classtype:trojan-activity;sid:84329668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466569)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2f6bcf3c-4b23-42e7-95db-7e5e3070b630/downloads/29680644903.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466569/; classtype:trojan-activity;sid:84329669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466571)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e297ab99-26f3-4763-8aa9-4b5ba8336826/downloads/61556440139.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466571/; classtype:trojan-activity;sid:84329671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466572)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/93a7eb93-9eef-4244-8f20-7f48de1f8294/downloads/rikeleneliteta.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466572/; classtype:trojan-activity;sid:84329672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466559)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/dupibutemuxubezukexe.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466559/; classtype:trojan-activity;sid:84329659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466561)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/58f82e37-5723-4fc5-be87-1ca34da7fc9c/downloads/ladovarudugusujo.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466561/; classtype:trojan-activity;sid:84329661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466562)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/93623530863.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466562/; classtype:trojan-activity;sid:84329662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466563)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f4482b02-adbc-4511-a01d-8f5a32444a75/downloads/31982364803.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466563/; classtype:trojan-activity;sid:84329663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466564)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c29905cb-cab1-47d6-9263-d073f5bcab67/downloads/manually_update_officescan_server.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466564/; classtype:trojan-activity;sid:84329664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466565)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/meligofat.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466565/; classtype:trojan-activity;sid:84329665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466566)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pibajusapasadasizuvabo.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466566/; classtype:trojan-activity;sid:84329666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466552)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/vuguvukopipokimukunoju.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466552/; classtype:trojan-activity;sid:84329652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466553)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/vmware_horizon_not_loading.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466553/; classtype:trojan-activity;sid:84329653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466556)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/gekepozokenaxaketojakoj.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466556/; classtype:trojan-activity;sid:84329656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466557)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/xekinozu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466557/; classtype:trojan-activity;sid:84329657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466558)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/tanaber.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466558/; classtype:trojan-activity;sid:84329658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466546)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lokodemerukezabakexa.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466546/; classtype:trojan-activity;sid:84329646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466547)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/wijigezafububofelib.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466547/; classtype:trojan-activity;sid:84329647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466548)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1a64ed17-85a2-4cee-b266-878ed957a17a/downloads/wezixipusafa.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466548/; classtype:trojan-activity;sid:84329648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466551)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ed9a7df-8325-4b88-b206-4975011bd8d3/downloads/73303046927.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466551/; classtype:trojan-activity;sid:84329651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466544)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/vafibezesixura.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466544/; classtype:trojan-activity;sid:84329644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466542)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cdf9b72e-240a-4a41-ac28-e187be75db3e/downloads/10008295817.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466542/; classtype:trojan-activity;sid:84329642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466539)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/35017680871.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466539/; classtype:trojan-activity;sid:84329639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466534)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b5346c1d-c474-4a92-9b4c-cbf0eee37189/downloads/jamupipenimewuroveg.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466534/; classtype:trojan-activity;sid:84329634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466523)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/ritiwuga.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466523/; classtype:trojan-activity;sid:84329623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466524)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/697088a1-6c9a-496e-9a4d-922308cd97be/downloads/98558988287.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466524/; classtype:trojan-activity;sid:84329624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466525)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d8c405e-d09a-43e6-b2b9-f8bbfe0e4b05/downloads/japifitakudisudupuweb.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466525/; classtype:trojan-activity;sid:84329625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466527)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b7519557-5091-4de7-b104-8e86c3953c5d/downloads/66697702965.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466527/; classtype:trojan-activity;sid:84329627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466528)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4d8863b-da23-437d-86ed-df2351a23265/downloads/sazodaxorega.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466528/; classtype:trojan-activity;sid:84329628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466512)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/36655168913.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466512/; classtype:trojan-activity;sid:84329612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466513)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/wevularaboxurewugawe.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466513/; classtype:trojan-activity;sid:84329613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466514)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/rubizegelolulagexarunup.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466514/; classtype:trojan-activity;sid:84329614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466515)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c29905cb-cab1-47d6-9263-d073f5bcab67/downloads/pipe_fittings_surface_area_chart.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466515/; classtype:trojan-activity;sid:84329615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466517)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/ludirov.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466517/; classtype:trojan-activity;sid:84329617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466521)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/jedibam.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466521/; classtype:trojan-activity;sid:84329621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466522)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c2f5ec0b-52d8-40cb-8fa6-a66f6f891fa9/downloads/64630520522.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466522/; classtype:trojan-activity;sid:84329622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466506)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/19f0e93a-8f01-4f21-8964-dcc990dea571/downloads/honeywell_dc3002_manual.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466506/; classtype:trojan-activity;sid:84329606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466507)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/30963207670.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466507/; classtype:trojan-activity;sid:84329607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466508)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/963d457e-5dea-4a7e-aae8-47aada2a7cc0/downloads/36202936872.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466508/; classtype:trojan-activity;sid:84329608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466509)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/738cd3ca-10f0-4f1e-865e-c0932904fbb2/downloads/28412734415.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466509/; classtype:trojan-activity;sid:84329609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466510)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af067739-2dfe-40f3-ae00-a758e587d7d3/downloads/wepepuv.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466510/; classtype:trojan-activity;sid:84329610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466503)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/atpco_fare_filing_manual_s.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466503/; classtype:trojan-activity;sid:84329603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466504)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/gartner_magic_quadrant_ips.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466504/; classtype:trojan-activity;sid:84329604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466505)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2215a6c-0436-4d82-8033-c5d079398259/downloads/xawegifurixikinixi.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466505/; classtype:trojan-activity;sid:84329605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466501)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nolovafitavire.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466501/; classtype:trojan-activity;sid:84329601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466495)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f11cc6f-a645-4f71-bee4-e3848f35abf2/downloads/mojijodexiv.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466495/; classtype:trojan-activity;sid:84329595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466497)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/64114a94-94a3-4f5d-866a-beee254b955f/downloads/xipefodefanotare.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466497/; classtype:trojan-activity;sid:84329597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466498)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/gekulafemidafalijuw.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466498/; classtype:trojan-activity;sid:84329598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466489)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/types_of_lines_in_construction_drawings.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466489/; classtype:trojan-activity;sid:84329589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466490)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/psa_birth_certificate_authorization_letter.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466490/; classtype:trojan-activity;sid:84329590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466492)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/53202951-38c7-4c35-8280-6cefaf47915f/downloads/libububodanusakamarad.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466492/; classtype:trojan-activity;sid:84329592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466480)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/41202776349.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466480/; classtype:trojan-activity;sid:84329580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466481)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dc583f51-62de-45fb-b9c6-f152dd4c2594/downloads/combining_like_terms_pyramid_worksheet_answers.pdf"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466481/; classtype:trojan-activity;sid:84329581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466482)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1dc2c198-09f6-4966-96bb-2e160c7d78e2/downloads/55840145977.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466482/; classtype:trojan-activity;sid:84329582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466484)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/puzenesariwalez.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466484/; classtype:trojan-activity;sid:84329584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466485)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0eb552d-3ccf-4b3e-a340-0e3717106147/downloads/kalozarisi.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466485/; classtype:trojan-activity;sid:84329585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466486)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/wilikof.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466486/; classtype:trojan-activity;sid:84329586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466487)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/geruzirejexexani.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466487/; classtype:trojan-activity;sid:84329587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466476)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/de9d9f96-a289-4877-85d4-e6d2d4cc419c/downloads/minerva_t2000_manual.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466476/; classtype:trojan-activity;sid:84329576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466474)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/siemens_pcs_7_full_training_manual.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466474/; classtype:trojan-activity;sid:84329574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466472)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/sojawamiluredowad.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466472/; classtype:trojan-activity;sid:84329572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466462)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/add57eeb-0480-4d3e-871c-79d9b8fe2772/downloads/lozataroziwukurejigax.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466462/; classtype:trojan-activity;sid:84329562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466463)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/capacitor_bank_preventive_maintenance_checklist.pdf"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466463/; classtype:trojan-activity;sid:84329563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466464)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/jesafi.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466464/; classtype:trojan-activity;sid:84329564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466465)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/wofewipawo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466465/; classtype:trojan-activity;sid:84329565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466468)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/58423586845.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466468/; classtype:trojan-activity;sid:84329568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466469)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/89849145142.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466469/; classtype:trojan-activity;sid:84329569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466460)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c26a93a-50bb-4104-895b-059e3fc9a02c/downloads/zoxinigexozojadidara.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466460/; classtype:trojan-activity;sid:84329560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466454)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96b6a2f4-8317-413b-a7e3-44adb2eb81f5/downloads/demande_d_allocation_chomage_pole_emploi.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466454/; classtype:trojan-activity;sid:84329554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466459)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tutorialspoint_sap_pp.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466459/; classtype:trojan-activity;sid:84329559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466449)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/lafebokoz.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466449/; classtype:trojan-activity;sid:84329549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466450)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/advance_payment_request_letter_format_word.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466450/; classtype:trojan-activity;sid:84329550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466452)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a0c7596-8583-4967-abed-67d8d1ffd610/downloads/boilermaker_drawings_and_developments.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466452/; classtype:trojan-activity;sid:84329552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466453)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8532eb1d-13c2-4756-9d41-225750b056f4/downloads/litimuwabu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466453/; classtype:trojan-activity;sid:84329553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466444)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/telcordia_sr_332_issue_4.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466444/; classtype:trojan-activity;sid:84329544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466445)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/stopaq_application_manual_2018.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466445/; classtype:trojan-activity;sid:84329545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466447)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3daad7b2-98c5-4dc1-b37a-5570afcba267/downloads/40472163846.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466447/; classtype:trojan-activity;sid:84329547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466439)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/89247847196.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466439/; classtype:trojan-activity;sid:84329539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466440)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/72993487295.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466440/; classtype:trojan-activity;sid:84329540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466441)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/de9155fa-7173-4766-94c3-9e400d4aed58/downloads/def_stan_91-91.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466441/; classtype:trojan-activity;sid:84329541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466443)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/42d6a3b4-bbc0-47ab-bf86-c3ddb806b2ed/downloads/rafadaduveputev.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466443/; classtype:trojan-activity;sid:84329543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466429)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3924d65b-e08d-4f21-8d71-a0b15eb654bb/downloads/63720952596.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466429/; classtype:trojan-activity;sid:84329529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466417)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/woleb.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466417/; classtype:trojan-activity;sid:84329517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466418)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/dururotilonid.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466418/; classtype:trojan-activity;sid:84329518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466419)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/150_dialogues_en_francais.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466419/; classtype:trojan-activity;sid:84329519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466420)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/88031585580.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466420/; classtype:trojan-activity;sid:84329520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466423)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/dollar_general_cbl_answers_robbery_prevention.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466423/; classtype:trojan-activity;sid:84329523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466424)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4e8158-a082-4b1f-960e-1d82a946a72b/downloads/76239393989.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466424/; classtype:trojan-activity;sid:84329524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466414)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51c1105d-a687-468d-b1aa-293ca9578a34/downloads/giwuroganapedokozijave.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466414/; classtype:trojan-activity;sid:84329514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466406)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/50e5aae7-a15c-4d74-a4ed-a8edfca980c4/downloads/atividades_adaptadas_de_ingles_para_deficientes_intelectuais.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466406/; classtype:trojan-activity;sid:84329506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466407)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/697088a1-6c9a-496e-9a4d-922308cd97be/downloads/24465842333.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466407/; classtype:trojan-activity;sid:84329507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466409)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2d664301-7b5e-474d-97a1-1305c7ece601/downloads/35905190672.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466409/; classtype:trojan-activity;sid:84329509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466410)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/12922543008.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466410/; classtype:trojan-activity;sid:84329510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466412)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/804274b4-5f10-4c26-9de6-df56f38aac7c/downloads/20643132370.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466412/; classtype:trojan-activity;sid:84329512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466413)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/95435099570.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466413/; classtype:trojan-activity;sid:84329513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466401)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2bb4e8cb-ec7e-44c1-a645-d94d4534f3a4/downloads/far_from_you_tess_sharpe.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466401/; classtype:trojan-activity;sid:84329501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466403)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/87076889980.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466403/; classtype:trojan-activity;sid:84329503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466396)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/40331451843.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466396/; classtype:trojan-activity;sid:84329496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466397)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/71d9f42f-0bad-4406-8a48-95c698e57e68/downloads/sumitomo_f50_compressor_manual.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466397/; classtype:trojan-activity;sid:84329497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466398)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tusosexukitut.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466398/; classtype:trojan-activity;sid:84329498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466387)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/chambre_de_tirage_telecom.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466387/; classtype:trojan-activity;sid:84329487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466389)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d45c0d9d-8581-471d-bee0-51d1b9891f05/downloads/nisisot.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466389/; classtype:trojan-activity;sid:84329489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466390)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tojabuka.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466390/; classtype:trojan-activity;sid:84329490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466391)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/16219919996.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466391/; classtype:trojan-activity;sid:84329491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466392)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/famous_athletes_banned_for_drug_use.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466392/; classtype:trojan-activity;sid:84329492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466393)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/31075581028.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466393/; classtype:trojan-activity;sid:84329493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466394)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/table_trigonometrique_complet.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466394/; classtype:trojan-activity;sid:84329494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466385)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f20719e2-319c-4f10-aabc-5dffb4a98912/downloads/45233279752.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466385/; classtype:trojan-activity;sid:84329485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466376)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/10e01255-b324-4a54-ae63-f4e28a319147/downloads/how_to_make_authorization_letter_to_claim_money_in_palawan.pdf"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466376/; classtype:trojan-activity;sid:84329476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466378)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a69ed85-566a-4d22-8bd3-47a8a314b3bf/downloads/baropuzijavalerivotenujop.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466378/; classtype:trojan-activity;sid:84329478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466379)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/15135097712.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466379/; classtype:trojan-activity;sid:84329479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466366)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4831e354-44dc-4759-9d14-0dd6cfda589f/downloads/demag_ac_350_dwg.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466366/; classtype:trojan-activity;sid:84329466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466370)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f6479094-5bf7-4b46-9ced-d0f3d0d49751/downloads/63982701040.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466370/; classtype:trojan-activity;sid:84329470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466371)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e35dded4-68df-49bc-a9b0-aad8c63628c2/downloads/polipuzikiwelines.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466371/; classtype:trojan-activity;sid:84329471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466372)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/jakirezimukixinirivuvizuw.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466372/; classtype:trojan-activity;sid:84329472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466373)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4bf44b4-a39c-49f8-89f5-4b487ef61751/downloads/safety_precautions_during_rainy_season_ppt.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466373/; classtype:trojan-activity;sid:84329473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466358)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/gasanon.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466358/; classtype:trojan-activity;sid:84329458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466359)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/87218120165.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466359/; classtype:trojan-activity;sid:84329459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466364)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6c9fdcec-b167-4620-b064-54b8917c32b8/downloads/57211354597.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466364/; classtype:trojan-activity;sid:84329464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466355)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9927c1c5-c61c-4f5e-807e-67bd1833b3e4/downloads/2687436544.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466355/; classtype:trojan-activity;sid:84329455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466356)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/astonishment_report_example_template_free.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466356/; classtype:trojan-activity;sid:84329456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466353)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4454ad30-3f6f-488a-b5e6-19e7bcca2146/downloads/duzinijilufixikedaluw.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466353/; classtype:trojan-activity;sid:84329453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466340)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/47a03532-4838-4d3f-b185-a29c87fa882c/downloads/24511080679.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466340/; classtype:trojan-activity;sid:84329440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466341)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/35512569741.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466341/; classtype:trojan-activity;sid:84329441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466344)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/fiselarodinolapin.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466344/; classtype:trojan-activity;sid:84329444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466348)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/fonuferin.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466348/; classtype:trojan-activity;sid:84329448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466349)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/59681288373.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466349/; classtype:trojan-activity;sid:84329449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466350)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9db526fb-d62a-447a-9766-8665158ad47a/downloads/skf_linear_bearing_catalogue.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466350/; classtype:trojan-activity;sid:84329450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466351)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/45838770375.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466351/; classtype:trojan-activity;sid:84329451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466336)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98a1791f-f3a9-4ef2-ac34-41b3393c3d1d/downloads/original_documents_handover_letter_format.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466336/; classtype:trojan-activity;sid:84329436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466337)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/60272662631.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466337/; classtype:trojan-activity;sid:84329437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466338)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aa44ab49-4d64-4d64-8bfd-2dfce545052f/downloads/limitations_act_2004_nigeria.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466338/; classtype:trojan-activity;sid:84329438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466331)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72cc53f9-3bf4-447c-963a-353f48ad8500/downloads/puwutokok.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466331/; classtype:trojan-activity;sid:84329431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466333)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2224247e-29ce-4f8d-b838-abfcbdf269c0/downloads/emdr_cognitive_interweaves.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466333/; classtype:trojan-activity;sid:84329433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466325)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/15715958975.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466325/; classtype:trojan-activity;sid:84329425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466326)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/sanugesijeviwo.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466326/; classtype:trojan-activity;sid:84329426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466327)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/167862b3-31e9-4984-90e5-30766e3a7fa8/downloads/20740408467.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466327/; classtype:trojan-activity;sid:84329427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466316)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/22914289512.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466316/; classtype:trojan-activity;sid:84329416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466317)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f842cd9f-c67c-4749-ba01-22d7c1ea502c/downloads/93070455772.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466317/; classtype:trojan-activity;sid:84329417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466319)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/61240910211.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466319/; classtype:trojan-activity;sid:84329419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466320)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/33251318472.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466320/; classtype:trojan-activity;sid:84329420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466321)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800cff82-04ba-4c47-9f8b-d21367acb04d/downloads/84098559127.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466321/; classtype:trojan-activity;sid:84329421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466322)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kaxajopisojurivo.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466322/; classtype:trojan-activity;sid:84329422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466324)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/vehicle_sale_agreement_format_in_word_kerala_online_applicat.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466324/; classtype:trojan-activity;sid:84329424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466312)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/everstart_750_amp_jump_starter_manual.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466312/; classtype:trojan-activity;sid:84329412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466313)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/424b0398-579a-4717-a17a-ffb972bf5819/downloads/manual_ppap_4_edicao.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466313/; classtype:trojan-activity;sid:84329413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466314)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b2a026b5-555a-437c-867f-3969f62b48d7/downloads/3703775959.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466314/; classtype:trojan-activity;sid:84329414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466305)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3f5ecf8d-ba74-430f-ac11-9eb6ace92d02/downloads/womirojepu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466305/; classtype:trojan-activity;sid:84329405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466307)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/lord_of_the_flies_script.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466307/; classtype:trojan-activity;sid:84329407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466309)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d0a6e54-c95b-4e67-871e-882f39f9c203/downloads/38102271043.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466309/; classtype:trojan-activity;sid:84329409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466304)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/depo_provera_osteoporosis_guidelines.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466304/; classtype:trojan-activity;sid:84329404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466301)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/397fbc33-145f-44ec-a774-e1fa1b866d82/downloads/fekesijurada.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466301/; classtype:trojan-activity;sid:84329401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466293)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1e222df8-d197-4254-b90b-be3d3b023ef4/downloads/78299826683.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466293/; classtype:trojan-activity;sid:84329393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466294)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bc2da57a-5cad-4b1e-b658-8efa7e30bee5/downloads/como_transferir_saldo_de_dados_unitel.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466294/; classtype:trojan-activity;sid:84329394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466283)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/billetes_didacticos_mexicanos_para_imprimir.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466283/; classtype:trojan-activity;sid:84329383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466284)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/xutodorimalibavexididoson.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466284/; classtype:trojan-activity;sid:84329384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466285)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/vatalikuxigepiwu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466285/; classtype:trojan-activity;sid:84329385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466286)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2fda8269-9b7e-4008-b093-ed7dc0bde9d7/downloads/zinivegosejuriwevagowu.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466286/; classtype:trojan-activity;sid:84329386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466288)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/dotuxomolomorapitome.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466288/; classtype:trojan-activity;sid:84329388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466289)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/541a1d8b-7a21-4c1f-8013-03406bd1a8ad/downloads/mevuxurike.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466289/; classtype:trojan-activity;sid:84329389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466291)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c30937d-c8da-4e7b-9f7a-432344b46400/downloads/jubomumifekomu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466291/; classtype:trojan-activity;sid:84329391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466279)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aa25c895-a966-4265-aeb1-bc094284554e/downloads/jifig.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466279/; classtype:trojan-activity;sid:84329379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466280)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/90378982159.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466280/; classtype:trojan-activity;sid:84329380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466282)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/jodegemotekuseve.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466282/; classtype:trojan-activity;sid:84329382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466268)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/46578941429.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466268/; classtype:trojan-activity;sid:84329368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466269)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/elenco_corsi_vam_viterbo.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466269/; classtype:trojan-activity;sid:84329369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466259)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/17714436684.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466259/; classtype:trojan-activity;sid:84329359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466260)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/planet_fitness_membership_cancellation_letter.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466260/; classtype:trojan-activity;sid:84329360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466261)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af067739-2dfe-40f3-ae00-a758e587d7d3/downloads/61105974714.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466261/; classtype:trojan-activity;sid:84329361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466266)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/933c3405-1572-4648-b39e-d98567eb5bee/downloads/for_your_kind_perusal_and_necessary_action_meaning.pdf"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466266/; classtype:trojan-activity;sid:84329366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466267)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/119d5b03-e78f-4725-87b7-ed496b267f6d/downloads/scrubber_design_calculation_excel.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466267/; classtype:trojan-activity;sid:84329367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466249)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6787db73-833d-4393-867e-1b786eb5e101/downloads/60859753638.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466249/; classtype:trojan-activity;sid:84329349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466252)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62a7895e-5f81-4049-920b-e70e38d29e37/downloads/why_is_annexure_d_required_for_minor_passport.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466252/; classtype:trojan-activity;sid:84329352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466253)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/574284889.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466253/; classtype:trojan-activity;sid:84329353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466254)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9e5b6b40-f934-4273-a65f-cbaee9aa4b00/downloads/xikapataxofako.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466254/; classtype:trojan-activity;sid:84329354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466255)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lobigexapi.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466255/; classtype:trojan-activity;sid:84329355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466256)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2470d53e-fef7-4646-9c8b-919894e66d18/downloads/72646482584.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466256/; classtype:trojan-activity;sid:84329356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466257)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8c16f145-4fc0-4af7-a4db-de4acd818fe4/downloads/46429707192.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466257/; classtype:trojan-activity;sid:84329357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466245)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7153ec40-cd7f-411a-a08b-66d173a33455/downloads/standards_australia_handbook_197.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466245/; classtype:trojan-activity;sid:84329345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466247)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/55745505506.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466247/; classtype:trojan-activity;sid:84329347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466241)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/43311556781.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466241/; classtype:trojan-activity;sid:84329341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466244)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/80691091889.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466244/; classtype:trojan-activity;sid:84329344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466238)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/sewuxazomuwara.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466238/; classtype:trojan-activity;sid:84329338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466231)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ce549e8-3051-428a-a71b-b48f204ac3cd/downloads/rapid_router_level_43_solution.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466231/; classtype:trojan-activity;sid:84329331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466232)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0620bed2-a9d8-4f06-ab8c-173ea1a60a70/downloads/jijegarazomimubusawogam.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466232/; classtype:trojan-activity;sid:84329332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466233)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/matunekuv.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466233/; classtype:trojan-activity;sid:84329333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466230)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/53202951-38c7-4c35-8280-6cefaf47915f/downloads/statsafe_3000_msds.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466230/; classtype:trojan-activity;sid:84329330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466221)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/82647770508.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466221/; classtype:trojan-activity;sid:84329321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466222)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ee3e2894-0337-41f6-9371-caecf7034a22/downloads/26991821255.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466222/; classtype:trojan-activity;sid:84329322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466226)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/gesuzodekutiz.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466226/; classtype:trojan-activity;sid:84329326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466227)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62a7895e-5f81-4049-920b-e70e38d29e37/downloads/how_to_register_in_upstox.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466227/; classtype:trojan-activity;sid:84329327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466228)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/exercises_for_trigger_thumb.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466228/; classtype:trojan-activity;sid:84329328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466229)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/132d13c5-3f89-41bf-85b4-d1a24ddcf61c/downloads/nosiwevixina.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466229/; classtype:trojan-activity;sid:84329329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466215)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a56a106f-21b9-46c2-b5bc-12461919334c/downloads/vurarufa.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466215/; classtype:trojan-activity;sid:84329315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466217)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/how_to_get_a_wire_transfer_receipt_chase.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466217/; classtype:trojan-activity;sid:84329317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466219)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/3175972790.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466219/; classtype:trojan-activity;sid:84329319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466213)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62128af0-82d0-4bae-b967-d393a4304003/downloads/apex_sl_vibration_controller_manual.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466213/; classtype:trojan-activity;sid:84329313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466214)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/nakozixuwelafi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466214/; classtype:trojan-activity;sid:84329314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466205)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/mobesapovasag.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466205/; classtype:trojan-activity;sid:84329305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466206)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fae029f6-27b1-4578-94bc-ae0bbaeebde4/downloads/imperial_vernier_caliper_worksheet.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466206/; classtype:trojan-activity;sid:84329306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466207)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e2ab423c-1813-4cd0-becb-6a8adbf01641/downloads/ribafimimeriledok.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466207/; classtype:trojan-activity;sid:84329307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466208)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/62228929609.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466208/; classtype:trojan-activity;sid:84329308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466209)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/91a706e9-d066-47d7-89af-69535d865c3d/downloads/carteirinha_de_estudante_falsa_em.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466209/; classtype:trojan-activity;sid:84329309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466196)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/80e9e7c7-d97b-4b5a-96c4-9a83854a3065/downloads/35740879646.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466196/; classtype:trojan-activity;sid:84329296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466201)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2d42ffe-779b-4107-ac42-7f36375aab37/downloads/zeneliginuboripiriza.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466201/; classtype:trojan-activity;sid:84329301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466202)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6bb5c8cf-e89d-49c0-aeeb-7278d39f6b32/downloads/fiche_grcf_bts_gpme.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466202/; classtype:trojan-activity;sid:84329302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466193)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/77724997403.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466193/; classtype:trojan-activity;sid:84329293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466181)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/xinunivigaxelifujukedo.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466181/; classtype:trojan-activity;sid:84329281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466182)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/pidipaxiworoguvosifap.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466182/; classtype:trojan-activity;sid:84329282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466183)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/rent_receipt_format_in_ms_word.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466183/; classtype:trojan-activity;sid:84329283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466184)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nipipuk.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466184/; classtype:trojan-activity;sid:84329284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466185)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/081e0348-3bf0-4a3e-a723-749adc1aa630/downloads/67271829455.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466185/; classtype:trojan-activity;sid:84329285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466186)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0325f5e-ab4f-48af-8631-8757a310624e/downloads/57390845107.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466186/; classtype:trojan-activity;sid:84329286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466187)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/45659404876.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466187/; classtype:trojan-activity;sid:84329287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466189)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/80200009732.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466189/; classtype:trojan-activity;sid:84329289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466190)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3a657e0c-a872-4028-94b8-811aea249c49/downloads/shl_general_ability_test_answers_reddit.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466190/; classtype:trojan-activity;sid:84329290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466175)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06823f9b-45c4-43cb-a44f-1f9f645cebcf/downloads/32406777299.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466175/; classtype:trojan-activity;sid:84329275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466177)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/7694747911.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466177/; classtype:trojan-activity;sid:84329277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466178)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/danokubiwen.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466178/; classtype:trojan-activity;sid:84329278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466179)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62128af0-82d0-4bae-b967-d393a4304003/downloads/xibuvajuxaluvotom.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466179/; classtype:trojan-activity;sid:84329279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466180)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a0c7596-8583-4967-abed-67d8d1ffd610/downloads/8393439781.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466180/; classtype:trojan-activity;sid:84329280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466170)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/redoripedigi.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466170/; classtype:trojan-activity;sid:84329270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466172)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/how_to_cancel_print_job_on_zebra_gk420d.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466172/; classtype:trojan-activity;sid:84329272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466169)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b83dcfc0-bbe6-4498-b356-e365ec2ed396/downloads/zofafiba.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466169/; classtype:trojan-activity;sid:84329269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466161)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37e9011-77af-43eb-9e7b-dd6853450512/downloads/les_jours_de_la_semaine_exercices.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466161/; classtype:trojan-activity;sid:84329261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466162)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/90213521835.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466162/; classtype:trojan-activity;sid:84329262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466154)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/28725733968.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466154/; classtype:trojan-activity;sid:84329254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466149)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7aa15cc-b2d1-4fef-8a47-8d7810090a9c/downloads/jenuwegipujodunoj.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466149/; classtype:trojan-activity;sid:84329249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466151)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/dowuvibatekijutajuvavu.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466151/; classtype:trojan-activity;sid:84329251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466152)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/14196656823.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466152/; classtype:trojan-activity;sid:84329252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466153)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/44a9091e-2134-47ec-8037-250483142ad3/downloads/kenmore_elite_665.12783_k311_service_manual.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466153/; classtype:trojan-activity;sid:84329253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466144)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/50362295282.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466144/; classtype:trojan-activity;sid:84329244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466145)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/navy_uic_code_list.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466145/; classtype:trojan-activity;sid:84329245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466147)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f2acd38-413e-47a5-ac42-d6305581bfab/downloads/logerafanekox.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466147/; classtype:trojan-activity;sid:84329247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466140)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/zakojamoderuvovu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466140/; classtype:trojan-activity;sid:84329240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466133)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b2a026b5-555a-437c-867f-3969f62b48d7/downloads/successfactors_recruiting_implementation_guide.pdf"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466133/; classtype:trojan-activity;sid:84329233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466134)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/97474238027.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466134/; classtype:trojan-activity;sid:84329234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466135)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddcbbbab-f8a6-4067-a450-a2f971a66e79/downloads/daikin_ac_remote_control_guide.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466135/; classtype:trojan-activity;sid:84329235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466138)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/lebuk.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466138/; classtype:trojan-activity;sid:84329238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466139)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/71642361311.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466139/; classtype:trojan-activity;sid:84329239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466128)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kumujadirifokekikivexe.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466128/; classtype:trojan-activity;sid:84329228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466130)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/2818265442.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466130/; classtype:trojan-activity;sid:84329230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466132)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e262bb3c-3205-4bb6-954b-f565479d59e0/downloads/examenes_psicometricos_pruebas_psicometricas_gratis_para_imp.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466132/; classtype:trojan-activity;sid:84329232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466122)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4252a31f-7a57-4ac8-a31e-ee71b2361194/downloads/61162239689.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466122/; classtype:trojan-activity;sid:84329222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466125)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/43b3ecff-25d4-4371-99a8-6df485cf4fd5/downloads/amoeba_sisters_classification_worksheet.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466125/; classtype:trojan-activity;sid:84329225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466115)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/fundamentals_of_power_supply_design_book.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466115/; classtype:trojan-activity;sid:84329215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466116)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/her_yonuyle_modern_almanca_dursun_zengin.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466116/; classtype:trojan-activity;sid:84329216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466117)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/15938565950.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466117/; classtype:trojan-activity;sid:84329217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466107)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d5271715-d4c2-447f-bd8c-804dbc17722c/downloads/experience_certificate_format_for_quality_control_engineer.pdf"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466107/; classtype:trojan-activity;sid:84329207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466109)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1b7f80b5-fb34-497d-8072-447feb44da09/downloads/lewamagoromizesa.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466109/; classtype:trojan-activity;sid:84329209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466110)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/courier_declaration_format.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466110/; classtype:trojan-activity;sid:84329210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466104)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/ruripumefenezalizaf.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466104/; classtype:trojan-activity;sid:84329204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466101)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/32a18e69-8d9d-488c-b50f-45023ca24343/downloads/87353354077.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466101/; classtype:trojan-activity;sid:84329201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466092)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/20305303180.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466092/; classtype:trojan-activity;sid:84329192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466099)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/kutapodisub.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466099/; classtype:trojan-activity;sid:84329199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466100)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0919b7e4-2541-44dd-b945-9d5e6d22eaf1/downloads/xibegakibojonabawaz.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466100/; classtype:trojan-activity;sid:84329200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466083)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/doxuwiponubagexotabos.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466083/; classtype:trojan-activity;sid:84329183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466084)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/54308720858.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466084/; classtype:trojan-activity;sid:84329184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466085)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/gomanelakog.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466085/; classtype:trojan-activity;sid:84329185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466089)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/nx_nastran_element_library_reference_manual.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466089/; classtype:trojan-activity;sid:84329189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466074)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/collibra_expert_i_certification_answers_sheet_download_2017.pdf"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466074/; classtype:trojan-activity;sid:84329174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466075)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4ec11559-69c0-4903-84a6-3240babfcfe7/downloads/lapagikevipewijumodoru.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466075/; classtype:trojan-activity;sid:84329175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466076)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1bfc168f-d0df-43cb-a73e-d0c80e42fe5c/downloads/formulaire_virement_international_banque_postale.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466076/; classtype:trojan-activity;sid:84329176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466078)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/96273346643.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466078/; classtype:trojan-activity;sid:84329178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466079)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1feaf4a2-3a85-48bd-b975-ab8d5bcee640/downloads/30816276176.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466079/; classtype:trojan-activity;sid:84329179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466070)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d8f5bd9b-2c75-4c1f-8d4d-84a7de1d3443/downloads/rent_brokerage_receipt_format_word.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466070/; classtype:trojan-activity;sid:84329170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466071)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8439ca10-a5ac-4299-aa09-54ab615a2090/downloads/bozagororaxurivir.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466071/; classtype:trojan-activity;sid:84329171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466072)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/54016191818.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466072/; classtype:trojan-activity;sid:84329172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466073)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f0d27cad-ce96-47a4-a6b6-d00149677212/downloads/87562723190.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466073/; classtype:trojan-activity;sid:84329173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466066)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/swot_analysis_for_poultry_farming.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466066/; classtype:trojan-activity;sid:84329166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466067)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/bosokoxa.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466067/; classtype:trojan-activity;sid:84329167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466063)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/69034861186.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466063/; classtype:trojan-activity;sid:84329163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466065)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/14962502915.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466065/; classtype:trojan-activity;sid:84329165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466060)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/42589334771.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466060/; classtype:trojan-activity;sid:84329160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466054)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/banksman_hand_signals.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466054/; classtype:trojan-activity;sid:84329154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466055)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6cdacb6d-7fbf-4d09-a986-56cdfa4edeb2/downloads/5985868832.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466055/; classtype:trojan-activity;sid:84329155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466056)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/voter_list_delhi_2018.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466056/; classtype:trojan-activity;sid:84329156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466058)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/99737319160.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466058/; classtype:trojan-activity;sid:84329158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466045)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1bfc168f-d0df-43cb-a73e-d0c80e42fe5c/downloads/71653623394.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466045/; classtype:trojan-activity;sid:84329145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466047)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/testing_and_commissioning_of_electrical_equipment.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466047/; classtype:trojan-activity;sid:84329147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466048)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1ffc09a0-c9a4-4762-8145-43798f2fda71/downloads/back_to_work_from_maternity_leave_email.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466048/; classtype:trojan-activity;sid:84329148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466049)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/xepaxijaniwitofoxipoja.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466049/; classtype:trojan-activity;sid:84329149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466051)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/de43da9e-bc77-4e56-a909-0e72ba746cf9/downloads/electricity_bill_name_change_noc_format.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466051/; classtype:trojan-activity;sid:84329151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466052)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2ad58263-1b5c-4da7-bc4a-7b8f99e22218/downloads/formulaire_ordre_de_virement_banque_postale.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466052/; classtype:trojan-activity;sid:84329152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466053)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/76135669664.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466053/; classtype:trojan-activity;sid:84329153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466039)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/23ec0b56-0ae7-4e41-8565-08e517b0b386/downloads/gatamalepuberik.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466039/; classtype:trojan-activity;sid:84329139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466040)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/97106569323.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466040/; classtype:trojan-activity;sid:84329140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466041)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3e3d230e-4918-4f4b-8a10-8ee933aabcaf/downloads/99772344048.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466041/; classtype:trojan-activity;sid:84329141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466037)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/wapurexep.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466037/; classtype:trojan-activity;sid:84329137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466032)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/19668bf7-0111-4cbb-8050-06562ac08bba/downloads/steps_to_create_template_instance_in_tosca.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466032/; classtype:trojan-activity;sid:84329132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466033)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/bidoxefemoduxunirez.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466033/; classtype:trojan-activity;sid:84329133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466034)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/88817028453.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466034/; classtype:trojan-activity;sid:84329134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466027)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/job_work_challan_format_in_excel.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466027/; classtype:trojan-activity;sid:84329127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466028)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34794329-fa5b-49f8-8f60-fb0720b1e556/downloads/14476765670.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466028/; classtype:trojan-activity;sid:84329128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466015)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/resignation_letter_template_family_reasons.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466015/; classtype:trojan-activity;sid:84329115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466016)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8c16f145-4fc0-4af7-a4db-de4acd818fe4/downloads/14431999044.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466016/; classtype:trojan-activity;sid:84329116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466017)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/21303726077.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466017/; classtype:trojan-activity;sid:84329117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466018)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/minupawuferogu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466018/; classtype:trojan-activity;sid:84329118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466020)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b071d266-376f-40c9-bb70-11ca77d8051b/downloads/36008974689.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466020/; classtype:trojan-activity;sid:84329120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466021)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/60919645191.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466021/; classtype:trojan-activity;sid:84329121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466022)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/424b0398-579a-4717-a17a-ffb972bf5819/downloads/audit_professional_clearance_letter_template.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466022/; classtype:trojan-activity;sid:84329122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466023)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/30072850819.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466023/; classtype:trojan-activity;sid:84329123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466024)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/75213021290.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466024/; classtype:trojan-activity;sid:84329124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466025)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/law-making_process_in_zimbabwe.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466025/; classtype:trojan-activity;sid:84329125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466011)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/363b8b8c-bdd6-4ad7-ac6c-ba65cd60171b/downloads/abaqus_user_subroutine_reference_guide.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466011/; classtype:trojan-activity;sid:84329111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466014)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/85845004614.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466014/; classtype:trojan-activity;sid:84329114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466005)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/genuwafazapibiwinowafal.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466005/; classtype:trojan-activity;sid:84329105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466006)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/20322886839.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466006/; classtype:trojan-activity;sid:84329106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466008)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/gagibipawuzepakan.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466008/; classtype:trojan-activity;sid:84329108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466002)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/sample_authorization_letter_to_get_psa_marriage_certificate.pdf"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466002/; classtype:trojan-activity;sid:84329102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465993)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/8517821794.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465993/; classtype:trojan-activity;sid:84329093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465994)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/padanad.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465994/; classtype:trojan-activity;sid:84329094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465995)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9971747c-d991-46ae-b932-5ba73958e604/downloads/fojajexuretimototatoles.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465995/; classtype:trojan-activity;sid:84329095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465996)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/mosodekasaxozebopajebibe.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465996/; classtype:trojan-activity;sid:84329096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465997)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6be9a470-c465-4776-ab76-53713c51537a/downloads/30164245456.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465997/; classtype:trojan-activity;sid:84329097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465999)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f264223f-22e7-47f1-947d-9e365a75e217/downloads/96358679127.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465999/; classtype:trojan-activity;sid:84329099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466000)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f65856df-6ee2-426f-901a-fbcb5106e767/downloads/22057173676.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466000/; classtype:trojan-activity;sid:84329100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465984)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/butterfly_roof_construction_detail.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465984/; classtype:trojan-activity;sid:84329084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465985)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/baxejatoxenidomixidedax.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465985/; classtype:trojan-activity;sid:84329085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465986)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/17465496427.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465986/; classtype:trojan-activity;sid:84329086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465989)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/zabefenakozevopesomewazi.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465989/; classtype:trojan-activity;sid:84329089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465990)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/48283c5b-b198-4860-9bf9-7f30a2f8146b/downloads/zoromipubadijivonexon.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465990/; classtype:trojan-activity;sid:84329090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465991)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8df58291-e0db-425a-9cda-a9882386ada6/downloads/jaladimurefasetuzukiwaxit.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465991/; classtype:trojan-activity;sid:84329091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465992)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/wofalobomosotanavuze.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465992/; classtype:trojan-activity;sid:84329092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465980)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0d21a9d5-01df-4a9e-9327-883996b2f71d/downloads/ansi_electrical_symbols_standards.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465980/; classtype:trojan-activity;sid:84329080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465974)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a435afa7-bc93-481f-8a35-ce503cc8a972/downloads/sri_rudram_namakam_chamakam_tamil.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465974/; classtype:trojan-activity;sid:84329074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465975)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/tumiwujuluxuwaxi.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465975/; classtype:trojan-activity;sid:84329075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465977)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/denutetoraditut.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465977/; classtype:trojan-activity;sid:84329077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465961)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9569c183-65dc-4f14-a45e-e7944584cb65/downloads/bifidetogatovotuwideki.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465961/; classtype:trojan-activity;sid:84329061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465962)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/baroque_guitar_tab.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465962/; classtype:trojan-activity;sid:84329062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465963)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7f34267e-2563-449a-82e3-60f19988c45d/downloads/lic_jeevan_saral_plan_165_chart.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465963/; classtype:trojan-activity;sid:84329063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465965)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/69187265192.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465965/; classtype:trojan-activity;sid:84329065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465968)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d551812a-3c47-48f1-bc1d-3ac42c3f246c/downloads/rigumudusogepivana.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465968/; classtype:trojan-activity;sid:84329068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465969)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/5528845131.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465969/; classtype:trojan-activity;sid:84329069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465971)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/74129229699.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465971/; classtype:trojan-activity;sid:84329071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465972)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/cancionero_catolico_jesed.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465972/; classtype:trojan-activity;sid:84329072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465957)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a3b63b5-3e6a-48ac-8e49-14ed0037cbc4/downloads/historietas_del_medio_ambiente_largas.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465957/; classtype:trojan-activity;sid:84329057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465955)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/62049175170.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465955/; classtype:trojan-activity;sid:84329055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465949)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/10908647555.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465949/; classtype:trojan-activity;sid:84329049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465951)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/maxabamuxixotabevifutiw.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465951/; classtype:trojan-activity;sid:84329051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465953)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/downgrade_oracle_database_from_19c_to_11g.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465953/; classtype:trojan-activity;sid:84329053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465942)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ba9b549d-a804-4d13-a818-3c55b3524acd/downloads/75189909272.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465942/; classtype:trojan-activity;sid:84329042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465945)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/individual_development_plan_powerpoint_template.pdf"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465945/; classtype:trojan-activity;sid:84329045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465946)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/64954946228.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465946/; classtype:trojan-activity;sid:84329046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465939)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/bapozujipo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465939/; classtype:trojan-activity;sid:84329039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465931)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4872c6d8-aa46-4e32-b809-43d741337793/downloads/74841624584.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465931/; classtype:trojan-activity;sid:84329031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465932)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3a90d4c9-f215-49ec-8178-8e50febf5250/downloads/tedutogonisijetinikiw.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465932/; classtype:trojan-activity;sid:84329032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465933)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/wipofuta.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465933/; classtype:trojan-activity;sid:84329033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465935)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4cb1e8a7-0f1a-4c3a-ae4d-65ac09f78b80/downloads/fenekipejivatoxeni.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465935/; classtype:trojan-activity;sid:84329035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465937)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/wolarodipuxusisug.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465937/; classtype:trojan-activity;sid:84329037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465938)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c3be0091-4534-4191-a72e-570acc745d3e/downloads/attestation_de_prise_en_charge_tlscontact.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465938/; classtype:trojan-activity;sid:84329038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465924)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fa4295b9-8c98-4187-bbf8-91c9d7ce5f9e/downloads/89606848887.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465924/; classtype:trojan-activity;sid:84329024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465926)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/44d0963d-ba71-4620-abdb-e3c6631b392b/downloads/balance_confirmation_letter_format_in_word.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465926/; classtype:trojan-activity;sid:84329026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465912)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/rollo_tomassi_the_rational_male_turkce.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465912/; classtype:trojan-activity;sid:84329012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465914)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800bda9c-ed1b-45a1-a7d5-702e4e14f980/downloads/pmp_42_processes_chart.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465914/; classtype:trojan-activity;sid:84329014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465915)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/86917927693.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465915/; classtype:trojan-activity;sid:84329015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465916)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/methodologie_du_commentaire_compose_francais.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465916/; classtype:trojan-activity;sid:84329016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465919)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/gauss_elimination_method_example_with_solution.pdf"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465919/; classtype:trojan-activity;sid:84329019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465910)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5f03ee03-a319-4a1e-a052-a99710c59365/downloads/bujulodipesotixugakujup.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465910/; classtype:trojan-activity;sid:84329010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465906)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/hsbc_bank_statement.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465906/; classtype:trojan-activity;sid:84329006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465909)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/94e1955e-c7d2-4e11-a6ac-7a5ec652d6cd/downloads/suzuki_dt4_owners_manual.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465909/; classtype:trojan-activity;sid:84329009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465903)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8f5eeb54-04ec-4a30-bb55-41e413d1f3ed/downloads/open_pit_mine_planning_and_design.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465903/; classtype:trojan-activity;sid:84329003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465904)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ceb9a026-f6c4-4e26-a968-d8e0e8d06aaa/downloads/tevedowopalugafaxoro.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465904/; classtype:trojan-activity;sid:84329004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465905)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/adb32098-1c7a-4519-9e53-ced990fc5d88/downloads/kuniwuzujujurejovewo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465905/; classtype:trojan-activity;sid:84329005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465896)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/76236294804.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465896/; classtype:trojan-activity;sid:84328996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465897)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ab86f22-a419-4e4f-91d4-5a654823f744/downloads/pamolitix.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465897/; classtype:trojan-activity;sid:84328997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465898)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/697088a1-6c9a-496e-9a4d-922308cd97be/downloads/42508658220.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465898/; classtype:trojan-activity;sid:84328998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465885)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/sotax_at_xtend_user_manual.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465885/; classtype:trojan-activity;sid:84328985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465886)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5d8bfe2e-b91e-431f-9bdc-3f0ea97e388e/downloads/wovivesapo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465886/; classtype:trojan-activity;sid:84328986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465888)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/sample_consent_letter_from_husband_for_wife_to_travel.pdf"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465888/; classtype:trojan-activity;sid:84328988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465889)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/formulaire_renouvellement_titre_de_sejour_yvelines.pdf"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465889/; classtype:trojan-activity;sid:84328989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465891)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/71d9f42f-0bad-4406-8a48-95c698e57e68/downloads/98599689697.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465891/; classtype:trojan-activity;sid:84328991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465892)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/92007305293.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465892/; classtype:trojan-activity;sid:84328992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465893)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d07e2353-3643-42fe-ba11-ffa772b1a28d/downloads/duff_phelps_size_premium.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465893/; classtype:trojan-activity;sid:84328993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465881)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9213334f-b8c6-41b2-903d-dc8cc5791a0a/downloads/49429599069.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465881/; classtype:trojan-activity;sid:84328981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465882)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/22187922858.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465882/; classtype:trojan-activity;sid:84328982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465876)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d5e97205-d745-471d-94c2-4bc94f943a29/downloads/nafexasu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465876/; classtype:trojan-activity;sid:84328976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465878)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/99401481523.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465878/; classtype:trojan-activity;sid:84328978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465879)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/harry_potter_ea_camara_secreta_ilustrado.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465879/; classtype:trojan-activity;sid:84328979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465870)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800cff82-04ba-4c47-9f8b-d21367acb04d/downloads/all_gujarati_magazine.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465870/; classtype:trojan-activity;sid:84328970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465871)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/34103705134.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465871/; classtype:trojan-activity;sid:84328971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465872)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9a32841c-0d54-4ad0-8acd-a5b15c41cae1/downloads/nagpur_metro_phase_2_dpr.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465872/; classtype:trojan-activity;sid:84328972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465873)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/99406712648.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465873/; classtype:trojan-activity;sid:84328973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465874)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96d7062c-715f-4c9e-82c2-ac322bf04d1a/downloads/fawafep.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465874/; classtype:trojan-activity;sid:84328974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465875)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51e053ea-8122-46e3-bee6-6c00a935619c/downloads/28185631859.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465875/; classtype:trojan-activity;sid:84328975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465865)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/renamotoxuxesike.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465865/; classtype:trojan-activity;sid:84328965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465866)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/wixutazavadupiruzani.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465866/; classtype:trojan-activity;sid:84328966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465864)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/vixodamev.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465864/; classtype:trojan-activity;sid:84328964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465852)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pulse_secure_network_error_1329.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465852/; classtype:trojan-activity;sid:84328952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465853)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8fc62093-f93e-447d-8e21-b1e235f4d9cc/downloads/cibse_psychrometric_chart.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465853/; classtype:trojan-activity;sid:84328953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465857)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/citrix_adc_vpx_datasheet.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465857/; classtype:trojan-activity;sid:84328957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465847)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cac64821-2205-4248-abd9-55e775312c94/downloads/rosigamosusen.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465847/; classtype:trojan-activity;sid:84328947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465848)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/fosofiboma.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465848/; classtype:trojan-activity;sid:84328948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465850)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/600b6853-9b14-40c4-b9d1-c0a10f9ad1eb/downloads/mathematics_core_topics_sl.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465850/; classtype:trojan-activity;sid:84328950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465843)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6e0acf5f-e652-447e-8a3a-90dcb81c48ee/downloads/loan_cancellation_letter.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465843/; classtype:trojan-activity;sid:84328943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465844)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98fd26ea-5c50-4ebf-945e-7ed158ebe1b6/downloads/workplace_printable_hurt_feelings_report.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465844/; classtype:trojan-activity;sid:84328944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465845)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/zalekebi.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465845/; classtype:trojan-activity;sid:84328945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465833)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/58616986475.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465833/; classtype:trojan-activity;sid:84328933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465835)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/one_of_us_is_lying_character_quotes.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465835/; classtype:trojan-activity;sid:84328935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465839)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0e65d320-97ed-47cb-9ca0-bcd7400824c9/downloads/jewuzikilodejosowar.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465839/; classtype:trojan-activity;sid:84328939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465825)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72fc6eb8-20de-4439-bced-6bfc7eecaa8e/downloads/bogev.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465825/; classtype:trojan-activity;sid:84328925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465826)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/58b13a51-176b-4b7e-ab1e-a0c84e7a5487/downloads/currency_market_mechanics_bmc_answers.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465826/; classtype:trojan-activity;sid:84328926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465827)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/018aefd4-3541-4598-a5c3-d0911ca60a82/downloads/asce_7-05_espanol_gratis.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465827/; classtype:trojan-activity;sid:84328927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465828)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tifunakarexefeguwitoda.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465828/; classtype:trojan-activity;sid:84328928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465829)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06a2cc2e-f4bb-4ca4-a0d9-71e2fc8b7812/downloads/molaxoxekex.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465829/; classtype:trojan-activity;sid:84328929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465830)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/iata_airport_handling_manual_2019_full.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465830/; classtype:trojan-activity;sid:84328930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465831)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c1bf3ae2-f6cc-4078-b639-2ff1ca0b62be/downloads/1172286111.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465831/; classtype:trojan-activity;sid:84328931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465832)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/euchre_score_sheets_for_16_players.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465832/; classtype:trojan-activity;sid:84328932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465820)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/dungeon_crawl_classics.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465820/; classtype:trojan-activity;sid:84328920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465804)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/69904656893.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465804/; classtype:trojan-activity;sid:84328904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465806)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/emmaus_walk_letters_of_encouragement.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465806/; classtype:trojan-activity;sid:84328906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465809)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fc635392-61de-40bc-86f0-c9844fcf30fd/downloads/gramatica_portugues_brasil.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465809/; classtype:trojan-activity;sid:84328909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465814)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/647bfca3-c5f6-48a0-9ec3-35afde17c6e3/downloads/gamokul.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465814/; classtype:trojan-activity;sid:84328914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465815)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fa284320-69aa-45db-92e2-86468d4beaf0/downloads/53174458267.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465815/; classtype:trojan-activity;sid:84328915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465795)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72502959-bd3f-431c-9582-055fb0eb9e9d/downloads/nike_employee_benefits.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465795/; classtype:trojan-activity;sid:84328895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465798)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/97767745983.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465798/; classtype:trojan-activity;sid:84328898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465799)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/country_of_origin_letter_template.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465799/; classtype:trojan-activity;sid:84328899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465802)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/39834772333.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465802/; classtype:trojan-activity;sid:84328902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465790)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/rofaruzev.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465790/; classtype:trojan-activity;sid:84328890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465791)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/verismo_701_service_manual.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465791/; classtype:trojan-activity;sid:84328891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465792)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rodudiniruzawame.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465792/; classtype:trojan-activity;sid:84328892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465785)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3c8f7a45-f68c-4369-8f63-be6429599400/downloads/butulanimirovubeve.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465785/; classtype:trojan-activity;sid:84328885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465786)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c725aa89-ce3b-4b0b-861e-e7c40702153d/downloads/gisewonivikamadoliwozuv.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465786/; classtype:trojan-activity;sid:84328886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465787)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d1335ae9-6401-4997-a89d-ffce5d766eb7/downloads/44332900662.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465787/; classtype:trojan-activity;sid:84328887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465779)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6f72d87-e560-495a-a5bd-684e976b53e4/downloads/nagano_keiki_km10.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465779/; classtype:trojan-activity;sid:84328879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465781)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/76488986948.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465781/; classtype:trojan-activity;sid:84328881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465782)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ac62f849-5623-435a-93ad-86e4d8edc83e/downloads/90625111849.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465782/; classtype:trojan-activity;sid:84328882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465772)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/72445144906.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465772/; classtype:trojan-activity;sid:84328872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465773)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0e65d320-97ed-47cb-9ca0-bcd7400824c9/downloads/wrightbus_streetlite_manual.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465773/; classtype:trojan-activity;sid:84328873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465776)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/waste_management_in_dubai.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465776/; classtype:trojan-activity;sid:84328876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465777)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/chevening_scholarship_reference_letter_sample.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465777/; classtype:trojan-activity;sid:84328877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465778)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/14409296375.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465778/; classtype:trojan-activity;sid:84328878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465766)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d128fcda-7fcc-4d89-85b3-e79c54d4414e/downloads/unit_conversion_practice_problems.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465766/; classtype:trojan-activity;sid:84328866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465768)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/11197801286.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465768/; classtype:trojan-activity;sid:84328868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465769)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/50ab7773-f1d2-4be6-a8e2-1065b2477787/downloads/41229957036.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465769/; classtype:trojan-activity;sid:84328869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465771)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/950f7924-fa6b-44be-bda3-22eaf526f43f/downloads/konujidav.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465771/; classtype:trojan-activity;sid:84328871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465760)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/burijuterapudupelirebi.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465760/; classtype:trojan-activity;sid:84328860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465761)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a85f54ee-11f7-4ab3-9970-dabd8f52d583/downloads/vowivovabafases.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465761/; classtype:trojan-activity;sid:84328861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465762)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/acb19439-02ad-48ae-a6e4-8c3bfce04694/downloads/32470708569.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465762/; classtype:trojan-activity;sid:84328862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465763)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/xikesoxabafubuwepof.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465763/; classtype:trojan-activity;sid:84328863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465764)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/2251478862.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465764/; classtype:trojan-activity;sid:84328864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465765)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9d0d7648-4006-4e9a-bf4e-cd4f5c534844/downloads/socomec_ups_service_manual.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465765/; classtype:trojan-activity;sid:84328865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465757)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/6098867423.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465757/; classtype:trojan-activity;sid:84328857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465758)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2b383d2d-2b5a-4b4f-949f-124c21f71183/downloads/how_to_write_an_introduction_letter_to_an_embassy.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465758/; classtype:trojan-activity;sid:84328858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465755)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41780010-2245-4f59-96ea-abe2bb04704f/downloads/38265042738.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465755/; classtype:trojan-activity;sid:84328855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465747)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/183feb73-c001-4172-a9c4-8aedcbb9c085/downloads/nosasasoxanuxoxazefuz.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465747/; classtype:trojan-activity;sid:84328847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465749)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/gibekewelodi.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465749/; classtype:trojan-activity;sid:84328849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465752)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/16395777837.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465752/; classtype:trojan-activity;sid:84328852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465753)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/jspdf_autotable_x_position.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465753/; classtype:trojan-activity;sid:84328853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465739)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a0b0ee5f-47ab-407d-8f2e-b86a71eb1b80/downloads/cerere_demisie_fara_preaviz.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465739/; classtype:trojan-activity;sid:84328839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465740)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0fde6049-38a2-402e-8604-5a56fc977486/downloads/request_letter_for_construction_bond_refund.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465740/; classtype:trojan-activity;sid:84328840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465741)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cdd5ea6e-1f6b-4417-9fad-928f6d1c8a68/downloads/50_verbes_irreguliers_en_anglais.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465741/; classtype:trojan-activity;sid:84328841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465742)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a69ed85-566a-4d22-8bd3-47a8a314b3bf/downloads/molecular_mass_of_elements_list.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465742/; classtype:trojan-activity;sid:84328842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465744)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/69278806631.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465744/; classtype:trojan-activity;sid:84328844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465735)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/nonisenokedevesuxumuk.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465735/; classtype:trojan-activity;sid:84328835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465729)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/mesoduwegotujowokikurixo.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465729/; classtype:trojan-activity;sid:84328829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465731)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2b383d2d-2b5a-4b4f-949f-124c21f71183/downloads/how_to_fill_up_deed_of_sale_of_motor_vehicle.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465731/; classtype:trojan-activity;sid:84328831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465724)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/33d2c907-2bf6-4426-875f-30dcfdd2ea6c/downloads/takeshi_amemiya_advanced_econometrics.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465724/; classtype:trojan-activity;sid:84328824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465725)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/paxakuvenu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465725/; classtype:trojan-activity;sid:84328825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465715)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51d0d552-51a2-4187-835e-597cbad426c9/downloads/astm_e2500.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465715/; classtype:trojan-activity;sid:84328815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465716)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/16407212514.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465716/; classtype:trojan-activity;sid:84328816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465717)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2215a6c-0436-4d82-8033-c5d079398259/downloads/mewivisonixapolivifit.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465717/; classtype:trojan-activity;sid:84328817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465718)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5778216d-14df-4dd7-ac4c-aefbb7c07c24/downloads/kugaduvekujewotaz.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465718/; classtype:trojan-activity;sid:84328818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465719)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tafanavevimewom.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465719/; classtype:trojan-activity;sid:84328819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465721)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lemowegigusazisalelupo.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465721/; classtype:trojan-activity;sid:84328821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465722)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5add4dbc-ec7d-4010-9077-0d95eef82ba1/downloads/64293794102.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465722/; classtype:trojan-activity;sid:84328822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465723)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a7c970be-6487-407b-ae67-0318aa6bed96/downloads/19932307165.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465723/; classtype:trojan-activity;sid:84328823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465709)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/lowasa.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465709/; classtype:trojan-activity;sid:84328809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465710)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8014aeaa-17b8-4bcd-a9d7-094ad1ff7644/downloads/19999334835.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465710/; classtype:trojan-activity;sid:84328810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465711)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/921a43a6-1495-4d95-bdb1-69b79162b826/downloads/13397059696.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465711/; classtype:trojan-activity;sid:84328811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465714)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b3cb2fd2-80cf-4497-9966-46f7699e136d/downloads/kovajive.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465714/; classtype:trojan-activity;sid:84328814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465707)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/49bbfdeb-576f-4f20-b756-96ff9c705013/downloads/96422280236.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465707/; classtype:trojan-activity;sid:84328807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465708)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/imo_dangerous_goods_declaration_example.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465708/; classtype:trojan-activity;sid:84328808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465703)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/88847399269.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465703/; classtype:trojan-activity;sid:84328803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465704)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cdb9e382-acbe-48dd-9722-c531572d81a1/downloads/pugalisamelifakebage.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465704/; classtype:trojan-activity;sid:84328804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465697)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/89463890604.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465697/; classtype:trojan-activity;sid:84328797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465699)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/lotumajufinunixine.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465699/; classtype:trojan-activity;sid:84328799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465701)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d9951c46-77aa-4ac5-b843-be02d4be2067/downloads/50826134191.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465701/; classtype:trojan-activity;sid:84328801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465702)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kasupobuwomubafujos.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465702/; classtype:trojan-activity;sid:84328802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465691)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/jotepebuzixulelomizo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465691/; classtype:trojan-activity;sid:84328791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465692)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e51c42a2-48a1-43ea-b124-a034de3679a6/downloads/83320615193.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465692/; classtype:trojan-activity;sid:84328792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465693)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/78c14b69-39ed-4d94-8d63-a7b29776e43c/downloads/radix_temperature_controller_x_48_manual.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465693/; classtype:trojan-activity;sid:84328793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465694)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/24a9af23-a9c8-45b6-80f8-335651f17510/downloads/96094090900.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465694/; classtype:trojan-activity;sid:84328794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465695)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/22a15b49-22b8-4edf-a855-4e76194b4aaf/downloads/97812412729.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465695/; classtype:trojan-activity;sid:84328795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465685)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/lizaputasu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465685/; classtype:trojan-activity;sid:84328785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465679)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/boxikijefedajexufesibul.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465679/; classtype:trojan-activity;sid:84328779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465680)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/11012613986.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465680/; classtype:trojan-activity;sid:84328780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465682)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/bucharest_grill_nutrition_information.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465682/; classtype:trojan-activity;sid:84328782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465683)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3844a76d-a274-4a3a-ad7f-2943a29e37b3/downloads/lezopidigusaraten.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465683/; classtype:trojan-activity;sid:84328783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465675)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e9dc005a-39e6-474d-bf2f-ef67b812a261/downloads/guia_para_ingresar_al_bachillerato_conamat.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465675/; classtype:trojan-activity;sid:84328775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465678)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/robaziromumeborumapix.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465678/; classtype:trojan-activity;sid:84328778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465671)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/52e9408f-c536-4a35-bd81-6078a5dce549/downloads/5252998215.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465671/; classtype:trojan-activity;sid:84328771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465672)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/36758652154.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465672/; classtype:trojan-activity;sid:84328772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465673)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/73577237968.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465673/; classtype:trojan-activity;sid:84328773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465657)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/louison_et_monsieur_moliere_resume.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465657/; classtype:trojan-activity;sid:84328757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465660)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a03fd264-622c-49da-819e-92c49cdd5e2b/downloads/xovifubakuforij.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465660/; classtype:trojan-activity;sid:84328760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465663)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/rupesiduvunimekesozo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465663/; classtype:trojan-activity;sid:84328763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465664)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/special_forces_knife_techniques.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465664/; classtype:trojan-activity;sid:84328764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465665)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/90645579432.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465665/; classtype:trojan-activity;sid:84328765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465666)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7eafcf9d-33bd-4fd4-8489-654d240ab2f3/downloads/6130931006.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465666/; classtype:trojan-activity;sid:84328766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465667)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0319bbe-78e1-4446-90fc-2b4b4cc85a3e/downloads/camp_green_lake.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465667/; classtype:trojan-activity;sid:84328767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465668)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/478a916a-56a8-445d-9eb0-b1a280ba537b/downloads/27628335796.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465668/; classtype:trojan-activity;sid:84328768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465655)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/eating_questionnaire-_a_ede-a_scoring.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465655/; classtype:trojan-activity;sid:84328755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465652)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/myer_victor_sewing_machine_manual.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465652/; classtype:trojan-activity;sid:84328752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465647)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/jorejujavupu.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465647/; classtype:trojan-activity;sid:84328747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465648)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41fa09f3-79bd-43c0-909a-d1a20c3cb7f6/downloads/attestation_sur_l_honneur_de_non_ressources.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465648/; classtype:trojan-activity;sid:84328748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465649)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/eb7f2f0c-e896-4e47-abeb-a05a47b6dcff/downloads/37569138292.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465649/; classtype:trojan-activity;sid:84328749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465630)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/98482064700.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465630/; classtype:trojan-activity;sid:84328730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465631)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/83364999300.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465631/; classtype:trojan-activity;sid:84328731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465632)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/records_of_declaration_disbursements_division.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465632/; classtype:trojan-activity;sid:84328732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465633)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f6084bd9-50ce-4d5f-82c5-bb685cd57a0d/downloads/mdsap_audit_checklist.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465633/; classtype:trojan-activity;sid:84328733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465635)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/jaziz.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465635/; classtype:trojan-activity;sid:84328735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465636)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a74441e7-424c-4454-9bc5-28c3682f6c16/downloads/jupifevaperoziput.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465636/; classtype:trojan-activity;sid:84328736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465637)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f778edfd-e481-47d7-9553-9364d433dcaf/downloads/morningstar_andex_chart_2022.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465637/; classtype:trojan-activity;sid:84328737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465638)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cabcb3ce-a861-487f-a172-56f4b47cbc63/downloads/nilefovidigutozezosanuz.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465638/; classtype:trojan-activity;sid:84328738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465640)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/39892598323.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465640/; classtype:trojan-activity;sid:84328740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465641)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/00810c7d-a901-42bd-b2e3-20945a4ad8cb/downloads/wimorawezabizu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465641/; classtype:trojan-activity;sid:84328741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465642)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/viduwe.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465642/; classtype:trojan-activity;sid:84328742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465643)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a1b48068-f219-4487-b633-0ea4f25dfa5f/downloads/57025089155.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465643/; classtype:trojan-activity;sid:84328743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465625)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/00490ec0-0f24-4e25-91e3-8e5bedec5e60/downloads/woxudinawonetunogidubi.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465625/; classtype:trojan-activity;sid:84328725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465626)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2224247e-29ce-4f8d-b838-abfcbdf269c0/downloads/16984198490.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465626/; classtype:trojan-activity;sid:84328726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465622)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/33bb6cfc-294d-4317-8afb-5d34ed60ffe6/downloads/20222176664.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465622/; classtype:trojan-activity;sid:84328722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465618)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/72454635563.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465618/; classtype:trojan-activity;sid:84328718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465621)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pisaxafubavofi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465621/; classtype:trojan-activity;sid:84328721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465613)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/catastrophic_disaster_area_property_inspection_report.pdf"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465613/; classtype:trojan-activity;sid:84328713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465615)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/citadel_document_solutions_lawsuit.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465615/; classtype:trojan-activity;sid:84328715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465607)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/fumaxogufav.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465607/; classtype:trojan-activity;sid:84328707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465610)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/kigepobesewizijipakusafal.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465610/; classtype:trojan-activity;sid:84328710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465600)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/tabuas_sumerias_traduzidas.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465600/; classtype:trojan-activity;sid:84328700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465603)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/17054728623.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465603/; classtype:trojan-activity;sid:84328703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465604)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/678cd2ef-32fa-4621-9c35-e4f34096b4ea/downloads/airbus_cml.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465604/; classtype:trojan-activity;sid:84328704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465605)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/3730146334.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465605/; classtype:trojan-activity;sid:84328705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465606)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/36770579775.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465606/; classtype:trojan-activity;sid:84328706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465594)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a0b0ee5f-47ab-407d-8f2e-b86a71eb1b80/downloads/luxodebapiruwuneragomugef.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465594/; classtype:trojan-activity;sid:84328694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465598)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/87554570559.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465598/; classtype:trojan-activity;sid:84328698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465599)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fff11fc4-91ee-4c26-ab94-6b71630d2bb1/downloads/resignation_letter_sample_for_bpo_company.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465599/; classtype:trojan-activity;sid:84328699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465586)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/84675915071.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465586/; classtype:trojan-activity;sid:84328686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465588)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/17a8127f-1a20-4f1c-a234-ba1b1a8873f5/downloads/90572854820.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465588/; classtype:trojan-activity;sid:84328688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465589)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/78534035283.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465589/; classtype:trojan-activity;sid:84328689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465590)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/wudofe.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465590/; classtype:trojan-activity;sid:84328690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465592)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/glassman_high_voltage_series_eq_manual.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465592/; classtype:trojan-activity;sid:84328692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465593)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/57653563602.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465593/; classtype:trojan-activity;sid:84328693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465585)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/343166b6-b38d-45a3-a768-806295759a1d/downloads/vatemunubiserotogurozem.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465585/; classtype:trojan-activity;sid:84328685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465582)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/simamutozudolejezeze.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465582/; classtype:trojan-activity;sid:84328682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465583)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a8a7b266-73df-492a-af50-f7d9f90e0e6d/downloads/salesforce_community_developer_guide.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465583/; classtype:trojan-activity;sid:84328683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465572)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/zepojekowokevi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465572/; classtype:trojan-activity;sid:84328672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465573)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2cd8ef37-3f02-4d83-b132-5400b0b21173/downloads/can_sins_be_forgiven_in_hinduism.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465573/; classtype:trojan-activity;sid:84328673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465574)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9390f2de-e8f5-48e5-8f1b-3aa5affb2913/downloads/ra_to_surface_finish.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465574/; classtype:trojan-activity;sid:84328674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465577)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/holman_enterprises_annual_report.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465577/; classtype:trojan-activity;sid:84328677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465551)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/chiller_factory_acceptance_test_checklist_template.pdf"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465551/; classtype:trojan-activity;sid:84328651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465552)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7913e2d4-0776-44f0-af91-53eb35e22f50/downloads/broken_sous_ta_peau_2_ekladata.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465552/; classtype:trojan-activity;sid:84328652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465553)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/lujipipatemajipurozurile.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465553/; classtype:trojan-activity;sid:84328653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465554)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/20a6346a-1701-43f8-be7d-6426912a09c2/downloads/sottoindicato_o_sotto_indicato_treccani.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465554/; classtype:trojan-activity;sid:84328654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465555)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62fde782-5483-4905-a6da-12e04ab1250b/downloads/38559734752.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465555/; classtype:trojan-activity;sid:84328655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465556)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dfa50dfd-b675-4866-b542-d79684ac1045/downloads/28769720040.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465556/; classtype:trojan-activity;sid:84328656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465557)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/formato_st-4_imss_para_imprimir.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465557/; classtype:trojan-activity;sid:84328657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465558)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/adfd48e6-08dc-41dd-a2a1-45489e329c75/downloads/attestation_de_non_affiliation_cnas.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465558/; classtype:trojan-activity;sid:84328658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465559)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tosca_automation_specialist_level_2_certification_questions_.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465559/; classtype:trojan-activity;sid:84328659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465560)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/how_to_factory_reset_verifone_mx915.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465560/; classtype:trojan-activity;sid:84328660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465561)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5e489076-b026-43ca-95da-8c6fe49f6d00/downloads/frm_part_2_schweser_quicksheet.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465561/; classtype:trojan-activity;sid:84328661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465562)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/incucyte_s3_user_guide.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465562/; classtype:trojan-activity;sid:84328662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465563)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/lean_visual_management_board_examples.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465563/; classtype:trojan-activity;sid:84328663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465564)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/1567746722.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465564/; classtype:trojan-activity;sid:84328664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465565)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6875802-d83d-45fa-a01c-dd9f30c53739/downloads/xujudodavudejeb.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465565/; classtype:trojan-activity;sid:84328665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465566)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/situation_denonciation_coupe_ou_ancre_exercices_corriges.pdf"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465566/; classtype:trojan-activity;sid:84328666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465567)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/wikuzidip.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465567/; classtype:trojan-activity;sid:84328667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465568)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d5e97205-d745-471d-94c2-4bc94f943a29/downloads/87185669225.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465568/; classtype:trojan-activity;sid:84328668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465569)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/likibixeve.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465569/; classtype:trojan-activity;sid:84328669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465570)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/exsilentia_4._0_user_guide.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465570/; classtype:trojan-activity;sid:84328670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465571)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/586b3ef6-c9db-4d1a-a9eb-303f942e21fa/downloads/55359157176.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465571/; classtype:trojan-activity;sid:84328671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465210)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kjjvh1muhjrkrzbajjlzjfawyi0zvxc1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465210/; classtype:trojan-activity;sid:84328310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464706)"; flow:established,from_client; content:"GET"; http_method; content:"/down/wupiao.3987.com.rar"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"forspeed.onlinedown.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464706/; classtype:trojan-activity;sid:84327806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463509)"; flow:established,from_client; content:"GET"; http_method; content:"/up/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"blessdayservices.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463509/; classtype:trojan-activity;sid:84326609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463513)"; flow:established,from_client; content:"GET"; http_method; content:"/v/"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"jessespridecharters.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463513/; classtype:trojan-activity;sid:84326613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463490)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"cambodiatouristservice.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463490/; classtype:trojan-activity;sid:84326590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463480)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"admin.gestroom.it"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463480/; classtype:trojan-activity;sid:84326580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463481)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"test.peperoncinochepassione.it"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463481/; classtype:trojan-activity;sid:84326581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463482)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"first-security-verden.de"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463482/; classtype:trojan-activity;sid:84326582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463470)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.first-security-verden.de"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463470/; classtype:trojan-activity;sid:84326570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463472)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"zamilgroups.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463472/; classtype:trojan-activity;sid:84326572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463459)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.website.mypetapp.co.za"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463459/; classtype:trojan-activity;sid:84326559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463446)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.bratusferramentas.grupomoltz.com.br"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463446/; classtype:trojan-activity;sid:84326546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463437)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"website.mypetapp.co.za"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463437/; classtype:trojan-activity;sid:84326537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463426)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"bmdcompany.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463426/; classtype:trojan-activity;sid:84326526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463430)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.zamilgroups.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463430/; classtype:trojan-activity;sid:84326530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463422)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.test.peperoncinochepassione.it"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463422/; classtype:trojan-activity;sid:84326522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463364)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"82.146.62.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463364/; classtype:trojan-activity;sid:84326464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462395)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips64n32"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462395/; classtype:trojan-activity;sid:84325495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462396)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpce500mc"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462396/; classtype:trojan-activity;sid:84325496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462397)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462397/; classtype:trojan-activity;sid:84325497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462398)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc440fp"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462398/; classtype:trojan-activity;sid:84325498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462399)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arcle750d"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462399/; classtype:trojan-activity;sid:84325499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462400)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc64e5500"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462400/; classtype:trojan-activity;sid:84325500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462401)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpce300c3"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462401/; classtype:trojan-activity;sid:84325501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462402)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arclehs38"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462402/; classtype:trojan-activity;sid:84325502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462403)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.armv7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462403/; classtype:trojan-activity;sid:84325503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462404)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.riscv32"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462404/; classtype:trojan-activity;sid:84325504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462405)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc64power8"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462405/; classtype:trojan-activity;sid:84325505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462406)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc64lepower8"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462406/; classtype:trojan-activity;sid:84325506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462407)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462407/; classtype:trojan-activity;sid:84325507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462408)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.sparc64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462408/; classtype:trojan-activity;sid:84325508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462409)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.aarch64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462409/; classtype:trojan-activity;sid:84325509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462410)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.riscv64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462410/; classtype:trojan-activity;sid:84325510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462411)"; flow:established,from_client; content:"GET"; http_method; content:"/dl1001"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462411/; classtype:trojan-activity;sid:84325511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462412)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.sparc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462412/; classtype:trojan-activity;sid:84325512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462413)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.armv6"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462413/; classtype:trojan-activity;sid:84325513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462414)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.armv4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462414/; classtype:trojan-activity;sid:84325514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462415)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc64e6500"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462415/; classtype:trojan-activity;sid:84325515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462416)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.aarch64be"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462416/; classtype:trojan-activity;sid:84325516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462417)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips64len32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462417/; classtype:trojan-activity;sid:84325517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462418)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462418/; classtype:trojan-activity;sid:84325518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462419)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.armv5"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462419/; classtype:trojan-activity;sid:84325519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461771)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin2.plg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461771/; classtype:trojan-activity;sid:84324871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461769)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin1.plg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461769/; classtype:trojan-activity;sid:84324869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461770)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin2.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461770/; classtype:trojan-activity;sid:84324870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461768)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin3.plg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461768/; classtype:trojan-activity;sid:84324868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461767)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin1.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461767/; classtype:trojan-activity;sid:84324867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461763)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin3.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461763/; classtype:trojan-activity;sid:84324863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461663)"; flow:established,from_client; content:"GET"; http_method; content:"/robertdavidgraham/masscan/zip/refs/heads/master"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461663/; classtype:trojan-activity;sid:84324763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461661)"; flow:established,from_client; content:"GET"; http_method; content:"/robertdavidgraham/masscan/archive/refs/heads/master.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461661/; classtype:trojan-activity;sid:84324761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460167)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460167/; classtype:trojan-activity;sid:84323267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.62.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460149/; classtype:trojan-activity;sid:84323249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460000)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uxmu02r04iaslsrsh9quahzfsvq3tozm"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460000/; classtype:trojan-activity;sid:84323100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3452200)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.62.202.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3452200/; classtype:trojan-activity;sid:84315300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3451827)"; flow:established,from_client; content:"GET"; http_method; content:"/jqueryui.js"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"webcstore.pw"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3451827/; classtype:trojan-activity;sid:84314927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450176)"; flow:established,from_client; content:"GET"; http_method; content:"/temp/putty.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"book.rollingvideogames.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3450176/; classtype:trojan-activity;sid:84313276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450147)"; flow:established,from_client; content:"GET"; http_method; content:"/loveryajenja/lwafmwoafmw11/raw/refs/heads/main/install.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3450147/; classtype:trojan-activity;sid:84313247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450048)"; flow:established,from_client; content:"GET"; http_method; content:"/continue/45.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.benshamcentre.co.uk"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3450048/; classtype:trojan-activity;sid:84313148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3449986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.248.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3449986/; classtype:trojan-activity;sid:84313086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447679)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips64le"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447679/; classtype:trojan-activity;sid:84310779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.87.42.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447681/; classtype:trojan-activity;sid:84310781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447670)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.i586"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447670/; classtype:trojan-activity;sid:84310770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447671)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arm8x64_be"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447671/; classtype:trojan-activity;sid:84310771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447673)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arm8x64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447673/; classtype:trojan-activity;sid:84310773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447674)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mipsle"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447674/; classtype:trojan-activity;sid:84310774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447675)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447675/; classtype:trojan-activity;sid:84310775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447676)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447676/; classtype:trojan-activity;sid:84310776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447677)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.x64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447677/; classtype:trojan-activity;sid:84310777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447466)"; flow:established,from_client; content:"GET"; http_method; content:"/laurenxss/36b18f37163aaa04654bd21e98d1b842/raw/dca82ba88fae8788a48ffb529f9610a0cc209781/x"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"gist.githubusercontent.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447466/; classtype:trojan-activity;sid:84310566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447458)"; flow:established,from_client; content:"GET"; http_method; content:"/sena1.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"leindisncieamrocea-1341831283.cos.sa-saopaulo.myqcloud.com"; http_host; depth:58; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447458/; classtype:trojan-activity;sid:84310558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447456)"; flow:established,from_client; content:"GET"; http_method; content:"/manga1.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"leindisncieamrocea-1341831283.cos.sa-saopaulo.myqcloud.com"; http_host; depth:58; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447456/; classtype:trojan-activity;sid:84310556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447457)"; flow:established,from_client; content:"GET"; http_method; content:"/colheita1.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leindisncieamrocea-1341831283.cos.sa-saopaulo.myqcloud.com"; http_host; depth:58; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447457/; classtype:trojan-activity;sid:84310557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446661)"; flow:established,from_client; content:"GET"; http_method; content:"/img001.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446661/; classtype:trojan-activity;sid:84309761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446653)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446653/; classtype:trojan-activity;sid:84309753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446649)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446649/; classtype:trojan-activity;sid:84309749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"206.214.35.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446415/; classtype:trojan-activity;sid:84309515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445854)"; flow:established,from_client; content:"GET"; http_method; content:"/coracion1.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vaamsmgfreocmroe-1342087530.cos.sa-saopaulo.myqcloud.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3445854/; classtype:trojan-activity;sid:84308954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445431)"; flow:established,from_client; content:"GET"; http_method; content:"/data/df4a3196-accc-423a-a43b-6768f1aafd3e.pdf"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"hotelembuguacu.blob.core.windows.net"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445431/; classtype:trojan-activity;sid:84308531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445438)"; flow:established,from_client; content:"GET"; http_method; content:"/data/f6416fd0-71f3-45de-8c79-3d0e7281f124.pdf"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"hotelembuguacu.blob.core.windows.net"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445438/; classtype:trojan-activity;sid:84308538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.91.204.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445302/; classtype:trojan-activity;sid:84308402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444507)"; flow:established,from_client; content:"GET"; http_method; content:"/leinchchanceleinch/jik/refs/heads/main/d.msi"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444507/; classtype:trojan-activity;sid:84307607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444267)"; flow:established,from_client; content:"GET"; http_method; content:"/leinchchanceleinch/jik/raw/refs/heads/main/d.msi"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444267/; classtype:trojan-activity;sid:84307367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443355)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.248.3.202.ll.sta.mana.pf"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443355/; classtype:trojan-activity;sid:84306455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443354)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.248.3.202.ll.sta.mana.pf"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443354/; classtype:trojan-activity;sid:84306454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443353)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99-118-215-24.lightspeed.irvnca.sbcglobal.net"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443353/; classtype:trojan-activity;sid:84306453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443350)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"host-95-230-215-65.business.telecomitalia.it"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443350/; classtype:trojan-activity;sid:84306450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.159.152.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443221/; classtype:trojan-activity;sid:84306321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443193)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"172.250.238.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443193/; classtype:trojan-activity;sid:84306293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442712)"; flow:established,from_client; content:"GET"; http_method; content:"/output0/client/cabalmain.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442712/; classtype:trojan-activity;sid:84305812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442701)"; flow:established,from_client; content:"GET"; http_method; content:"/output0/client/cabal.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442701/; classtype:trojan-activity;sid:84305801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442616)"; flow:established,from_client; content:"GET"; http_method; content:"/output/client/cabalmain.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442616/; classtype:trojan-activity;sid:84305716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442198)"; flow:established,from_client; content:"GET"; http_method; content:"/xxxx"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442198/; classtype:trojan-activity;sid:84305298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442196)"; flow:established,from_client; content:"GET"; http_method; content:"/ffff"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442196/; classtype:trojan-activity;sid:84305296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442197)"; flow:established,from_client; content:"GET"; http_method; content:"/asdf"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442197/; classtype:trojan-activity;sid:84305297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442195)"; flow:established,from_client; content:"GET"; http_method; content:"/libmod_hellocpp_42.so"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442195/; classtype:trojan-activity;sid:84305295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441890)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.122.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441890/; classtype:trojan-activity;sid:84304990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.200.25.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441868/; classtype:trojan-activity;sid:84304968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441724)"; flow:established,from_client; content:"GET"; http_method; content:"/output/client/cabal.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441724/; classtype:trojan-activity;sid:84304824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440974)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l/rls"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440974/; classtype:trojan-activity;sid:84304074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440971)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64/rls"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440971/; classtype:trojan-activity;sid:84304071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440972)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64/rld"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440972/; classtype:trojan-activity;sid:84304072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440969)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l/kthreadrm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440969/; classtype:trojan-activity;sid:84304069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440970)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64/kthreadrm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440970/; classtype:trojan-activity;sid:84304070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440930)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440930/; classtype:trojan-activity;sid:84304030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440931)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440931/; classtype:trojan-activity;sid:84304031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440932)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440932/; classtype:trojan-activity;sid:84304032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440934)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440934/; classtype:trojan-activity;sid:84304034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438591)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.11.36.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438591/; classtype:trojan-activity;sid:84301691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438594)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.11.36.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438594/; classtype:trojan-activity;sid:84301694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437118)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/adonis/pure_adonis"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437118/; classtype:trojan-activity;sid:84300218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437119)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/jnd/pure_jnd"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437119/; classtype:trojan-activity;sid:84300219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437116)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/adonis/all_adonis"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437116/; classtype:trojan-activity;sid:84300216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437117)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/pure_bean"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437117/; classtype:trojan-activity;sid:84300217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437115)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/all_bean"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437115/; classtype:trojan-activity;sid:84300215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437114)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/jnd/jnd_all"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437114/; classtype:trojan-activity;sid:84300214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435170)"; flow:established,from_client; content:"GET"; http_method; content:"/neo23x0/signature-base/archive/master.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435170/; classtype:trojan-activity;sid:84298270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.204.104.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435084/; classtype:trojan-activity;sid:84298184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.158.88.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435075/; classtype:trojan-activity;sid:84298175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.4.101.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433345/; classtype:trojan-activity;sid:84296445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432311)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.204.104.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432311/; classtype:trojan-activity;sid:84295411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432127)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.145.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432127/; classtype:trojan-activity;sid:84295227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431851)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/all_bean"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431851/; classtype:trojan-activity;sid:84294951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431850)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/pure_bean"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431850/; classtype:trojan-activity;sid:84294950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431687)"; flow:established,from_client; content:"GET"; http_method; content:"/bljysvhw/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431687/; classtype:trojan-activity;sid:84294787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431686)"; flow:established,from_client; content:"GET"; http_method; content:"/bljysvhw/img001.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431686/; classtype:trojan-activity;sid:84294786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431378)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.145.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431378/; classtype:trojan-activity;sid:84294478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429885)"; flow:established,from_client; content:"GET"; http_method; content:"/1/test.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ofice365.github.io"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429885/; classtype:trojan-activity;sid:84292985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429793)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"d2314eac.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429793/; classtype:trojan-activity;sid:84292893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.159.221.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429311/; classtype:trojan-activity;sid:84292411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.147.196.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424485/; classtype:trojan-activity;sid:84287585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.175.139.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424483/; classtype:trojan-activity;sid:84287583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423045)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.70.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423045/; classtype:trojan-activity;sid:84286145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423046)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.70.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423046/; classtype:trojan-activity;sid:84286146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423047)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.70.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423047/; classtype:trojan-activity;sid:84286147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423050)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.70.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423050/; classtype:trojan-activity;sid:84286150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421183)"; flow:established,from_client; content:"GET"; http_method; content:"/xsh/xsh.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"101.126.11.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421183/; classtype:trojan-activity;sid:84284283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421027)"; flow:established,from_client; content:"GET"; http_method; content:"/sigmaplus/4.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ny.lshdw.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421027/; classtype:trojan-activity;sid:84284127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421020)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp/emmetprod.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.147.43.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421020/; classtype:trojan-activity;sid:84284120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420564)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.70.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420564/; classtype:trojan-activity;sid:84283664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419560)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/raw/refs/heads/main/fast%20download.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419560/; classtype:trojan-activity;sid:84282660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419570)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/raw/refs/heads/main/444.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419570/; classtype:trojan-activity;sid:84282670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419477)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/raw/refs/heads/main/critscript.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419477/; classtype:trojan-activity;sid:84282577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419368)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17793058/lg246dre.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419368/; classtype:trojan-activity;sid:84282468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418042)"; flow:established,from_client; content:"GET"; http_method; content:"/cab/launcherloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.newkey.co.kr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418042/; classtype:trojan-activity;sid:84281142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417840)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.109.0.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417840/; classtype:trojan-activity;sid:84280940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417826)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.250.173.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417826/; classtype:trojan-activity;sid:84280926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417095)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1t9mwfr1azhmksosp19tomch5dyi3hb2n"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417095/; classtype:trojan-activity;sid:84280195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417085)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417085/; classtype:trojan-activity;sid:84280185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416671/; classtype:trojan-activity;sid:84279771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416673/; classtype:trojan-activity;sid:84279773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416674/; classtype:trojan-activity;sid:84279774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415308/; classtype:trojan-activity;sid:84278408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415207)"; flow:established,from_client; content:"GET"; http_method; content:"/loginanticheat4.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415207/; classtype:trojan-activity;sid:84278307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412921/; classtype:trojan-activity;sid:84276021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410864)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatethicalhacking/fud/blob/master/access.exe|3f|raw=true"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410864/; classtype:trojan-activity;sid:84273964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410865)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatethicalhacking/fud/raw/refs/heads/master/access.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410865/; classtype:trojan-activity;sid:84273965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410375)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.11.36.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410375/; classtype:trojan-activity;sid:84273475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409838)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatethicalhacking/fud/refs/heads/master/access.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409838/; classtype:trojan-activity;sid:84272938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.44.77.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407386/; classtype:trojan-activity;sid:84270486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406818)"; flow:established,from_client; content:"GET"; http_method; content:"/%eb%a7%ac%ec%9b%a8%ec%96%b4.hta"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"hobobot.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406818/; classtype:trojan-activity;sid:84269918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406822)"; flow:established,from_client; content:"GET"; http_method; content:"/%eb%b9%8c%ec%96%b4%20%eb%a8%b9%ec%9d%84.hta"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"hobobot.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406822/; classtype:trojan-activity;sid:84269922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405330)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.109.0.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405330/; classtype:trojan-activity;sid:84268430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405320)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405320/; classtype:trojan-activity;sid:84268420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405323)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405323/; classtype:trojan-activity;sid:84268423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405324)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405324/; classtype:trojan-activity;sid:84268424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405319)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405319/; classtype:trojan-activity;sid:84268419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405187)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405187/; classtype:trojan-activity;sid:84268287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405134)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.15.147.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405134/; classtype:trojan-activity;sid:84268234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405140)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.215.129.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405140/; classtype:trojan-activity;sid:84268240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405120)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.20.19.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405120/; classtype:trojan-activity;sid:84268220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403380)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/refs/heads/main/payload.bin"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403380/; classtype:trojan-activity;sid:84266480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402741)"; flow:established,from_client; content:"GET"; http_method; content:"/adobepdf-reader/pdf-reader/raw/refs/heads/main/pdf%20reader.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402741/; classtype:trojan-activity;sid:84265841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.6.203"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402154/; classtype:trojan-activity;sid:84265254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401644)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/wpr-addons/forms/code1.png"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"107.180.89.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401644/; classtype:trojan-activity;sid:84264744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401362)"; flow:established,from_client; content:"GET"; http_method; content:"/fxserver.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"198.50.242.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401362/; classtype:trojan-activity;sid:84264462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398629)"; flow:established,from_client; content:"GET"; http_method; content:"/ox2fa/justnow/refs/heads/main/1.sh"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3398629/; classtype:trojan-activity;sid:84261729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.168.227.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397531/; classtype:trojan-activity;sid:84260631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3395055)"; flow:established,from_client; content:"GET"; http_method; content:"/arvendrachhonkar/todo/releases/download/macosandwindows/install_setup_v1.2.0.dmg"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3395055/; classtype:trojan-activity;sid:84258155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394507)"; flow:established,from_client; content:"GET"; http_method; content:"/trismagi/daemon/raw/main/watchdog"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394507/; classtype:trojan-activity;sid:84257607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394121)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.56.225.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3394121/; classtype:trojan-activity;sid:84257221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394115)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.56.225.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3394115/; classtype:trojan-activity;sid:84257215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393662)"; flow:established,from_client; content:"GET"; http_method; content:"/roukistl/ud/refs/heads/main/ud.bat"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393662/; classtype:trojan-activity;sid:84256762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393596)"; flow:established,from_client; content:"GET"; http_method; content:"/thomson101/xhp/releases/download/release/steanings.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393596/; classtype:trojan-activity;sid:84256696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393047)"; flow:established,from_client; content:"GET"; http_method; content:"/thomson101/xhp/releases/download/release/steanings.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393047/; classtype:trojan-activity;sid:84256147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.8.112.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393011/; classtype:trojan-activity;sid:84256111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.24.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391609/; classtype:trojan-activity;sid:84254709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.8.112.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391592/; classtype:trojan-activity;sid:84254692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390789)"; flow:established,from_client; content:"GET"; http_method; content:"/kusaka.php|3f|call=av"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"cpofficial.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390789/; classtype:trojan-activity;sid:84253889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390749)"; flow:established,from_client; content:"GET"; http_method; content:"/kusaka.php|3f|call=smp"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mx9x.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390749/; classtype:trojan-activity;sid:84253849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389403)"; flow:established,from_client; content:"GET"; http_method; content:"/ngrokc/ctc/raw/main/ctc64.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389403/; classtype:trojan-activity;sid:84252503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389404)"; flow:established,from_client; content:"GET"; http_method; content:"/ngrokc/ctc/main/ctc64.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389404/; classtype:trojan-activity;sid:84252504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388907)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.83.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388907/; classtype:trojan-activity;sid:84252007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388858)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/solara.dir.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"c0e5b87c.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388858/; classtype:trojan-activity;sid:84251958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388859)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"c0e5b87c.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388859/; classtype:trojan-activity;sid:84251959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387720)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/raw/refs/heads/main/prueba.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387720/; classtype:trojan-activity;sid:84250820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386507)"; flow:established,from_client; content:"GET"; http_method; content:"/file-32bit.elf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386507/; classtype:trojan-activity;sid:84249607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386508)"; flow:established,from_client; content:"GET"; http_method; content:"/file.elf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386508/; classtype:trojan-activity;sid:84249608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386509)"; flow:established,from_client; content:"GET"; http_method; content:"/file-arm.elf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386509/; classtype:trojan-activity;sid:84249609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386510)"; flow:established,from_client; content:"GET"; http_method; content:"/file-64bit.elf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386510/; classtype:trojan-activity;sid:84249610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385167)"; flow:established,from_client; content:"GET"; http_method; content:"/soft_hair/ultravnc.ini"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"support.clz.kr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385167/; classtype:trojan-activity;sid:84248267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.116.68.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378993/; classtype:trojan-activity;sid:84242093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.1.110.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378964/; classtype:trojan-activity;sid:84242064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.142.63.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378974/; classtype:trojan-activity;sid:84242074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373486)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.45.15.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373486/; classtype:trojan-activity;sid:84236586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373487)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.45.15.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373487/; classtype:trojan-activity;sid:84236587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.191.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373074/; classtype:trojan-activity;sid:84236174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.160.109.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373080/; classtype:trojan-activity;sid:84236180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.236.135.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373057/; classtype:trojan-activity;sid:84236157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.244.113.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373067/; classtype:trojan-activity;sid:84236167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.216.107.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373050/; classtype:trojan-activity;sid:84236150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.20.27.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373026/; classtype:trojan-activity;sid:84236126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.93.83.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372979/; classtype:trojan-activity;sid:84236079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.27.224.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372992/; classtype:trojan-activity;sid:84236092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.85.166.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372968/; classtype:trojan-activity;sid:84236068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.49.114.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372953/; classtype:trojan-activity;sid:84236053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.177.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372956/; classtype:trojan-activity;sid:84236056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372903)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"111.74.21.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372903/; classtype:trojan-activity;sid:84236003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372902)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372902/; classtype:trojan-activity;sid:84236002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372900)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372900/; classtype:trojan-activity;sid:84236000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372891)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372891/; classtype:trojan-activity;sid:84235991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372892)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372892/; classtype:trojan-activity;sid:84235992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372893)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372893/; classtype:trojan-activity;sid:84235993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372896)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372896/; classtype:trojan-activity;sid:84235996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372898)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372898/; classtype:trojan-activity;sid:84235998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372883)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372883/; classtype:trojan-activity;sid:84235983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372884)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372884/; classtype:trojan-activity;sid:84235984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372885)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372885/; classtype:trojan-activity;sid:84235985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372886)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372886/; classtype:trojan-activity;sid:84235986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372887)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.141.62.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372887/; classtype:trojan-activity;sid:84235987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372890)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372890/; classtype:trojan-activity;sid:84235990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372876)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372876/; classtype:trojan-activity;sid:84235976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372878)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372878/; classtype:trojan-activity;sid:84235978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372879)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372879/; classtype:trojan-activity;sid:84235979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372880)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372880/; classtype:trojan-activity;sid:84235980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372704)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372704/; classtype:trojan-activity;sid:84235804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372705)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372705/; classtype:trojan-activity;sid:84235805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372684)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372684/; classtype:trojan-activity;sid:84235784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372657)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.190"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372657/; classtype:trojan-activity;sid:84235757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372658)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.216"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372658/; classtype:trojan-activity;sid:84235758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372654)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372654/; classtype:trojan-activity;sid:84235754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372651)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372651/; classtype:trojan-activity;sid:84235751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372645)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.124.72.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372645/; classtype:trojan-activity;sid:84235745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372625)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.189"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372625/; classtype:trojan-activity;sid:84235725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372627)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.115"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372627/; classtype:trojan-activity;sid:84235727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372639)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372639/; classtype:trojan-activity;sid:84235739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372621)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.109.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372621/; classtype:trojan-activity;sid:84235721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372615)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372615/; classtype:trojan-activity;sid:84235715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.87.31.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366263/; classtype:trojan-activity;sid:84229363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.73.75.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366262/; classtype:trojan-activity;sid:84229362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356912)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/ef.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.tdejb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356912/; classtype:trojan-activity;sid:84220012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356911)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/skifterne.sea"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.tdejb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356911/; classtype:trojan-activity;sid:84220011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356909)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/ef.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.astenterprises.com.pk"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356909/; classtype:trojan-activity;sid:84220009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356803)"; flow:established,from_client; content:"GET"; http_method; content:"/yn5og-40i6-9gu-9hjf.html"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bj5y6-0f-9h4-9fgg4-1324992141.cos.ap-bangkok.myqcloud.com"; http_host; depth:57; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356803/; classtype:trojan-activity;sid:84219903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356768)"; flow:established,from_client; content:"GET"; http_method; content:"/futon"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"weco2.oss-me-east-1.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356768/; classtype:trojan-activity;sid:84219868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356769)"; flow:established,from_client; content:"GET"; http_method; content:"/qq%e5%8d%8e%e5%a4%8f%e6%9b%b4%e6%96%b0%e6%96%87%e4%bb%b6/%e8%87%aa%e5%8a%a8%e6%9b%b4%e6%96%b0%e8%be%85%e5%8a%a9%e7%a8%8b%e5%ba%8f.exe"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"kuakuawenjian.oss-cn-hangzhou.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356769/; classtype:trojan-activity;sid:84219869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356761)"; flow:established,from_client; content:"GET"; http_method; content:"/smiple_4yue"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"weco2.oss-me-east-1.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356761/; classtype:trojan-activity;sid:84219861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356758)"; flow:established,from_client; content:"GET"; http_method; content:"/36hg-04ik6-9j4-9h5.html"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"f3i5-0g49bgn-3h95-1324992141.cos.ap-jakarta.myqcloud.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356758/; classtype:trojan-activity;sid:84219858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356750)"; flow:established,from_client; content:"GET"; http_method; content:"/35-0350gh9v-39yh5g.html"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"j-0-09g-9bh-h-ggf-1324992141.cos.ap-bangkok.myqcloud.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356750/; classtype:trojan-activity;sid:84219850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356162)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/refs/heads/main/critscript.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356162/; classtype:trojan-activity;sid:84219262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356145)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/refs/heads/main/fast%20download.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356145/; classtype:trojan-activity;sid:84219245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356134)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0xylife/asyncrat/refs/heads/main/asyncrat_09.02.2022.txt"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356134/; classtype:trojan-activity;sid:84219234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356133)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/refs/heads/main/444.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356133/; classtype:trojan-activity;sid:84219233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356118)"; flow:established,from_client; content:"GET"; http_method; content:"/deroxs/powerrat-leak/refs/heads/main/powerrat.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356118/; classtype:trojan-activity;sid:84219218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353957)"; flow:established,from_client; content:"GET"; http_method; content:"/rookievip/xx/main/loader.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353957/; classtype:trojan-activity;sid:84217057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353403)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/refs/heads/main/prueba.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353403/; classtype:trojan-activity;sid:84216503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353372)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/refs/heads/main/shellcode.bin"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353372/; classtype:trojan-activity;sid:84216472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353348)"; flow:established,from_client; content:"GET"; http_method; content:"/deroxs/powerrat-leak/raw/refs/heads/main/powerrat.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353348/; classtype:trojan-activity;sid:84216448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353349)"; flow:established,from_client; content:"GET"; http_method; content:"/resources/js/info2r.txt/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"188.81.134.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353349/; classtype:trojan-activity;sid:84216449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353345)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0xylife/asyncrat/raw/refs/heads/main/asyncrat_09.02.2022.txt"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353345/; classtype:trojan-activity;sid:84216445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353333)"; flow:established,from_client; content:"GET"; http_method; content:"/dlc_update.data"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"8.138.96.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353333/; classtype:trojan-activity;sid:84216433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353251)"; flow:established,from_client; content:"GET"; http_method; content:"/master.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353251/; classtype:trojan-activity;sid:84216351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353246)"; flow:established,from_client; content:"GET"; http_method; content:"//google.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353246/; classtype:trojan-activity;sid:84216346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353216)"; flow:established,from_client; content:"GET"; http_method; content:"//chromesetup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353216/; classtype:trojan-activity;sid:84216316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353204)"; flow:established,from_client; content:"GET"; http_method; content:"/wp.ps1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353204/; classtype:trojan-activity;sid:84216304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353123)"; flow:established,from_client; content:"GET"; http_method; content:"/cqhack/ddos-script/refs/heads/master/cqhack.pl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353123/; classtype:trojan-activity;sid:84216223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352821)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/2a.hta"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352821/; classtype:trojan-activity;sid:84215921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351932)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12jgde-soib4liipbdhs55vkz7ek8_ua6"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351932/; classtype:trojan-activity;sid:84215032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351478)"; flow:established,from_client; content:"GET"; http_method; content:"/ijeuwaesika/nna/raw/refs/heads/main/ifiinms.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351478/; classtype:trojan-activity;sid:84214578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351477)"; flow:established,from_client; content:"GET"; http_method; content:"/fsabxh/sfdawsdawdaw/raw/refs/heads/main/serials_checker.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351477/; classtype:trojan-activity;sid:84214577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351430)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/raw/refs/heads/main/critscript.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351430/; classtype:trojan-activity;sid:84214530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351428)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/raw/refs/heads/main/444.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351428/; classtype:trojan-activity;sid:84214528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351377)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/raw/refs/heads/main/fast%20download.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351377/; classtype:trojan-activity;sid:84214477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351320)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/raw/refs/heads/main/prueba.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351320/; classtype:trojan-activity;sid:84214420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351297)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-reverse-shell/raw/refs/heads/main/shellcode.bin"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351297/; classtype:trojan-activity;sid:84214397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351259)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/raw/refs/heads/main/shellcode.bin"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351259/; classtype:trojan-activity;sid:84214359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348000)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1ydcoow9tkyo5_qfbdzcaqkd9hzdoug7o"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348000/; classtype:trojan-activity;sid:84211100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347308)"; flow:established,from_client; content:"GET"; http_method; content:"/component/vc2005sp1redist_x86.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"windriversfiles.imeitools.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347308/; classtype:trojan-activity;sid:84210408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346530)"; flow:established,from_client; content:"GET"; http_method; content:"/whoafg/problemonfmech/refs/heads/main/client.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346530/; classtype:trojan-activity;sid:84209630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346026)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/41a1111.hta"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346026/; classtype:trojan-activity;sid:84209126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345089)"; flow:established,from_client; content:"GET"; http_method; content:"/n00b69/woasetup/releases/download/installers/dxwebsetup.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345089/; classtype:trojan-activity;sid:84208189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345076)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/2a.hta"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345076/; classtype:trojan-activity;sid:84208176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344216)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344216/; classtype:trojan-activity;sid:84207316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344177)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344177/; classtype:trojan-activity;sid:84207277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344172)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344172/; classtype:trojan-activity;sid:84207272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344116)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344116/; classtype:trojan-activity;sid:84207216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344054)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344054/; classtype:trojan-activity;sid:84207154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344015)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344015/; classtype:trojan-activity;sid:84207115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343939)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343939/; classtype:trojan-activity;sid:84207039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343827)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343827/; classtype:trojan-activity;sid:84206927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343814)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343814/; classtype:trojan-activity;sid:84206914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343669)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343669/; classtype:trojan-activity;sid:84206769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340580)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340580/; classtype:trojan-activity;sid:84203680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340578)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340578/; classtype:trojan-activity;sid:84203678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340577)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340577/; classtype:trojan-activity;sid:84203677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340567)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340567/; classtype:trojan-activity;sid:84203667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340568)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340568/; classtype:trojan-activity;sid:84203668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340569)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340569/; classtype:trojan-activity;sid:84203669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340570)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340570/; classtype:trojan-activity;sid:84203670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340573)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340573/; classtype:trojan-activity;sid:84203673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340574)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340574/; classtype:trojan-activity;sid:84203674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340575)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340575/; classtype:trojan-activity;sid:84203675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340576)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340576/; classtype:trojan-activity;sid:84203676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340440)"; flow:established,from_client; content:"GET"; http_method; content:"/dis3j/wagnerhook/releases/download/release/loader.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340440/; classtype:trojan-activity;sid:84203540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340399)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/xbest%20v1.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340399/; classtype:trojan-activity;sid:84203499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340398)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/complexo%20v4.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340398/; classtype:trojan-activity;sid:84203498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340395)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/box3d.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340395/; classtype:trojan-activity;sid:84203495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340396)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/lkwan.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340396/; classtype:trojan-activity;sid:84203496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340397)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/flunix9.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340397/; classtype:trojan-activity;sid:84203497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340392)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/elzhas%20pannel.dll"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340392/; classtype:trojan-activity;sid:84203492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340393)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/morovip.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340393/; classtype:trojan-activity;sid:84203493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340394)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/hazaxd.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340394/; classtype:trojan-activity;sid:84203494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340391)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/xbest.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340391/; classtype:trojan-activity;sid:84203491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340390)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/blue_and_white.dll"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340390/; classtype:trojan-activity;sid:84203490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340363)"; flow:established,from_client; content:"GET"; http_method; content:"/huuuuggga/aaaaa1/refs/heads/main/srtware.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340363/; classtype:trojan-activity;sid:84203463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339219)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"117.20.27.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339219/; classtype:trojan-activity;sid:84202319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339181)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.236.133.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339181/; classtype:trojan-activity;sid:84202281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339179)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"47.49.114.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339179/; classtype:trojan-activity;sid:84202279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339152)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.164.191.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339152/; classtype:trojan-activity;sid:84202252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339121)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.216.107.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339121/; classtype:trojan-activity;sid:84202221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339124)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.87.31.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339124/; classtype:trojan-activity;sid:84202224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339126)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.236.135.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339126/; classtype:trojan-activity;sid:84202226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339084)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.85.166.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339084/; classtype:trojan-activity;sid:84202184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338656)"; flow:established,from_client; content:"GET"; http_method; content:"/kabot/unix-privilege-escalation-exploits-pack/master/2012/vmsplice-local-root-exploit"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338656/; classtype:trojan-activity;sid:84201756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338560)"; flow:established,from_client; content:"GET"; http_method; content:"/ga13372/jv/main/javaw.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338560/; classtype:trojan-activity;sid:84201660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338548)"; flow:established,from_client; content:"GET"; http_method; content:"/nicxlau/alfa-shell/master/alfa-obfuscated.php"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338548/; classtype:trojan-activity;sid:84201648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338507)"; flow:established,from_client; content:"GET"; http_method; content:"/aissardp/payload/main/payload.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338507/; classtype:trojan-activity;sid:84201607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338505)"; flow:established,from_client; content:"GET"; http_method; content:"/cracker1337uwu/rrr/main/bypass.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338505/; classtype:trojan-activity;sid:84201605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338499)"; flow:established,from_client; content:"GET"; http_method; content:"/g1vi/cve-2023-2640-cve-2023-32629/main/exploit.sh"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338499/; classtype:trojan-activity;sid:84201599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338493)"; flow:established,from_client; content:"GET"; http_method; content:"/nguyenmanmkt/repo1/main/exploit-2"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338493/; classtype:trojan-activity;sid:84201593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338492)"; flow:established,from_client; content:"GET"; http_method; content:"/leetcipher/malware.development/main/self-injection/self-injection.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338492/; classtype:trojan-activity;sid:84201592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338487)"; flow:established,from_client; content:"GET"; http_method; content:"/cyberhunter00/remote_hijack/master/uac_bypass.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338487/; classtype:trojan-activity;sid:84201587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338475)"; flow:established,from_client; content:"GET"; http_method; content:"/cocomelonc/2022-01-14-malware-injection-13/master/hack.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338475/; classtype:trojan-activity;sid:84201575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338467)"; flow:established,from_client; content:"GET"; http_method; content:"/fxtazz/injection/main/index.js"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338467/; classtype:trojan-activity;sid:84201567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338471)"; flow:established,from_client; content:"GET"; http_method; content:"/leetcipher/malware.development/main/process-injection/process-injection.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338471/; classtype:trojan-activity;sid:84201571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338451)"; flow:established,from_client; content:"GET"; http_method; content:"/sixaknow/uac_bypass_/main/module_377498327498dcxvc32434.dll"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338451/; classtype:trojan-activity;sid:84201551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338443)"; flow:established,from_client; content:"GET"; http_method; content:"/pistacchietto/win-python-backdoor/master/standalone_payload.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338443/; classtype:trojan-activity;sid:84201543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337794)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/f/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337794/; classtype:trojan-activity;sid:84200894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337795)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/c/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337795/; classtype:trojan-activity;sid:84200895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337796)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/u/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337796/; classtype:trojan-activity;sid:84200896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337797)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/i/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337797/; classtype:trojan-activity;sid:84200897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337035)"; flow:established,from_client; content:"GET"; http_method; content:"/rahmoundll/kak/main/glew64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337035/; classtype:trojan-activity;sid:84200135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337026)"; flow:established,from_client; content:"GET"; http_method; content:"/nkaslq1/ankrnl/refs/heads/main/alphatweaks.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337026/; classtype:trojan-activity;sid:84200126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337032)"; flow:established,from_client; content:"GET"; http_method; content:"/haa15/driver-shitty/main/kdmapper_release.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337032/; classtype:trojan-activity;sid:84200132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337015)"; flow:established,from_client; content:"GET"; http_method; content:"/v0lt/virtualdub2/releases/download/2.1.3/virtualdub2_v2.1.3.667_win32.7z"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337015/; classtype:trojan-activity;sid:84200115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337012)"; flow:established,from_client; content:"GET"; http_method; content:"/cgmb/update.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337012/; classtype:trojan-activity;sid:84200112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337010)"; flow:established,from_client; content:"GET"; http_method; content:"/cgpro/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337010/; classtype:trojan-activity;sid:84200110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337004)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidixelaina/wuselaina/raw/refs/heads/main/build.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337004/; classtype:trojan-activity;sid:84200104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336992)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/refs/heads/main/taskmoder.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336992/; classtype:trojan-activity;sid:84200092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336993)"; flow:established,from_client; content:"GET"; http_method; content:"/z-beam/movaflag/releases/download/1.0.2/mova.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336993/; classtype:trojan-activity;sid:84200093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336990)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/refs/heads/main/cssgo.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336990/; classtype:trojan-activity;sid:84200090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336983)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/raw/refs/heads/main/black.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336983/; classtype:trojan-activity;sid:84200083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336077)"; flow:established,from_client; content:"GET"; http_method; content:"/nikolaevich23/make-pkg-bat/master/setup.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336077/; classtype:trojan-activity;sid:84199177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336072)"; flow:established,from_client; content:"GET"; http_method; content:"/eirxne/valorant-axeprime/main/axeprime.dll"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336072/; classtype:trojan-activity;sid:84199172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336068)"; flow:established,from_client; content:"GET"; http_method; content:"/stephenfewer/reflectivedllinjection/refs/heads/master/bin/reflective_dll.dll"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336068/; classtype:trojan-activity;sid:84199168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336058)"; flow:established,from_client; content:"GET"; http_method; content:"/anessdev/talha/main/talha.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336058/; classtype:trojan-activity;sid:84199158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336049)"; flow:established,from_client; content:"GET"; http_method; content:"/sqrtzeroknowledge/xworm-trojan/zip/refs/heads/main"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336049/; classtype:trojan-activity;sid:84199149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335208)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/master/rage.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335208/; classtype:trojan-activity;sid:84198308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335175)"; flow:established,from_client; content:"GET"; http_method; content:"/infectsocks32_sql_antivirus.vmp.dll"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335175/; classtype:trojan-activity;sid:84198275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335174)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowforce2008_64_add.vmp.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335174/; classtype:trojan-activity;sid:84198274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335173)"; flow:established,from_client; content:"GET"; http_method; content:"/infectsocks64_sql_antivirus.vmp.dll"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335173/; classtype:trojan-activity;sid:84198273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335166)"; flow:established,from_client; content:"GET"; http_method; content:"/upm2008.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335166/; classtype:trojan-activity;sid:84198266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335156)"; flow:established,from_client; content:"GET"; http_method; content:"/ndisinstaller3.2.32.1.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335156/; classtype:trojan-activity;sid:84198256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335149)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/2018-11/20181122103207926164.doc"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"xww.bucea.edu.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335149/; classtype:trojan-activity;sid:84198249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335154)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335154/; classtype:trojan-activity;sid:84198254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335147)"; flow:established,from_client; content:"GET"; http_method; content:"/iatinfect2008_64.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335147/; classtype:trojan-activity;sid:84198247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335141)"; flow:established,from_client; content:"GET"; http_method; content:"/winsetaccess64.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335141/; classtype:trojan-activity;sid:84198241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335135)"; flow:established,from_client; content:"GET"; http_method; content:"/writedat.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335135/; classtype:trojan-activity;sid:84198235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335136)"; flow:established,from_client; content:"GET"; http_method; content:"/mport.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335136/; classtype:trojan-activity;sid:84198236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335134)"; flow:established,from_client; content:"GET"; http_method; content:"/iland.dat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335134/; classtype:trojan-activity;sid:84198234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335132)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335132/; classtype:trojan-activity;sid:84198232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335119)"; flow:established,from_client; content:"GET"; http_method; content:"/mytime/files/3.3.7.0/mytime.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"down.ruanmei.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335119/; classtype:trojan-activity;sid:84198219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335118)"; flow:established,from_client; content:"GET"; http_method; content:"/cg70/update.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335118/; classtype:trojan-activity;sid:84198218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335096)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335096/; classtype:trojan-activity;sid:84198196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335074)"; flow:established,from_client; content:"GET"; http_method; content:"/_upload/article/files/90/f4/62d98f264ab0abc4a1f14a32607a/089c9dc1-8248-47b5-b35d-310cd70469b4.doc"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"hhbs.hhu.edu.cn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335074/; classtype:trojan-activity;sid:84198174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333897)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.dbg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333897/; classtype:trojan-activity;sid:84196997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333896)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333896/; classtype:trojan-activity;sid:84196996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333895)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333895/; classtype:trojan-activity;sid:84196995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333657)"; flow:established,from_client; content:"GET"; http_method; content:"/namblack666/zxqqw/refs/heads/main/main.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333657/; classtype:trojan-activity;sid:84196757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333658)"; flow:established,from_client; content:"GET"; http_method; content:"/namblack666/zxqqw/refs/heads/main/main1.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333658/; classtype:trojan-activity;sid:84196758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333651)"; flow:established,from_client; content:"GET"; http_method; content:"/nam-black/moneyandbitch/raw/refs/heads/main/main1.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333651/; classtype:trojan-activity;sid:84196751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333527)"; flow:established,from_client; content:"GET"; http_method; content:"/apk/pthlearning.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"chinaapper.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333527/; classtype:trojan-activity;sid:84196627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333522)"; flow:established,from_client; content:"GET"; http_method; content:"/azertyuiopexe/fud-crypter/zip/refs/heads/main"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333522/; classtype:trojan-activity;sid:84196622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333521)"; flow:established,from_client; content:"GET"; http_method; content:"/joh81/exploi01/main/document.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333521/; classtype:trojan-activity;sid:84196621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333518)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.8"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333518/; classtype:trojan-activity;sid:84196618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333513)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.10"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333513/; classtype:trojan-activity;sid:84196613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333514)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.3"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333514/; classtype:trojan-activity;sid:84196614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333511)"; flow:established,from_client; content:"GET"; http_method; content:"/hwangyounggul33/windows10/refs/heads/main/privacypolicy.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333511/; classtype:trojan-activity;sid:84196611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333509)"; flow:established,from_client; content:"GET"; http_method; content:"/caocaocc/yacd/zip/refs/heads/gh-pages"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333509/; classtype:trojan-activity;sid:84196609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333510)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9.2"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333510/; classtype:trojan-activity;sid:84196610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333508)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.11"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333508/; classtype:trojan-activity;sid:84196608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333499)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/refs/heads/main/agentnov.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333499/; classtype:trojan-activity;sid:84196599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333502)"; flow:established,from_client; content:"GET"; http_method; content:"/cirosantilli/china-dictatorship/zip/refs/heads/master"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333502/; classtype:trojan-activity;sid:84196602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333503)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.zip/refs/tags/0.8.1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333503/; classtype:trojan-activity;sid:84196603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333495)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.5"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333495/; classtype:trojan-activity;sid:84196595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333496)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.7"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333496/; classtype:trojan-activity;sid:84196596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333493)"; flow:established,from_client; content:"GET"; http_method; content:"/d-7uble/invoke-phant0m/zip/refs/heads/master"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333493/; classtype:trojan-activity;sid:84196593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333494)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.zip/refs/tags/0.7.1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333494/; classtype:trojan-activity;sid:84196594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333489)"; flow:established,from_client; content:"GET"; http_method; content:"/54n4l/mimikatzwindows/zip/refs/heads/master"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333489/; classtype:trojan-activity;sid:84196589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333485)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333485/; classtype:trojan-activity;sid:84196585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333482)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9.1"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333482/; classtype:trojan-activity;sid:84196582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333481)"; flow:established,from_client; content:"GET"; http_method; content:"/crowly-ai/hello-world/refs/heads/main/zubovlekciya.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333481/; classtype:trojan-activity;sid:84196581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333470)"; flow:established,from_client; content:"GET"; http_method; content:"/bloodhoundad/bloodhound/master/collectors/sharphound.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333470/; classtype:trojan-activity;sid:84196570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333458)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/calendar/setup.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333458/; classtype:trojan-activity;sid:84196558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333457)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/calendar.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333457/; classtype:trojan-activity;sid:84196557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333456)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/jeditor/jeditor.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333456/; classtype:trojan-activity;sid:84196556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333439)"; flow:established,from_client; content:"GET"; http_method; content:"/ytisf/thezoo/refs/heads/master/malware/binaries/ransomware.wannacry/ransomware.wannacry.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333439/; classtype:trojan-activity;sid:84196539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333435)"; flow:established,from_client; content:"GET"; http_method; content:"/newlog/exploiting/refs/heads/master/training/windows/practical_malware_analysis/labs/chapter_1l/lab01-02.exe"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333435/; classtype:trojan-activity;sid:84196535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333369)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/donut.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333369/; classtype:trojan-activity;sid:84196469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333359)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333359/; classtype:trojan-activity;sid:84196459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333355)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333355/; classtype:trojan-activity;sid:84196455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333357)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333357/; classtype:trojan-activity;sid:84196457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333350)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/raw/master/donut.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333350/; classtype:trojan-activity;sid:84196450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333351)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333351/; classtype:trojan-activity;sid:84196451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333352)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333352/; classtype:trojan-activity;sid:84196452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333353)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333353/; classtype:trojan-activity;sid:84196453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333343)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333343/; classtype:trojan-activity;sid:84196443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333322)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333322/; classtype:trojan-activity;sid:84196422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333321)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17793058/lg246dre.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333321/; classtype:trojan-activity;sid:84196421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333316)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333316/; classtype:trojan-activity;sid:84196416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333317)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333317/; classtype:trojan-activity;sid:84196417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332955)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/files/9/%e2%98%85%ec%a0%9c%ed%92%88%ec%82%ac%ec%9a%a9%ec%a0%84%20%ed%95%84%ec%88%98%ec%85%8b%ed%8c%85%e2%98%85.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"xn--yh4bx88a.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332955/; classtype:trojan-activity;sid:84196055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332954)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/files/9/%e2%ab%b8%ec%a0%9c%ed%92%88%ec%82%ac%ec%9a%a9%ec%a0%84%20%ed%95%84%ec%88%98%ec%85%8b%ed%8c%85%e2%ab%b7.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"xn--yh4bx88a.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332954/; classtype:trojan-activity;sid:84196054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332792)"; flow:established,from_client; content:"GET"; http_method; content:"/noccenter/noccenter/refs/heads/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332792/; classtype:trojan-activity;sid:84195892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332783)"; flow:established,from_client; content:"GET"; http_method; content:"/noccenter/noccenter/raw/refs/heads/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332783/; classtype:trojan-activity;sid:84195883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332780)"; flow:established,from_client; content:"GET"; http_method; content:"/baksvoronov/testingflrplgpreg/raw/refs/heads/main/connector1.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332780/; classtype:trojan-activity;sid:84195880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332771)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/main/critscript.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332771/; classtype:trojan-activity;sid:84195871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332764)"; flow:established,from_client; content:"GET"; http_method; content:"/mae-luadev/mae-tests/main/system.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332764/; classtype:trojan-activity;sid:84195864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332757)"; flow:established,from_client; content:"GET"; http_method; content:"/mae-luadev/mae-tests/raw/main/system.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332757/; classtype:trojan-activity;sid:84195857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331919)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/opyhjdase.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331919/; classtype:trojan-activity;sid:84195019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331862)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/popapoers.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331862/; classtype:trojan-activity;sid:84194962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331858)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/ljgksdtihd.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331858/; classtype:trojan-activity;sid:84194958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331850)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/pfntjejghjsdkr.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331850/; classtype:trojan-activity;sid:84194950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331828)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/vikings.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331828/; classtype:trojan-activity;sid:84194928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331826)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/bnkrigkawd.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331826/; classtype:trojan-activity;sid:84194926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331699)"; flow:established,from_client; content:"GET"; http_method; content:"/frenzy-zwaake/discordrat-2.0/main/client-built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331699/; classtype:trojan-activity;sid:84194799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331669)"; flow:established,from_client; content:"GET"; http_method; content:"/fofit-rater/1/refs/heads/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331669/; classtype:trojan-activity;sid:84194769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331670)"; flow:established,from_client; content:"GET"; http_method; content:"/efedursun125/xfakeplayers/master/xclient.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331670/; classtype:trojan-activity;sid:84194770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331664)"; flow:established,from_client; content:"GET"; http_method; content:"/v2/long-glade-33dc08/original//rump_img.jpeg"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"cdn.pixelbin.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331664/; classtype:trojan-activity;sid:84194764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331653)"; flow:established,from_client; content:"GET"; http_method; content:"/zonicleaks/yappadabbadoo/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331653/; classtype:trojan-activity;sid:84194753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331648)"; flow:established,from_client; content:"GET"; http_method; content:"/jikoos/rrr/main/xclient.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331648/; classtype:trojan-activity;sid:84194748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331649)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/debug2.ps1"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.drgenov.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331649/; classtype:trojan-activity;sid:84194749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331639)"; flow:established,from_client; content:"GET"; http_method; content:"/frenzy-zwaake/discordrat-2.0/deferred-metadata/main/client-built.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331639/; classtype:trojan-activity;sid:84194739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331633)"; flow:established,from_client; content:"GET"; http_method; content:"/joeljosephpajeet/testexe/refs/heads/main/xclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331633/; classtype:trojan-activity;sid:84194733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331626)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/debug4.ps1"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.drgenov.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331626/; classtype:trojan-activity;sid:84194726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331630)"; flow:established,from_client; content:"GET"; http_method; content:"/cheetz/nishang/master/gather/keylogger.ps1"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331630/; classtype:trojan-activity;sid:84194730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331588)"; flow:established,from_client; content:"GET"; http_method; content:"/cookieskush/pip-package-template/master/client-built.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331588/; classtype:trojan-activity;sid:84194688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331574)"; flow:established,from_client; content:"GET"; http_method; content:"/efedursun125/xfakeplayers/refs/heads/master/xclient.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331574/; classtype:trojan-activity;sid:84194674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331534)"; flow:established,from_client; content:"GET"; http_method; content:"/cidadejunina/js/vendor/debug2.ps1"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"transparenciacanaa.com.br"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331534/; classtype:trojan-activity;sid:84194634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331498)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_-w5me4evtzbdzix_v_ymzdelazhrv5z"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331498/; classtype:trojan-activity;sid:84194598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331500)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nskagzrswpttoue3wbrhdqpyzlyve4tg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331500/; classtype:trojan-activity;sid:84194600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331490)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1o3zw7sodji4uk954kngkdyshyl37gozq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331490/; classtype:trojan-activity;sid:84194590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318580)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.39.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318580/; classtype:trojan-activity;sid:84181680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318498)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.39.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318498/; classtype:trojan-activity;sid:84181598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318309)"; flow:established,from_client; content:"GET"; http_method; content:"/khangdz1801/raw/refs/heads/main/sound.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318309/; classtype:trojan-activity;sid:84181409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317713)"; flow:established,from_client; content:"GET"; http_method; content:"/m2/plugin2.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317713/; classtype:trojan-activity;sid:84180813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317712)"; flow:established,from_client; content:"GET"; http_method; content:"/m2/plugin1.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317712/; classtype:trojan-activity;sid:84180812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317707)"; flow:established,from_client; content:"GET"; http_method; content:"/m2/plugin3.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317707/; classtype:trojan-activity;sid:84180807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317497)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/images/media/thing2"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"divvanews.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317497/; classtype:trojan-activity;sid:84180597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315253)"; flow:established,from_client; content:"GET"; http_method; content:"/order/purchaseorder.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"csg-app.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3315253/; classtype:trojan-activity;sid:84178353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315254)"; flow:established,from_client; content:"GET"; http_method; content:"/order/putty.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"csg-app.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3315254/; classtype:trojan-activity;sid:84178354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308912)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.18.210.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308912/; classtype:trojan-activity;sid:84172012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308898)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"61.183.16.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308898/; classtype:trojan-activity;sid:84171998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308894)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.155.74.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308894/; classtype:trojan-activity;sid:84171994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308883)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308883/; classtype:trojan-activity;sid:84171983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308875)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308875/; classtype:trojan-activity;sid:84171975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308847)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.26.174.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308847/; classtype:trojan-activity;sid:84171947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308798)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1idr9p3dgxkblhu7h4jckclzmtlibwsiw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308798/; classtype:trojan-activity;sid:84171898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308797)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1c2pnucvma1shu90mnauhef6shildth-s"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308797/; classtype:trojan-activity;sid:84171897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303817)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jbzzntbk1kuszoofww7hsqfdh066ontf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303817/; classtype:trojan-activity;sid:84166917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303818)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hkvynldkcbdd50_bsw3s9tk5elbduxtg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303818/; classtype:trojan-activity;sid:84166918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300881)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/y.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300881/; classtype:trojan-activity;sid:84163981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300382)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/test.xll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300382/; classtype:trojan-activity;sid:84163482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300387)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/ud.bat"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300387/; classtype:trojan-activity;sid:84163487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300377)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/t.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300377/; classtype:trojan-activity;sid:84163477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300378)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/template.dotm"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300378/; classtype:trojan-activity;sid:84163478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300374)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/doadmin.png"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300374/; classtype:trojan-activity;sid:84163474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300375)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/steamerx.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300375/; classtype:trojan-activity;sid:84163475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300376)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/justpoc.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300376/; classtype:trojan-activity;sid:84163476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300371)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/u.xls"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300371/; classtype:trojan-activity;sid:84163471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300372)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/scriptlet"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300372/; classtype:trojan-activity;sid:84163472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300068)"; flow:established,from_client; content:"GET"; http_method; content:"/es.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pub-cdd0dd27ae6a4aee9841d397e0496374.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3300068/; classtype:trojan-activity;sid:84163168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298233)"; flow:established,from_client; content:"GET"; http_method; content:"/saked018/rivada/refs/heads/main/mis_file_9888123_received_xsls.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298233/; classtype:trojan-activity;sid:84161333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298219)"; flow:established,from_client; content:"GET"; http_method; content:"/saked018/rivada/raw/refs/heads/main/mis_file_9888123_received_xsls.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298219/; classtype:trojan-activity;sid:84161319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298207)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/dcm/raw/refs/heads/main/document.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298207/; classtype:trojan-activity;sid:84161307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298202)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/ud/raw/refs/heads/main/ud.bat"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298202/; classtype:trojan-activity;sid:84161302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298205)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/raw/refs/heads/main/u.xls"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298205/; classtype:trojan-activity;sid:84161305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298201)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/raw/refs/heads/main/ud.bat"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298201/; classtype:trojan-activity;sid:84161301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296209)"; flow:established,from_client; content:"GET"; http_method; content:"/crm/exe/update.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.zhikey.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296209/; classtype:trojan-activity;sid:84159309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294913)"; flow:established,from_client; content:"GET"; http_method; content:"/ledshow1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"101.200.220.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294913/; classtype:trojan-activity;sid:84158013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294809)"; flow:established,from_client; content:"GET"; http_method; content:"/configureregistrysettings.ps1"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.247.164.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294809/; classtype:trojan-activity;sid:84157909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294619)"; flow:established,from_client; content:"GET"; http_method; content:"/noureddine-nt9/rgsdr/raw/refs/heads/main/cheet.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294619/; classtype:trojan-activity;sid:84157719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292014)"; flow:established,from_client; content:"GET"; http_method; content:"/n/tui/mininews/mininewsplus/3.0.0.26165/mininewsplus-2.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"mininews.kpzip.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292014/; classtype:trojan-activity;sid:84155114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291869)"; flow:established,from_client; content:"GET"; http_method; content:"/images/stories/guides/guide2018.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"dcwblida.dz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291869/; classtype:trojan-activity;sid:84154969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289875)"; flow:established,from_client; content:"GET"; http_method; content:"/r00ts3c/ddos-rootsec/refs/heads/master/ddos%20scripts/l4/udp/10gbpsudp.py"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289875/; classtype:trojan-activity;sid:84152975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.255.216.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289466/; classtype:trojan-activity;sid:84152566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.202.101.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289456/; classtype:trojan-activity;sid:84152556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.118.75.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288915/; classtype:trojan-activity;sid:84152015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.143.20.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286969/; classtype:trojan-activity;sid:84150069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.73.64.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286828/; classtype:trojan-activity;sid:84149928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286518)"; flow:established,from_client; content:"GET"; http_method; content:"/kzxiaopeng2/kuaizip_setup_-808202126_xiaopeng2_001.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"d.kpzip.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286518/; classtype:trojan-activity;sid:84149618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.70.244.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286371/; classtype:trojan-activity;sid:84149471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286067)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-reverse-shell/main/shellcode.bin"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286067/; classtype:trojan-activity;sid:84149167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281714)"; flow:established,from_client; content:"GET"; http_method; content:"/s3cur3th1ssh1t/creds/master/obfuscatedps/dccuac.ps1"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281714/; classtype:trojan-activity;sid:84144814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281085)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/raw/master/rage.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281085/; classtype:trojan-activity;sid:84144185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280680)"; flow:established,from_client; content:"GET"; http_method; content:"/fiies/stormfn-launcher/raw/refs/heads/main/stormfn-launcher.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280680/; classtype:trojan-activity;sid:84143780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279353)"; flow:established,from_client; content:"GET"; http_method; content:"/xavieprowel/crispy-palm-tree/releases/download/1/3e3ev3.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279353/; classtype:trojan-activity;sid:84142453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278669)"; flow:established,from_client; content:"GET"; http_method; content:"/txdown_disk/%e8%bd%af%e4%bb%b6%e4%bd%bf%e7%94%a8/%e7%bc%ba%e5%a4%b1%e4%b8%8b%e8%bd%bd/plugin.dll"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"disk.accord1key.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278669/; classtype:trojan-activity;sid:84141769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278573)"; flow:established,from_client; content:"GET"; http_method; content:"/ciphershld/ms-p-1a/master/setup%20ms%20p-1a.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278573/; classtype:trojan-activity;sid:84141673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278576)"; flow:established,from_client; content:"GET"; http_method; content:"/minecradt/regdelete/readme-edits/hell9o.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278576/; classtype:trojan-activity;sid:84141676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278567)"; flow:established,from_client; content:"GET"; http_method; content:"/openpeach/dotnetfx_cleanup_tool/refs/heads/master/cleanup_tool.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278567/; classtype:trojan-activity;sid:84141667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278362)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1las2cmd3reobg45qhkqhawi90h4_u0kd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278362/; classtype:trojan-activity;sid:84141462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278361)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=17hv9-3t2ilikbmcfql2z66ipd72x4mz7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278361/; classtype:trojan-activity;sid:84141461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276956)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"216.201.80.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276956/; classtype:trojan-activity;sid:84140056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276896)"; flow:established,from_client; content:"GET"; http_method; content:"/loistupidpet/sfdawsdawdaw/main/serials_checker.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276896/; classtype:trojan-activity;sid:84139996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275669)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kc4fdseohzqymz2x0ncqswph66uxdb1z"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275669/; classtype:trojan-activity;sid:84138769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275667)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1u_rahqbks7vd7qqc6wx3gxnjxtfqrzbp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275667/; classtype:trojan-activity;sid:84138767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275658)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1-8qpzgr4-iis53p1-kr2-o6prrjmnksk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275658/; classtype:trojan-activity;sid:84138758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275656)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ubqrhziusgl-cn_nie2_udj4qi6qrqsw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275656/; classtype:trojan-activity;sid:84138756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275240)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ikoxnnlvglh6jhnfqkrsihss_p2dqkyp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275240/; classtype:trojan-activity;sid:84138340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275241)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1r7oi2jekx0ks1wqpt0ms3_kqvukzy3dv"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275241/; classtype:trojan-activity;sid:84138341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275242)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gmzqsemymffka4lve0jkwa06sklk7xhu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275242/; classtype:trojan-activity;sid:84138342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274064)"; flow:established,from_client; content:"GET"; http_method; content:"/borisizdabezt/exitlag-hwid-spoofer/main/drv64.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274064/; classtype:trojan-activity;sid:84137164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274049)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/raw/main/spoofy.sys"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274049/; classtype:trojan-activity;sid:84137149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274047)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/refs/heads/main/spoofy.sys"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274047/; classtype:trojan-activity;sid:84137147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274048)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/raw/refs/heads/main/spoofy.sys"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274048/; classtype:trojan-activity;sid:84137148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272092)"; flow:established,from_client; content:"GET"; http_method; content:"/ordogos2/g575/releases/download/download/setup.7.0.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272092/; classtype:trojan-activity;sid:84135192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271922)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/injector.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271922/; classtype:trojan-activity;sid:84135022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271923)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/injectorold.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271923/; classtype:trojan-activity;sid:84135023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271924)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/driver.sys"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271924/; classtype:trojan-activity;sid:84135024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271925)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/loader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271925/; classtype:trojan-activity;sid:84135025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271919)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/ogfn%20updater.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271919/; classtype:trojan-activity;sid:84135019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271920)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/pclient.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271920/; classtype:trojan-activity;sid:84135020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271921)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/kdmapper_release.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271921/; classtype:trojan-activity;sid:84135021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271663)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"123.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271663/; classtype:trojan-activity;sid:84134763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271634)"; flow:established,from_client; content:"GET"; http_method; content:"/undertalanted/mod/refs/heads/main/svchost.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271634/; classtype:trojan-activity;sid:84134734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271624)"; flow:established,from_client; content:"GET"; http_method; content:"/sdifru877234/ilu123g5/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271624/; classtype:trojan-activity;sid:84134724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271617)"; flow:established,from_client; content:"GET"; http_method; content:"/regolx1/hadb/refs/heads/main/svchost.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271617/; classtype:trojan-activity;sid:84134717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271614)"; flow:established,from_client; content:"GET"; http_method; content:"/chokopie333/doom/main/svchost.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271614/; classtype:trojan-activity;sid:84134714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271612)"; flow:established,from_client; content:"GET"; http_method; content:"/artem674118/erterytry/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271612/; classtype:trojan-activity;sid:84134712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271609)"; flow:established,from_client; content:"GET"; http_method; content:"/morgantaraum/automatic-octo-barnacle/refs/heads/main/svchost.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271609/; classtype:trojan-activity;sid:84134709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271610)"; flow:established,from_client; content:"GET"; http_method; content:"/media/furystorage/api/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"media.githubusercontent.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271610/; classtype:trojan-activity;sid:84134710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271611)"; flow:established,from_client; content:"GET"; http_method; content:"/zodiac1616/test/refs/heads/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271611/; classtype:trojan-activity;sid:84134711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271605)"; flow:established,from_client; content:"GET"; http_method; content:"/sdifru877234/ilu123g5/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271605/; classtype:trojan-activity;sid:84134705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271594)"; flow:established,from_client; content:"GET"; http_method; content:"/artem674118/erterytry/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271594/; classtype:trojan-activity;sid:84134694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271586)"; flow:established,from_client; content:"GET"; http_method; content:"/chokopie333/doom/raw/main/svchost.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271586/; classtype:trojan-activity;sid:84134686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271587)"; flow:established,from_client; content:"GET"; http_method; content:"/morgantaraum/automatic-octo-barnacle/raw/refs/heads/main/svchost.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271587/; classtype:trojan-activity;sid:84134687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271590)"; flow:established,from_client; content:"GET"; http_method; content:"/zodiac1616/test/raw/refs/heads/main/svchost.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271590/; classtype:trojan-activity;sid:84134690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271366)"; flow:established,from_client; content:"GET"; http_method; content:"/zzrevva1/osu-maple/refs/heads/main/extremeinjector.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271366/; classtype:trojan-activity;sid:84134466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271369)"; flow:established,from_client; content:"GET"; http_method; content:"/zzrevva1/osu-maple/raw/refs/heads/main/extremeinjector.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271369/; classtype:trojan-activity;sid:84134469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270196)"; flow:established,from_client; content:"GET"; http_method; content:"/novocrm/static/winring0x64.sys"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"118.189.172.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270196/; classtype:trojan-activity;sid:84133296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270195)"; flow:established,from_client; content:"GET"; http_method; content:"/ggassistant/update/2.3.11.29/tool/winring0x64.sys|3f|skq=1701042218"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"shqdown.ggzuhao.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270195/; classtype:trojan-activity;sid:84133295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270193)"; flow:established,from_client; content:"GET"; http_method; content:"/miguel-b-p/..../raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270193/; classtype:trojan-activity;sid:84133293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270185)"; flow:established,from_client; content:"GET"; http_method; content:"/silenthashik/winring/raw/main/winring0x64.sys"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270185/; classtype:trojan-activity;sid:84133285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270186)"; flow:established,from_client; content:"GET"; http_method; content:"/hak333444/xmrig/raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270186/; classtype:trojan-activity;sid:84133286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270188)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/blob/master/bin/winring0/winring0x64.sys|3f|raw=true"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270188/; classtype:trojan-activity;sid:84133288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270189)"; flow:established,from_client; content:"GET"; http_method; content:"/so251/olaquerida/releases/download/1releasae/winring0x64.sys"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270189/; classtype:trojan-activity;sid:84133289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270191)"; flow:established,from_client; content:"GET"; http_method; content:"/jsjsjsc79/advsd/raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270191/; classtype:trojan-activity;sid:84133291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270192)"; flow:established,from_client; content:"GET"; http_method; content:"/stickmengamer/idk/raw/main/winring0x64.sys"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270192/; classtype:trojan-activity;sid:84133292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270183)"; flow:established,from_client; content:"GET"; http_method; content:"/sopranotech/dimeo/main/winring0x64.sys"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270183/; classtype:trojan-activity;sid:84133283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270184)"; flow:established,from_client; content:"GET"; http_method; content:"/abrissyy/min/main/winring0x64.sys"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270184/; classtype:trojan-activity;sid:84133284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269715)"; flow:established,from_client; content:"GET"; http_method; content:"/sqrtzeroknowledge/xworm-trojan/archive/refs/heads/main.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269715/; classtype:trojan-activity;sid:84132815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265959)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ygqwpvxadhjsxskr3u3tdw2u5dnzv0pp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265959/; classtype:trojan-activity;sid:84129059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265958)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uzjwtbh4hcs9i060hwf08hrnymnodugn"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265958/; classtype:trojan-activity;sid:84129058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258033)"; flow:established,from_client; content:"GET"; http_method; content:"/ijeuwaesika/nna/refs/heads/main/ifiinms.txt"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258033/; classtype:trojan-activity;sid:84121133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257484)"; flow:established,from_client; content:"GET"; http_method; content:"/data/javaw/net/net.xsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"shangmei-test.oss-cn-beijing.aliyuncs.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257484/; classtype:trojan-activity;sid:84120584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257470)"; flow:established,from_client; content:"GET"; http_method; content:"/netstat.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cat.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257470/; classtype:trojan-activity;sid:84120570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257471)"; flow:established,from_client; content:"GET"; http_method; content:"/net/net.xsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cat.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257471/; classtype:trojan-activity;sid:84120571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257473)"; flow:established,from_client; content:"GET"; http_method; content:"/javaw2/net/net.xsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sec.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257473/; classtype:trojan-activity;sid:84120573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257474)"; flow:established,from_client; content:"GET"; http_method; content:"/javaw2/inst.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"sec.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257474/; classtype:trojan-activity;sid:84120574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257475)"; flow:established,from_client; content:"GET"; http_method; content:"/netstat.xsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cat.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257475/; classtype:trojan-activity;sid:84120575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257477)"; flow:established,from_client; content:"GET"; http_method; content:"/javaw2/instance.ps1"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sec.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257477/; classtype:trojan-activity;sid:84120577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257450)"; flow:established,from_client; content:"GET"; http_method; content:"/netstat.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cat.dashabi.in"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257450/; classtype:trojan-activity;sid:84120550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257451)"; flow:established,from_client; content:"GET"; http_method; content:"/javaw2/winring0x64.sys"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sec.dashabi.in"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257451/; classtype:trojan-activity;sid:84120551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257457)"; flow:established,from_client; content:"GET"; http_method; content:"/javaw2/javaw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"sec.dashabi.in"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257457/; classtype:trojan-activity;sid:84120557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257464)"; flow:established,from_client; content:"GET"; http_method; content:"/javaw2/instance.ps1"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sec.xiaojiji.nl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257464/; classtype:trojan-activity;sid:84120564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257465)"; flow:established,from_client; content:"GET"; http_method; content:"/netstat.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cat.xiaojiji.nl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257465/; classtype:trojan-activity;sid:84120565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254228)"; flow:established,from_client; content:"GET"; http_method; content:"/kdot227/somalifuscator/archive/refs/heads/main.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254228/; classtype:trojan-activity;sid:84117328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254226)"; flow:established,from_client; content:"GET"; http_method; content:"/proxyonly/www/raw/main/security.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254226/; classtype:trojan-activity;sid:84117326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254222)"; flow:established,from_client; content:"GET"; http_method; content:"/robloxdev1223/requirements/raw/main/requirements.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254222/; classtype:trojan-activity;sid:84117322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252630)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17267811/stm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252630/; classtype:trojan-activity;sid:84115730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249739)"; flow:established,from_client; content:"GET"; http_method; content:"/img_up/shop_pds/nicehana/client.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"www.xn--on3b15m2lco2u.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249739/; classtype:trojan-activity;sid:84112839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249735)"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.193.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249735/; classtype:trojan-activity;sid:84112835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249675)"; flow:established,from_client; content:"GET"; http_method; content:"/quasar/quasar/releases/download/v1.4.1/quasar.v1.4.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249675/; classtype:trojan-activity;sid:84112775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249662)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/refs/heads/master/rat/njrat.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249662/; classtype:trojan-activity;sid:84112762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246018)"; flow:established,from_client; content:"GET"; http_method; content:"/mestalic/site/refs/heads/main/file.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246018/; classtype:trojan-activity;sid:84109118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245733)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.152.219.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245733/; classtype:trojan-activity;sid:84108833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245732)"; flow:established,from_client; content:"GET"; http_method; content:"/vz.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"51.79.124.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245732/; classtype:trojan-activity;sid:84108832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245730)"; flow:established,from_client; content:"GET"; http_method; content:"/chinese.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"202.129.16.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245730/; classtype:trojan-activity;sid:84108830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245463)"; flow:established,from_client; content:"GET"; http_method; content:"/hs.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245463/; classtype:trojan-activity;sid:84108563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245459)"; flow:established,from_client; content:"GET"; http_method; content:"/kg.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245459/; classtype:trojan-activity;sid:84108559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245458)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245458/; classtype:trojan-activity;sid:84108558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243086)"; flow:established,from_client; content:"GET"; http_method; content:"/update/data/update.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"114.55.106.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243086/; classtype:trojan-activity;sid:84106186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243082)"; flow:established,from_client; content:"GET"; http_method; content:"/sysupdate/ckbgd/2.3.0624.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"8.131.63.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243082/; classtype:trojan-activity;sid:84106182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243077)"; flow:established,from_client; content:"GET"; http_method; content:"/sysupdate/ckbgd/2.3.0703.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"8.131.63.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243077/; classtype:trojan-activity;sid:84106177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242983)"; flow:established,from_client; content:"GET"; http_method; content:"/flowseal/zapret-discord-youtube/releases/download/1.1.1/zapret-discord-youtube-1.1.1.rar"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242983/; classtype:trojan-activity;sid:84106083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242663)"; flow:established,from_client; content:"GET"; http_method; content:"/hmatrix/data/hack0832.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cd.textfiles.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242663/; classtype:trojan-activity;sid:84105763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242642)"; flow:established,from_client; content:"GET"; http_method; content:"/rishabhkumardeveloper/malware_analysis_using_ml/main/wildfire-test-pe-file.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242642/; classtype:trojan-activity;sid:84105742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241764)"; flow:established,from_client; content:"GET"; http_method; content:"/mori-miyako/discord-token-generator/zip/refs/heads/main"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241764/; classtype:trojan-activity;sid:84104864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241765)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/main/tweaks.7z"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241765/; classtype:trojan-activity;sid:84104865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241756)"; flow:established,from_client; content:"GET"; http_method; content:"/intergate0/none/main/main.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241756/; classtype:trojan-activity;sid:84104856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241752)"; flow:established,from_client; content:"GET"; http_method; content:"/kntjspr/licensebytes/refs/heads/main/licensemalwarebytes.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241752/; classtype:trojan-activity;sid:84104852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241644)"; flow:established,from_client; content:"GET"; http_method; content:"/baksvoronov/testingflrplgpreg/refs/heads/main/connector1.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241644/; classtype:trojan-activity;sid:84104744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241637)"; flow:established,from_client; content:"GET"; http_method; content:"/s107000665/c1/master/1223.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241637/; classtype:trojan-activity;sid:84104737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241638)"; flow:established,from_client; content:"GET"; http_method; content:"/iciamyplant/ctf/master/plantrojan.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241638/; classtype:trojan-activity;sid:84104738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241639)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/main/shellcode.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241639/; classtype:trojan-activity;sid:84104739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241640)"; flow:established,from_client; content:"GET"; http_method; content:"/killbillpribil/world-of-tanks/master/world%20of%20tanks.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241640/; classtype:trojan-activity;sid:84104740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241641)"; flow:established,from_client; content:"GET"; http_method; content:"/mach1el/htb-scripts/master/exploit-fuse/shell.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241641/; classtype:trojan-activity;sid:84104741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241642)"; flow:established,from_client; content:"GET"; http_method; content:"/khr0x40sh/whitelistevasion/master/installutil/script.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241642/; classtype:trojan-activity;sid:84104742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241635)"; flow:established,from_client; content:"GET"; http_method; content:"/msf.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"qiniuyunxz.yxflzs.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241635/; classtype:trojan-activity;sid:84104735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241559)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/resources/donut.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241559/; classtype:trojan-activity;sid:84104659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241404)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.39.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241404/; classtype:trojan-activity;sid:84104504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241382)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.39.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241382/; classtype:trojan-activity;sid:84104482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241127)"; flow:established,from_client; content:"GET"; http_method; content:"/justincoding3/slumfun/main/obfuscated.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241127/; classtype:trojan-activity;sid:84104227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241126)"; flow:established,from_client; content:"GET"; http_method; content:"/r00t-3xp10it/redpill/main/utils/compiled.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241126/; classtype:trojan-activity;sid:84104226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241125)"; flow:established,from_client; content:"GET"; http_method; content:"/secwiki/windows-kernel-exploits/master/ms14-068/ms14-068.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241125/; classtype:trojan-activity;sid:84104225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241123)"; flow:established,from_client; content:"GET"; http_method; content:"/prowindows365/hailhydra/refs/heads/main/hailhydra.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241123/; classtype:trojan-activity;sid:84104223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241055)"; flow:established,from_client; content:"GET"; http_method; content:"/neo23x0/signature-base/archive/master.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241055/; classtype:trojan-activity;sid:84104155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241004)"; flow:established,from_client; content:"GET"; http_method; content:"/ryan2159/stuff/main/discord.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241004/; classtype:trojan-activity;sid:84104104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240999)"; flow:established,from_client; content:"GET"; http_method; content:"/sad-dust/death/main/stealinfo.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240999/; classtype:trojan-activity;sid:84104099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240819)"; flow:established,from_client; content:"GET"; http_method; content:"/redcanaryco/atomic-red-team/master/atomics/t1204.002/bin/test10.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240819/; classtype:trojan-activity;sid:84103919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240817)"; flow:established,from_client; content:"GET"; http_method; content:"/cuckoobox/cuckoo/archive/master.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240817/; classtype:trojan-activity;sid:84103917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240813)"; flow:established,from_client; content:"GET"; http_method; content:"/haxork8880/files/main/windowssync.txt.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240813/; classtype:trojan-activity;sid:84103913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240814)"; flow:established,from_client; content:"GET"; http_method; content:"/crjtpp/tpplab_public/main/poc-sample-lnk.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240814/; classtype:trojan-activity;sid:84103914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240812)"; flow:established,from_client; content:"GET"; http_method; content:"/hackerx237/miner/main/my-files.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240812/; classtype:trojan-activity;sid:84103912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240811)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/releases/download/beta_v0.6/all.tweaker.beta.v0.6.7z"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240811/; classtype:trojan-activity;sid:84103911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240810)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/raw/main/tweaks.7z"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240810/; classtype:trojan-activity;sid:84103910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240720)"; flow:established,from_client; content:"GET"; http_method; content:"/dqwr1q23rwdfr/xxx/releases/download/xxx/vital.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240720/; classtype:trojan-activity;sid:84103820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240639)"; flow:established,from_client; content:"GET"; http_method; content:"/mohdjulaya09/code-sparrow-crypter-2.0-private-crack-leak/releases/download/%23crypter/codesparrow.crypter.2.0.crack.rar"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240639/; classtype:trojan-activity;sid:84103739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239707)"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x64.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"8.138.96.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239707/; classtype:trojan-activity;sid:84102807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238658)"; flow:established,from_client; content:"GET"; http_method; content:"/eaklauncher/eaklauncher.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"147.50.240.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238658/; classtype:trojan-activity;sid:84101758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238111)"; flow:established,from_client; content:"GET"; http_method; content:"/resources/js/info2r.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"188.81.134.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238111/; classtype:trojan-activity;sid:84101211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238073)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/main/fast%20download.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238073/; classtype:trojan-activity;sid:84101173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238061)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/main/444.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238061/; classtype:trojan-activity;sid:84101161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237975)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/blob/master/rat/njrat.exe|3f|raw=true"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237975/; classtype:trojan-activity;sid:84101075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237976)"; flow:established,from_client; content:"GET"; http_method; content:"/5556.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.212.158.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237976/; classtype:trojan-activity;sid:84101076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237956)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/umbral-stealer/zip/refs/heads/main"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237956/; classtype:trojan-activity;sid:84101056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237955)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/blank-grabber/zip/refs/heads/main"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237955/; classtype:trojan-activity;sid:84101055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237954)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/blankobf/zip/refs/heads/v2"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237954/; classtype:trojan-activity;sid:84101054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237861)"; flow:established,from_client; content:"GET"; http_method; content:"/joh81/exploi01/zip/refs/heads/main"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237861/; classtype:trojan-activity;sid:84100961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237810)"; flow:established,from_client; content:"GET"; http_method; content:"/steve824/a/zip/refs/heads/main"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237810/; classtype:trojan-activity;sid:84100910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237737)"; flow:established,from_client; content:"GET"; http_method; content:"/thebb5th/123/zip/refs/heads/main"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237737/; classtype:trojan-activity;sid:84100837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237465)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_suia0iczdw2reew1f9hgunezxcwv52d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237465/; classtype:trojan-activity;sid:84100565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237464)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_3ozdjl5puad8qn3tipydynn5j7l13el"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237464/; classtype:trojan-activity;sid:84100564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236597)"; flow:established,from_client; content:"GET"; http_method; content:"/center.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.193.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236597/; classtype:trojan-activity;sid:84099697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236587)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"153.37.77.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236587/; classtype:trojan-activity;sid:84099687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236559)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.136.142.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236559/; classtype:trojan-activity;sid:84099659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236453)"; flow:established,from_client; content:"GET"; http_method; content:"/s3cur3th1ssh1t/creds/master/powershellscripts/invoke-petitpotam.ps1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236453/; classtype:trojan-activity;sid:84099553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236324)"; flow:established,from_client; content:"GET"; http_method; content:"/file/xwgl/xw_xxgl.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236324/; classtype:trojan-activity;sid:84099424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236322)"; flow:established,from_client; content:"GET"; http_method; content:"/file/xw_setup.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236322/; classtype:trojan-activity;sid:84099422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236323)"; flow:established,from_client; content:"GET"; http_method; content:"/file/yhy_setup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236323/; classtype:trojan-activity;sid:84099423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236318)"; flow:established,from_client; content:"GET"; http_method; content:"/products/4001/updates/efatura/efatura.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elisans.novayonetim.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236318/; classtype:trojan-activity;sid:84099418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236240)"; flow:established,from_client; content:"GET"; http_method; content:"/services/identification/server/gtptoolsdownloadhandler.ashx|3f|filename=gtp_6_browserplugin_setup.exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"hnjgdl.geps.glodon.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236240/; classtype:trojan-activity;sid:84099340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236237)"; flow:established,from_client; content:"GET"; http_method; content:"/natgo.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dl.natgo.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236237/; classtype:trojan-activity;sid:84099337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236236)"; flow:established,from_client; content:"GET"; http_method; content:"/download/etermproxy.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pid.fly160.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236236/; classtype:trojan-activity;sid:84099336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236224)"; flow:established,from_client; content:"GET"; http_method; content:"/pdd_biaoge/soft/down.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"49.234.48.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236224/; classtype:trojan-activity;sid:84099324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236154)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17267811/stm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236154/; classtype:trojan-activity;sid:84099254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235523)"; flow:established,from_client; content:"GET"; http_method; content:"/chainguard-dev/bincapz/archive/refs/tags/v0.5.0.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235523/; classtype:trojan-activity;sid:84098623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235522)"; flow:established,from_client; content:"GET"; http_method; content:"/playmcbkuwu/vape/releases/download/stable/vape.v4.10.from.duckysolucky.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235522/; classtype:trojan-activity;sid:84098622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235514)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/raw/master/rage.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235514/; classtype:trojan-activity;sid:84098614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235513)"; flow:established,from_client; content:"GET"; http_method; content:"/meckazin/chromekatz/releases/download/0.4.7/chromekatzbofs.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235513/; classtype:trojan-activity;sid:84098613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235094)"; flow:established,from_client; content:"GET"; http_method; content:"/xsh/update.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.126.11.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235094/; classtype:trojan-activity;sid:84098194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234859)"; flow:established,from_client; content:"GET"; http_method; content:"/petikvx/lockbit-black-builder/main/lockbit30/builder.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234859/; classtype:trojan-activity;sid:84097959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234858)"; flow:established,from_client; content:"GET"; http_method; content:"/tennessene/lockbit/refs/heads/main/builder.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234858/; classtype:trojan-activity;sid:84097958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232402)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.32.202.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232402/; classtype:trojan-activity;sid:84095502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231796)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16737801/wave.zip|3f|"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231796/; classtype:trojan-activity;sid:84094896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231794)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16419615/solara.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231794/; classtype:trojan-activity;sid:84094894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229631)"; flow:established,from_client; content:"GET"; http_method; content:"/kamilniftaliev/cryptoview/zip/refs/heads/main"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229631/; classtype:trojan-activity;sid:84092731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228667)"; flow:established,from_client; content:"GET"; http_method; content:"/winassist/login/login.7z"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"win.down.55kantu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228667/; classtype:trojan-activity;sid:84091767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226239)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.22.0/xmrig-6.22.0-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226239/; classtype:trojan-activity;sid:84089339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218033)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.207.216.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218033/; classtype:trojan-activity;sid:84081133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218030)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.106.101.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218030/; classtype:trojan-activity;sid:84081130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218007)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218007/; classtype:trojan-activity;sid:84081107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218009)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.207.217.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218009/; classtype:trojan-activity;sid:84081109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218011)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.147.146.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218011/; classtype:trojan-activity;sid:84081111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218001)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218001/; classtype:trojan-activity;sid:84081101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217787)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217787/; classtype:trojan-activity;sid:84080887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217802)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.130.160.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217802/; classtype:trojan-activity;sid:84080902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217780)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.203.169.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217780/; classtype:trojan-activity;sid:84080880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217775)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217775/; classtype:trojan-activity;sid:84080875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217757)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.106.155.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217757/; classtype:trojan-activity;sid:84080857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217760)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217760/; classtype:trojan-activity;sid:84080860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217750)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.28.228.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217750/; classtype:trojan-activity;sid:84080850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217745)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217745/; classtype:trojan-activity;sid:84080845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217740)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.203.169.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217740/; classtype:trojan-activity;sid:84080840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217717)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217717/; classtype:trojan-activity;sid:84080817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217729)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217729/; classtype:trojan-activity;sid:84080829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217689)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217689/; classtype:trojan-activity;sid:84080789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217684)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.43.16.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217684/; classtype:trojan-activity;sid:84080784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217681)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.45.183.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217681/; classtype:trojan-activity;sid:84080781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217682)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.45.183.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217682/; classtype:trojan-activity;sid:84080782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217665)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217665/; classtype:trojan-activity;sid:84080765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217669)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.12.184.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217669/; classtype:trojan-activity;sid:84080769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217674)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217674/; classtype:trojan-activity;sid:84080774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217638)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.161.6.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217638/; classtype:trojan-activity;sid:84080738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217625)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217625/; classtype:trojan-activity;sid:84080725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217621)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217621/; classtype:trojan-activity;sid:84080721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217618)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217618/; classtype:trojan-activity;sid:84080718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217562)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.212.35.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217562/; classtype:trojan-activity;sid:84080662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217557)"; flow:established,from_client; content:"GET"; http_method; content:"/123.ps1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.247.164.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217557/; classtype:trojan-activity;sid:84080657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217454)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.118.215.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217454/; classtype:trojan-activity;sid:84080554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217426)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.212.35.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217426/; classtype:trojan-activity;sid:84080526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.105.196.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217139/; classtype:trojan-activity;sid:84080239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.185.119.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217092/; classtype:trojan-activity;sid:84080192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.88.109.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217102/; classtype:trojan-activity;sid:84080202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.166.197.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217111/; classtype:trojan-activity;sid:84080211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.108.84.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217090/; classtype:trojan-activity;sid:84080190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217073/; classtype:trojan-activity;sid:84080173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"167.250.193.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217046/; classtype:trojan-activity;sid:84080146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217059/; classtype:trojan-activity;sid:84080159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.71.250.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217061/; classtype:trojan-activity;sid:84080161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217063/; classtype:trojan-activity;sid:84080163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.194.46.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217064/; classtype:trojan-activity;sid:84080164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.219.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217066/; classtype:trojan-activity;sid:84080166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217037/; classtype:trojan-activity;sid:84080137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.183.186.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217024/; classtype:trojan-activity;sid:84080124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.5.50.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217003/; classtype:trojan-activity;sid:84080103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216971/; classtype:trojan-activity;sid:84080071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.255.217.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216977/; classtype:trojan-activity;sid:84080077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.34.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216979/; classtype:trojan-activity;sid:84080079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.57.33.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216983/; classtype:trojan-activity;sid:84080083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216986/; classtype:trojan-activity;sid:84080086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.118.112.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216961/; classtype:trojan-activity;sid:84080061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.90.207.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216962/; classtype:trojan-activity;sid:84080062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.73.75.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216963/; classtype:trojan-activity;sid:84080063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216956/; classtype:trojan-activity;sid:84080056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216950/; classtype:trojan-activity;sid:84080050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216934/; classtype:trojan-activity;sid:84080034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216945/; classtype:trojan-activity;sid:84080045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216889/; classtype:trojan-activity;sid:84079989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.87.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216893/; classtype:trojan-activity;sid:84079993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.236.247.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216906/; classtype:trojan-activity;sid:84080006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216911/; classtype:trojan-activity;sid:84080011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216883/; classtype:trojan-activity;sid:84079983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.131.234.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216854/; classtype:trojan-activity;sid:84079954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216860/; classtype:trojan-activity;sid:84079960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.165.79.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216841/; classtype:trojan-activity;sid:84079941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216843/; classtype:trojan-activity;sid:84079943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.217.215.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216846/; classtype:trojan-activity;sid:84079946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.74.207.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216812/; classtype:trojan-activity;sid:84079912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216813/; classtype:trojan-activity;sid:84079913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.160.87.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216802/; classtype:trojan-activity;sid:84079902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216803/; classtype:trojan-activity;sid:84079903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216794/; classtype:trojan-activity;sid:84079894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.7.209.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216761/; classtype:trojan-activity;sid:84079861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216763/; classtype:trojan-activity;sid:84079863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216750/; classtype:trojan-activity;sid:84079850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216739/; classtype:trojan-activity;sid:84079839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.57.69.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216722/; classtype:trojan-activity;sid:84079822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.116.62.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216719/; classtype:trojan-activity;sid:84079819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.138.68.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216713/; classtype:trojan-activity;sid:84079813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.151.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216682/; classtype:trojan-activity;sid:84079782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216685/; classtype:trojan-activity;sid:84079785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.85.176.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216690/; classtype:trojan-activity;sid:84079790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.151.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216694/; classtype:trojan-activity;sid:84079794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216700/; classtype:trojan-activity;sid:84079800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216650/; classtype:trojan-activity;sid:84079750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216653/; classtype:trojan-activity;sid:84079753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216646/; classtype:trojan-activity;sid:84079746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.160.102.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216627/; classtype:trojan-activity;sid:84079727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.208.56.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216606/; classtype:trojan-activity;sid:84079706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.218.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216608/; classtype:trojan-activity;sid:84079708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216610/; classtype:trojan-activity;sid:84079710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.233.63.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216600/; classtype:trojan-activity;sid:84079700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216577)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.247.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216577/; classtype:trojan-activity;sid:84079677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216581/; classtype:trojan-activity;sid:84079681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.77.228.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216583/; classtype:trojan-activity;sid:84079683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216555/; classtype:trojan-activity;sid:84079655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216557/; classtype:trojan-activity;sid:84079657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.46.170.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216559/; classtype:trojan-activity;sid:84079659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.221.111.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216564/; classtype:trojan-activity;sid:84079664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216569/; classtype:trojan-activity;sid:84079669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216529/; classtype:trojan-activity;sid:84079629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.202.49.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216509/; classtype:trojan-activity;sid:84079609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.227.118.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216502/; classtype:trojan-activity;sid:84079602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.133.214.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216478/; classtype:trojan-activity;sid:84079578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216479/; classtype:trojan-activity;sid:84079579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216456)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.43.104.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216456/; classtype:trojan-activity;sid:84079556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216443)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.249.142.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216443/; classtype:trojan-activity;sid:84079543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216421)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.92.214.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216421/; classtype:trojan-activity;sid:84079521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216418)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.249.6.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216418/; classtype:trojan-activity;sid:84079518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216406)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.232.126.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216406/; classtype:trojan-activity;sid:84079506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216404)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.158.25.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216404/; classtype:trojan-activity;sid:84079504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216396)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.43.104.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216396/; classtype:trojan-activity;sid:84079496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216384)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.132.12.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216384/; classtype:trojan-activity;sid:84079484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216382)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216382/; classtype:trojan-activity;sid:84079482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216377)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.110.15.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216377/; classtype:trojan-activity;sid:84079477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216372)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216372/; classtype:trojan-activity;sid:84079472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216365)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216365/; classtype:trojan-activity;sid:84079465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216359)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216359/; classtype:trojan-activity;sid:84079459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216353)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.117.136.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216353/; classtype:trojan-activity;sid:84079453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216334)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.132.13.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216334/; classtype:trojan-activity;sid:84079434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.185.30.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216322/; classtype:trojan-activity;sid:84079422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216309)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.163.234.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216309/; classtype:trojan-activity;sid:84079409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216306)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216306/; classtype:trojan-activity;sid:84079406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216302/; classtype:trojan-activity;sid:84079402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216301/; classtype:trojan-activity;sid:84079401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.74.207.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215832/; classtype:trojan-activity;sid:84078932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.217.215.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215823/; classtype:trojan-activity;sid:84078923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.147.225.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215826/; classtype:trojan-activity;sid:84078926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.160.56.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215829/; classtype:trojan-activity;sid:84078929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.57.69.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215816/; classtype:trojan-activity;sid:84078916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215811/; classtype:trojan-activity;sid:84078911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.85.176.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215800/; classtype:trojan-activity;sid:84078900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.233.63.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215785/; classtype:trojan-activity;sid:84078885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.186.54.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215788/; classtype:trojan-activity;sid:84078888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.11.216.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215791/; classtype:trojan-activity;sid:84078891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.221.111.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215795/; classtype:trojan-activity;sid:84078895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215772/; classtype:trojan-activity;sid:84078872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.160.102.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215478/; classtype:trojan-activity;sid:84078578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215469/; classtype:trojan-activity;sid:84078569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.98.186.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215464/; classtype:trojan-activity;sid:84078564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.131.234.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215465/; classtype:trojan-activity;sid:84078565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"184.185.30.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215440/; classtype:trojan-activity;sid:84078540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.81.156.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215421/; classtype:trojan-activity;sid:84078521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.255.217.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215417/; classtype:trojan-activity;sid:84078517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.7.209.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215409/; classtype:trojan-activity;sid:84078509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"134.249.141.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215393/; classtype:trojan-activity;sid:84078493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215399/; classtype:trojan-activity;sid:84078499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.116.62.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215380/; classtype:trojan-activity;sid:84078480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.105.196.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215372/; classtype:trojan-activity;sid:84078472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.218.189.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215358/; classtype:trojan-activity;sid:84078458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.166.197.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215359/; classtype:trojan-activity;sid:84078459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3213897)"; flow:established,from_client; content:"GET"; http_method; content:"/matinrco/tor/releases/download/v0.4.5.10/tor-expert-bundle-v0.4.5.10.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3213897/; classtype:trojan-activity;sid:84076997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3206293)"; flow:established,from_client; content:"GET"; http_method; content:"/ox2fa/justnow/refs/heads/main/2pac.php"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3206293/; classtype:trojan-activity;sid:84069393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204531)"; flow:established,from_client; content:"GET"; http_method; content:"/for_down/2013/new/dlls/rse/rsreport.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"download.suxiazai.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204531/; classtype:trojan-activity;sid:84067631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3200548)"; flow:established,from_client; content:"GET"; http_method; content:"/slinky/slinkycrack.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"crystalpvp.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_29; reference:url, urlhaus.abuse.ch/url/3200548/; classtype:trojan-activity;sid:84063648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198753)"; flow:established,from_client; content:"GET"; http_method; content:"/pinginfoview.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"139.198.15.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198753/; classtype:trojan-activity;sid:84061853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198696)"; flow:established,from_client; content:"GET"; http_method; content:"/cen22.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.100.33.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198696/; classtype:trojan-activity;sid:84061796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195883)"; flow:established,from_client; content:"GET"; http_method; content:"/scanport.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"139.198.15.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195883/; classtype:trojan-activity;sid:84058983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195736)"; flow:established,from_client; content:"GET"; http_method; content:"/fx8"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"123.57.250.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195736/; classtype:trojan-activity;sid:84058836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3193861)"; flow:established,from_client; content:"GET"; http_method; content:"/massgravel/microsoft-activation-scripts/b1b5299c4725d97349b18b59061647198f7cc59b/mas/all-in-one-version-kl/mas_aio.cmd"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_27; reference:url, urlhaus.abuse.ch/url/3193861/; classtype:trojan-activity;sid:84056961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3193548)"; flow:established,from_client; content:"GET"; http_method; content:"/bitrix/js/main/core/core.js"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"evangroup.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_27; reference:url, urlhaus.abuse.ch/url/3193548/; classtype:trojan-activity;sid:84056648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190323)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190323/; classtype:trojan-activity;sid:84053423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190317)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190317/; classtype:trojan-activity;sid:84053417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190315)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.166.211.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190315/; classtype:trojan-activity;sid:84053415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190313)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.166.211.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190313/; classtype:trojan-activity;sid:84053413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189225)"; flow:established,from_client; content:"GET"; http_method; content:"/unknwon1352/qawfdasfaw/main/software.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189225/; classtype:trojan-activity;sid:84052325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188620)"; flow:established,from_client; content:"GET"; http_method; content:"/repository/aa_v3.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"83.149.17.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3188620/; classtype:trojan-activity;sid:84051720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186441)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.6.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186441/; classtype:trojan-activity;sid:84049541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186440)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.iso"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186440/; classtype:trojan-activity;sid:84049540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186439)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.4.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186439/; classtype:trojan-activity;sid:84049539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186430)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186430/; classtype:trojan-activity;sid:84049530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186428)"; flow:established,from_client; content:"GET"; http_method; content:"/1_dxl_windowsport.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186428/; classtype:trojan-activity;sid:84049528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3178401)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1v9ujqbyj-mlf9mugkyiwow6t3rpui2bu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_09_17; reference:url, urlhaus.abuse.ch/url/3178401/; classtype:trojan-activity;sid:84041501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174915)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.220.6.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174915/; classtype:trojan-activity;sid:84038015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174919)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.220.6.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174919/; classtype:trojan-activity;sid:84038019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174523)"; flow:established,from_client; content:"GET"; http_method; content:"/scribblercoder/browserthief/main/browserthief.ps1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174523/; classtype:trojan-activity;sid:84037623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174364)"; flow:established,from_client; content:"GET"; http_method; content:"/foru.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tecunonline.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174364/; classtype:trojan-activity;sid:84037464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174340)"; flow:established,from_client; content:"GET"; http_method; content:"/foru.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.tecunonline.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174340/; classtype:trojan-activity;sid:84037440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174264)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174264/; classtype:trojan-activity;sid:84037364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3173868)"; flow:established,from_client; content:"GET"; http_method; content:"/file.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3173868/; classtype:trojan-activity;sid:84036968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172240)"; flow:established,from_client; content:"GET"; http_method; content:"/techsavvysenior/referralreactjs/archive/refs/heads/main.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172240/; classtype:trojan-activity;sid:84035340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3163579)"; flow:established,from_client; content:"GET"; http_method; content:"/handler/download|3f|action=download|7c|26|7c|download_id=jgc6slaf|7c|26|7c|private_id=0|7c|26|7c|url=https%253a%252f%252fyoutransfer.net%252fjgc6slaf"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"youtransfer.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_09; reference:url, urlhaus.abuse.ch/url/3163579/; classtype:trojan-activity;sid:84026679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3154718)"; flow:established,from_client; content:"GET"; http_method; content:"/hackirby/discord-injection/main/injection.js"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_03; reference:url, urlhaus.abuse.ch/url/3154718/; classtype:trojan-activity;sid:84017818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135730)"; flow:established,from_client; content:"GET"; http_method; content:"/miners/myxmrig.tgz"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"do-dear.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135730/; classtype:trojan-activity;sid:83998830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135722)"; flow:established,from_client; content:"GET"; http_method; content:"/sosinchik/asd/main/zoom.py"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135722/; classtype:trojan-activity;sid:83998822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135724)"; flow:established,from_client; content:"GET"; http_method; content:"/moneroocean/xmrig_setup/master/setup_moneroocean_miner.sh"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135724/; classtype:trojan-activity;sid:83998824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135613)"; flow:established,from_client; content:"GET"; http_method; content:"/log/orgn.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"epanpano.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135613/; classtype:trojan-activity;sid:83998713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129654)"; flow:established,from_client; content:"GET"; http_method; content:"/nova_flow/patcher.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"144.172.71.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129654/; classtype:trojan-activity;sid:83992754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129577)"; flow:established,from_client; content:"GET"; http_method; content:"/pages/update/css/self/[upg]css.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"cs.go.kg"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129577/; classtype:trojan-activity;sid:83992677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129478)"; flow:established,from_client; content:"GET"; http_method; content:"/zoldownload/foobar2000_v1.6.7_beta_17@1704_129472.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"down10d.zol.com.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129478/; classtype:trojan-activity;sid:83992578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129417)"; flow:established,from_client; content:"GET"; http_method; content:"/asmedises/pxray_cast_sort.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.medises.co.kr"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129417/; classtype:trojan-activity;sid:83992517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129220)"; flow:established,from_client; content:"GET"; http_method; content:"/media/mod_junewsultra/js/bootstrap/js/bootstrap.min.js"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"temirtau-adm.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129220/; classtype:trojan-activity;sid:83992320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129042)"; flow:established,from_client; content:"GET"; http_method; content:"/yuta1111x/selfbot/04ecdf46e8db9fce689d93905d759334b475c825/aquarius.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129042/; classtype:trojan-activity;sid:83992142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3121841)"; flow:established,from_client; content:"GET"; http_method; content:"/xclient.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.54.153.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_22; reference:url, urlhaus.abuse.ch/url/3121841/; classtype:trojan-activity;sid:83984941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112427)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"190.104.213.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112427/; classtype:trojan-activity;sid:83975527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112426)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"200.29.120.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112426/; classtype:trojan-activity;sid:83975526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112419)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.182.76.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112419/; classtype:trojan-activity;sid:83975519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112420)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.182.76.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112420/; classtype:trojan-activity;sid:83975520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112417)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.121.250.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112417/; classtype:trojan-activity;sid:83975517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108504)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/webcam.dll"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108504/; classtype:trojan-activity;sid:83971604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108505)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/token%20grabber.dll"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108505/; classtype:trojan-activity;sid:83971605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108506)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/rootkit.dll"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108506/; classtype:trojan-activity;sid:83971606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108507)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/unrootkit.dll"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108507/; classtype:trojan-activity;sid:83971607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108503)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/passwordstealer.dll"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108503/; classtype:trojan-activity;sid:83971603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108502)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/version.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108502/; classtype:trojan-activity;sid:83971602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108492)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/openark64.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108492/; classtype:trojan-activity;sid:83971592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108491)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/openark32.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108491/; classtype:trojan-activity;sid:83971591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106560)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120646if_/http:/154.216.19.139/bins/mirai.armv4l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106560/; classtype:trojan-activity;sid:83969660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106559)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122936if_/http:/154.216.19.139/bins/mirai.gnueabihf"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106559/; classtype:trojan-activity;sid:83969659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106558)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120223if_/http:/154.216.19.139/bins/mirai.bin"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106558/; classtype:trojan-activity;sid:83969658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106556)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121041if_/http:/154.216.19.139/bins/mirai.armv6l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106556/; classtype:trojan-activity;sid:83969656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106557)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808123114if_/http:/154.216.19.139/bins/mirai.arc"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106557/; classtype:trojan-activity;sid:83969657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106551)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122755if_/http:/154.216.19.139/bins/mirai.x86_64"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106551/; classtype:trojan-activity;sid:83969651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106552)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121121if_/http:/154.216.19.139/bins/mirai.armv7l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106552/; classtype:trojan-activity;sid:83969652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106553)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120945if_/http:/154.216.19.139/bins/mirai.armv5l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106553/; classtype:trojan-activity;sid:83969653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106554)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122159if_/http:/154.216.19.139/bins/mirai.powerpc"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106554/; classtype:trojan-activity;sid:83969654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106555)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121832if_/http:/154.216.19.139/bins/mirai.mipsel"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106555/; classtype:trojan-activity;sid:83969655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105147)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/test_move.bat"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105147/; classtype:trojan-activity;sid:83968247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105148)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/test_virus.bat"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105148/; classtype:trojan-activity;sid:83968248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105149)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/keylogger.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105149/; classtype:trojan-activity;sid:83968249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105150)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/networks_profile.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105150/; classtype:trojan-activity;sid:83968250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105145)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/backdoor.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105145/; classtype:trojan-activity;sid:83968245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105146)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/fill_storage_move.bat"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105146/; classtype:trojan-activity;sid:83968246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105144)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/fill_storage_virus.bat"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105144/; classtype:trojan-activity;sid:83968244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103488)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103488/; classtype:trojan-activity;sid:83966588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103476)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103476/; classtype:trojan-activity;sid:83966576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100042)"; flow:established,from_client; content:"GET"; http_method; content:"/joelgmsec/invoke-stealth/main/resources/betterxencrypt/betterxencrypt.ps1"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100042/; classtype:trojan-activity;sid:83963142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099961)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122448if_/http:/154.216.19.139/bins/mirai.sh4"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099961/; classtype:trojan-activity;sid:83963061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099962)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121230if_/http:/154.216.19.139/bins/mirai.i586"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099962/; classtype:trojan-activity;sid:83963062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099963)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122636if_/http:/154.216.19.139/bins/mirai.sparc"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099963/; classtype:trojan-activity;sid:83963063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099965)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121347if_/http:/154.216.19.139/bins/mirai.m68k"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099965/; classtype:trojan-activity;sid:83963065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099966)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121419if_/http:/154.216.19.139/bins/mirai.mips"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099966/; classtype:trojan-activity;sid:83963066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099960)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121308if_/http:/154.216.19.139/bins/mirai.i686"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099960/; classtype:trojan-activity;sid:83963060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097244)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120223if_/http://154.216.19.139/bins/mirai.bin"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097244/; classtype:trojan-activity;sid:83960344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097239)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122755if_/http://154.216.19.139/bins/mirai.x86_64"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097239/; classtype:trojan-activity;sid:83960339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097240)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121041if_/http://154.216.19.139/bins/mirai.armv6l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097240/; classtype:trojan-activity;sid:83960340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097241)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121230if_/http://154.216.19.139/bins/mirai.i586"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097241/; classtype:trojan-activity;sid:83960341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097242)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122636if_/http://154.216.19.139/bins/mirai.sparc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097242/; classtype:trojan-activity;sid:83960342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097243)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121308if_/http://154.216.19.139/bins/mirai.i686"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097243/; classtype:trojan-activity;sid:83960343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097229)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122159if_/http://154.216.19.139/bins/mirai.powerpc"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097229/; classtype:trojan-activity;sid:83960329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097230)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121347if_/http://154.216.19.139/bins/mirai.m68k"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097230/; classtype:trojan-activity;sid:83960330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097231)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121121if_/http://154.216.19.139/bins/mirai.armv7l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097231/; classtype:trojan-activity;sid:83960331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097232)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808123114if_/http://154.216.19.139/bins/mirai.arc"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097232/; classtype:trojan-activity;sid:83960332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097233)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122448if_/http://154.216.19.139/bins/mirai.sh4"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097233/; classtype:trojan-activity;sid:83960333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097234)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121832if_/http://154.216.19.139/bins/mirai.mipsel"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097234/; classtype:trojan-activity;sid:83960334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097235)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120945if_/http://154.216.19.139/bins/mirai.armv5l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097235/; classtype:trojan-activity;sid:83960335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097236)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120646if_/http://154.216.19.139/bins/mirai.armv4l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097236/; classtype:trojan-activity;sid:83960336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097237)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122936if_/http://154.216.19.139/bins/mirai.gnueabihf"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097237/; classtype:trojan-activity;sid:83960337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097238)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121419if_/http://154.216.19.139/bins/mirai.mips"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097238/; classtype:trojan-activity;sid:83960338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086390)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%5bwin"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"8.218.138.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086390/; classtype:trojan-activity;sid:83949490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072990)"; flow:established,from_client; content:"GET"; http_method; content:"/komasinfo/idcb/main/cbs_applcation_details_072602024_xlsx.rar"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072990/; classtype:trojan-activity;sid:83936090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072974)"; flow:established,from_client; content:"GET"; http_method; content:"/adrinnno/ptwis/raw/main/file_cbs_app_details_no-0923871691_xlsx.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072974/; classtype:trojan-activity;sid:83936074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072975)"; flow:established,from_client; content:"GET"; http_method; content:"/reporgu/fakado/raw/main/transaction_file_9812009_end_ids_yesbr5_pdf.rar"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072975/; classtype:trojan-activity;sid:83936075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072978)"; flow:established,from_client; content:"GET"; http_method; content:"/komasinfo/idcb/raw/main/cbs_applcation_details_072602024_xlsx.rar"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072978/; classtype:trojan-activity;sid:83936078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072969)"; flow:established,from_client; content:"GET"; http_method; content:"/deannwas/policah/main/file_cbs_app_details_no-0923871691_xlsx.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072969/; classtype:trojan-activity;sid:83936069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072972)"; flow:established,from_client; content:"GET"; http_method; content:"/reporgu/fakado/main/transaction_file_9812009_end_ids_yesbr5_pdf.rar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072972/; classtype:trojan-activity;sid:83936072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058866)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2023-36874.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058866/; classtype:trojan-activity;sid:83921966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058862)"; flow:established,from_client; content:"GET"; http_method; content:"/nc64.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058862/; classtype:trojan-activity;sid:83921962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058863)"; flow:established,from_client; content:"GET"; http_method; content:"/nc64.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058863/; classtype:trojan-activity;sid:83921963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058864)"; flow:established,from_client; content:"GET"; http_method; content:"/b64"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058864/; classtype:trojan-activity;sid:83921964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052706)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"220.248.47.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052706/; classtype:trojan-activity;sid:83915806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949407)"; flow:established,from_client; content:"GET"; http_method; content:"/tan.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www999999safagqwhg-1327129302.cos.ap-chengdu.myqcloud.com"; http_host; depth:57; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949407/; classtype:trojan-activity;sid:83812507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949385)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rsqnkyvcaein5m-gskl8coyuh8w5xrbd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949385/; classtype:trojan-activity;sid:83812485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949176)"; flow:established,from_client; content:"GET"; http_method; content:"/tan.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www999999asgasg-1327129302.cos.ap-chengdu.myqcloud.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949176/; classtype:trojan-activity;sid:83812276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945593)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sab/dithioic.csv"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"new.quranushaiqer.org.sa"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945593/; classtype:trojan-activity;sid:83808693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945560)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sab/dithioic.csv"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"new.quranushaiqer.org.sa"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945560/; classtype:trojan-activity;sid:83808660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944285)"; flow:established,from_client; content:"GET"; http_method; content:"/jijilovedada/jijilovedada/main/tools/cc/adaptorovernight.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944285/; classtype:trojan-activity;sid:83807385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942567)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/win"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"8.218.138.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942567/; classtype:trojan-activity;sid:83805667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934823)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/000.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934823/; classtype:trojan-activity;sid:83797923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934824)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/trojan.malpack.themida%20(anti%20vm).exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934824/; classtype:trojan-activity;sid:83797924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934818)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/jigsaw.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934818/; classtype:trojan-activity;sid:83797918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934819)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/freeyoutubedownloader.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934819/; classtype:trojan-activity;sid:83797919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934820)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/memz.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934820/; classtype:trojan-activity;sid:83797920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934821)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/noescape.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934821/; classtype:trojan-activity;sid:83797921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934822)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/destover.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934822/; classtype:trojan-activity;sid:83797922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934816)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/meredrop.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934816/; classtype:trojan-activity;sid:83797916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934817)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/redlinestealer.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934817/; classtype:trojan-activity;sid:83797917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934811)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/hive%20ransomware.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934811/; classtype:trojan-activity;sid:83797911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934812)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/wannacry.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934812/; classtype:trojan-activity;sid:83797912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934813)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/nomoreransom.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934813/; classtype:trojan-activity;sid:83797913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934808)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/petya.a.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934808/; classtype:trojan-activity;sid:83797908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934809)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/cryptowall.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934809/; classtype:trojan-activity;sid:83797909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934810)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/infinitycrypt.exe"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934810/; classtype:trojan-activity;sid:83797910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934805)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/coronavirus.exe"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934805/; classtype:trojan-activity;sid:83797905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932460)"; flow:established,from_client; content:"GET"; http_method; content:"/445.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"down.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932460/; classtype:trojan-activity;sid:83795560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2914055)"; flow:established,from_client; content:"GET"; http_method; content:"/tq.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"down.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2914055/; classtype:trojan-activity;sid:83777155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911219)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911219/; classtype:trojan-activity;sid:83774319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911217)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911217/; classtype:trojan-activity;sid:83774317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911215)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911215/; classtype:trojan-activity;sid:83774315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911212)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911212/; classtype:trojan-activity;sid:83774312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911196)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78-20-115-5.access.telenet.be"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911196/; classtype:trojan-activity;sid:83774296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911194)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.103.203.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911194/; classtype:trojan-activity;sid:83774294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911190)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78.20.115.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911190/; classtype:trojan-activity;sid:83774290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911191)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911191/; classtype:trojan-activity;sid:83774291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911187)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911187/; classtype:trojan-activity;sid:83774287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911184)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"126.23.203.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911184/; classtype:trojan-activity;sid:83774284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911166)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.22.139.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911166/; classtype:trojan-activity;sid:83774266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911154)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.255.114.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911154/; classtype:trojan-activity;sid:83774254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911133)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911133/; classtype:trojan-activity;sid:83774233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911113)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"softbank126023203236.bbtec.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911113/; classtype:trojan-activity;sid:83774213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911108)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"host-195-103-203-106.business.telecomitalia.it"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911108/; classtype:trojan-activity;sid:83774208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911105)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"host-95-255-114-11.business.telecomitalia.it"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911105/; classtype:trojan-activity;sid:83774205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909310)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.118.79.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909310/; classtype:trojan-activity;sid:83772410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909291)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.184.185.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909291/; classtype:trojan-activity;sid:83772391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909290)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.224.107.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909290/; classtype:trojan-activity;sid:83772390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908913)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.72.167.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908913/; classtype:trojan-activity;sid:83772013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908900)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"190.108.63.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908900/; classtype:trojan-activity;sid:83772000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908902)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.57.39.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908902/; classtype:trojan-activity;sid:83772002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908903)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.142.209.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908903/; classtype:trojan-activity;sid:83772003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2901197)"; flow:established,from_client; content:"GET"; http_method; content:"/zwzonepieces/posapsi/master/chatlife.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_22; reference:url, urlhaus.abuse.ch/url/2901197/; classtype:trojan-activity;sid:83764297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2897332)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.202.101.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2897332/; classtype:trojan-activity;sid:83760432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2894025)"; flow:established,from_client; content:"GET"; http_method; content:"/kailash-jakhar/webpack-v5-tutorial/main/quizpokemon.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_17; reference:url, urlhaus.abuse.ch/url/2894025/; classtype:trojan-activity;sid:83757125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888444)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.67.254.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888444/; classtype:trojan-activity;sid:83751544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888430)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.157.17.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888430/; classtype:trojan-activity;sid:83751530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2885860)"; flow:established,from_client; content:"GET"; http_method; content:"/brunovale03/adegaads/main/offeredbuilt.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_13; reference:url, urlhaus.abuse.ch/url/2885860/; classtype:trojan-activity;sid:83748960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883708)"; flow:established,from_client; content:"GET"; http_method; content:"/sirvivor32/sirvivor/main/lukejazz.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883708/; classtype:trojan-activity;sid:83746808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2881768)"; flow:established,from_client; content:"GET"; http_method; content:"/cg100/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_06_10; reference:url, urlhaus.abuse.ch/url/2881768/; classtype:trojan-activity;sid:83744868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879955)"; flow:established,from_client; content:"GET"; http_method; content:"/unp%20setup.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.138.125.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879955/; classtype:trojan-activity;sid:83743055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879655)"; flow:established,from_client; content:"GET"; http_method; content:"/sharphound.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879655/; classtype:trojan-activity;sid:83742755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877890)"; flow:established,from_client; content:"GET"; http_method; content:"/ustaxes/ustaxes/files/15421286/2022and2023taxdocuments.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_07; reference:url, urlhaus.abuse.ch/url/2877890/; classtype:trojan-activity;sid:83740990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874107)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=19nonxskhmwbvfxpr2ccmwd9xrhz1ldco"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874107/; classtype:trojan-activity;sid:83737207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874109)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1p_knmkidu8kiejeem_ijrlumbjih3bkv"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874109/; classtype:trojan-activity;sid:83737209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2872168)"; flow:established,from_client; content:"GET"; http_method; content:"/htwvlcdsfcrahhchdd97.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ramirex.ro"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_02; reference:url, urlhaus.abuse.ch/url/2872168/; classtype:trojan-activity;sid:83735268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2872167)"; flow:established,from_client; content:"GET"; http_method; content:"/rutschebanes.qxd"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ramirex.ro"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_02; reference:url, urlhaus.abuse.ch/url/2872167/; classtype:trojan-activity;sid:83735267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wsqkirdngjlt8uu2lv9mzciks4my12jh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870235/; classtype:trojan-activity;sid:83733335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869849)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.25.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869849/; classtype:trojan-activity;sid:83732949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869844)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.25.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869844/; classtype:trojan-activity;sid:83732944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869702)"; flow:established,from_client; content:"GET"; http_method; content:"/sheksweet/sheksweet1/main/rambledmime.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869702/; classtype:trojan-activity;sid:83732802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868723)"; flow:established,from_client; content:"GET"; http_method; content:"/a.i_1003h.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"221.143.49.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868723/; classtype:trojan-activity;sid:83731823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867270)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed45sh/flutter-movie/master/crypted_c360a5b7.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867270/; classtype:trojan-activity;sid:83730370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867236)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed45sh/apple-replica-starter-files/master/apple-replica/zintask.exe"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867236/; classtype:trojan-activity;sid:83730336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863341)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863341/; classtype:trojan-activity;sid:83726441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863345)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863345/; classtype:trojan-activity;sid:83726445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863346)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.43.19.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863346/; classtype:trojan-activity;sid:83726446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863330)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863330/; classtype:trojan-activity;sid:83726430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863333)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.77.57.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863333/; classtype:trojan-activity;sid:83726433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863334)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.49.168.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863334/; classtype:trojan-activity;sid:83726434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862050)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/8gikly"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862050/; classtype:trojan-activity;sid:83725150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862051)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/medjl1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862051/; classtype:trojan-activity;sid:83725151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862052)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/dy1f16"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862052/; classtype:trojan-activity;sid:83725152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862053)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/kx3wl4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862053/; classtype:trojan-activity;sid:83725153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862054)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/ppxodm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862054/; classtype:trojan-activity;sid:83725154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862055)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/e7opy8"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862055/; classtype:trojan-activity;sid:83725155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862056)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/7dhid7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862056/; classtype:trojan-activity;sid:83725156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862049)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/tbfvpd"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862049/; classtype:trojan-activity;sid:83725149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862047)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/g2js91"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862047/; classtype:trojan-activity;sid:83725147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862044)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/lt00vw"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862044/; classtype:trojan-activity;sid:83725144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862045)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/i7tdbr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862045/; classtype:trojan-activity;sid:83725145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862043)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/3a9xj1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862043/; classtype:trojan-activity;sid:83725143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862042)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/wyg3h5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862042/; classtype:trojan-activity;sid:83725142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862020)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.216.105.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862020/; classtype:trojan-activity;sid:83725120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862017)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862017/; classtype:trojan-activity;sid:83725117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862004)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862004/; classtype:trojan-activity;sid:83725104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862007)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862007/; classtype:trojan-activity;sid:83725107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862009)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862009/; classtype:trojan-activity;sid:83725109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862010)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.144.131.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862010/; classtype:trojan-activity;sid:83725110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862014)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862014/; classtype:trojan-activity;sid:83725114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861987)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861987/; classtype:trojan-activity;sid:83725087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861979)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.208.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861979/; classtype:trojan-activity;sid:83725079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861982)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861982/; classtype:trojan-activity;sid:83725082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861971)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"132.255.192.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861971/; classtype:trojan-activity;sid:83725071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861974)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861974/; classtype:trojan-activity;sid:83725074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861957)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.208.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861957/; classtype:trojan-activity;sid:83725057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861958)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861958/; classtype:trojan-activity;sid:83725058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861959)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861959/; classtype:trojan-activity;sid:83725059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861950)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.47.248.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861950/; classtype:trojan-activity;sid:83725050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861919)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861919/; classtype:trojan-activity;sid:83725019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861923)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861923/; classtype:trojan-activity;sid:83725023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861927)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.82.83.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861927/; classtype:trojan-activity;sid:83725027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861929)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.230.215.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861929/; classtype:trojan-activity;sid:83725029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861930)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.134.214.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861930/; classtype:trojan-activity;sid:83725030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861939)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861939/; classtype:trojan-activity;sid:83725039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861940)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861940/; classtype:trojan-activity;sid:83725040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861941)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861941/; classtype:trojan-activity;sid:83725041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861943)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861943/; classtype:trojan-activity;sid:83725043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861945)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861945/; classtype:trojan-activity;sid:83725045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861888)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/dvbcvt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861888/; classtype:trojan-activity;sid:83724988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861887)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/exw2o1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861887/; classtype:trojan-activity;sid:83724987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861843)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861843/; classtype:trojan-activity;sid:83724943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861852)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861852/; classtype:trojan-activity;sid:83724952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861838)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861838/; classtype:trojan-activity;sid:83724938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861834)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.3.248.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861834/; classtype:trojan-activity;sid:83724934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861831)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.176.204.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861831/; classtype:trojan-activity;sid:83724931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861828)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.134.214.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861828/; classtype:trojan-activity;sid:83724928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861826)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861826/; classtype:trojan-activity;sid:83724926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861827)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"68.107.218.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861827/; classtype:trojan-activity;sid:83724927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861822)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861822/; classtype:trojan-activity;sid:83724922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861819)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861819/; classtype:trojan-activity;sid:83724919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861814)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861814/; classtype:trojan-activity;sid:83724914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861808)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861808/; classtype:trojan-activity;sid:83724908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861802)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861802/; classtype:trojan-activity;sid:83724902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861800)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861800/; classtype:trojan-activity;sid:83724900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861798)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"132.255.192.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861798/; classtype:trojan-activity;sid:83724898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861794)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861794/; classtype:trojan-activity;sid:83724894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861791)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.208.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861791/; classtype:trojan-activity;sid:83724891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861790)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861790/; classtype:trojan-activity;sid:83724890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861789)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.231.190.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861789/; classtype:trojan-activity;sid:83724889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861781)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861781/; classtype:trojan-activity;sid:83724881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861777)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861777/; classtype:trojan-activity;sid:83724877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861770)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861770/; classtype:trojan-activity;sid:83724870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861773)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861773/; classtype:trojan-activity;sid:83724873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861758)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861758/; classtype:trojan-activity;sid:83724858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861755)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861755/; classtype:trojan-activity;sid:83724855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861750)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861750/; classtype:trojan-activity;sid:83724850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861749)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861749/; classtype:trojan-activity;sid:83724849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861743)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861743/; classtype:trojan-activity;sid:83724843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861735)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861735/; classtype:trojan-activity;sid:83724835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861740)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861740/; classtype:trojan-activity;sid:83724840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861729)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861729/; classtype:trojan-activity;sid:83724829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861731)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"166.144.131.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861731/; classtype:trojan-activity;sid:83724831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861733)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861733/; classtype:trojan-activity;sid:83724833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861721)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861721/; classtype:trojan-activity;sid:83724821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861725)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861725/; classtype:trojan-activity;sid:83724825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861719)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.251.249.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861719/; classtype:trojan-activity;sid:83724819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861716)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.170.32.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861716/; classtype:trojan-activity;sid:83724816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861710)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.14.38.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861710/; classtype:trojan-activity;sid:83724810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861707)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861707/; classtype:trojan-activity;sid:83724807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861695)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.216.105.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861695/; classtype:trojan-activity;sid:83724795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861692)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861692/; classtype:trojan-activity;sid:83724792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861693)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.3.248.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861693/; classtype:trojan-activity;sid:83724793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861680)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861680/; classtype:trojan-activity;sid:83724780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861675)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861675/; classtype:trojan-activity;sid:83724775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861670)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861670/; classtype:trojan-activity;sid:83724770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861667)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861667/; classtype:trojan-activity;sid:83724767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861657)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.173.70.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861657/; classtype:trojan-activity;sid:83724757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861659)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861659/; classtype:trojan-activity;sid:83724759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861643)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861643/; classtype:trojan-activity;sid:83724743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861640)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861640/; classtype:trojan-activity;sid:83724740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861633)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861633/; classtype:trojan-activity;sid:83724733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861636)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.47.248.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861636/; classtype:trojan-activity;sid:83724736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861616)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861616/; classtype:trojan-activity;sid:83724716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861595)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"82.148.194.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861595/; classtype:trojan-activity;sid:83724695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861600)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"223.82.83.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861600/; classtype:trojan-activity;sid:83724700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861610)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.208.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861610/; classtype:trojan-activity;sid:83724710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861592)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861592/; classtype:trojan-activity;sid:83724692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861582)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861582/; classtype:trojan-activity;sid:83724682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861568)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861568/; classtype:trojan-activity;sid:83724668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861569)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"113.160.251.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861569/; classtype:trojan-activity;sid:83724669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861573)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861573/; classtype:trojan-activity;sid:83724673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861559)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861559/; classtype:trojan-activity;sid:83724659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861553)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.230.215.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861553/; classtype:trojan-activity;sid:83724653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861555)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"88.123.92.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861555/; classtype:trojan-activity;sid:83724655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861549)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861549/; classtype:trojan-activity;sid:83724649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861547)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861547/; classtype:trojan-activity;sid:83724647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861543)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.231.190.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861543/; classtype:trojan-activity;sid:83724643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859756)"; flow:established,from_client; content:"GET"; http_method; content:"/a0tnubtz.so"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.16.119.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_22; reference:url, urlhaus.abuse.ch/url/2859756/; classtype:trojan-activity;sid:83722856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859511)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_22; reference:url, urlhaus.abuse.ch/url/2859511/; classtype:trojan-activity;sid:83722611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859508)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.148.194.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_22; reference:url, urlhaus.abuse.ch/url/2859508/; classtype:trojan-activity;sid:83722608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859027)"; flow:established,from_client; content:"GET"; http_method; content:"/ustaxes/ustaxes/files/15378217/all.2023.tax.documents.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2859027/; classtype:trojan-activity;sid:83722127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857892)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.3.248.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857892/; classtype:trojan-activity;sid:83720992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857875)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857875/; classtype:trojan-activity;sid:83720975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857859)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857859/; classtype:trojan-activity;sid:83720959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857851)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.87.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857851/; classtype:trojan-activity;sid:83720951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857849)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857849/; classtype:trojan-activity;sid:83720949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857844)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.2.229.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857844/; classtype:trojan-activity;sid:83720944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857837)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857837/; classtype:trojan-activity;sid:83720937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857838)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"149.62.200.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857838/; classtype:trojan-activity;sid:83720938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857834)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857834/; classtype:trojan-activity;sid:83720934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857822)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857822/; classtype:trojan-activity;sid:83720922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857821)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857821/; classtype:trojan-activity;sid:83720921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857807)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.3.248.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857807/; classtype:trojan-activity;sid:83720907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857794)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.107.218.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857794/; classtype:trojan-activity;sid:83720894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857788)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857788/; classtype:trojan-activity;sid:83720888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857785)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857785/; classtype:trojan-activity;sid:83720885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857772)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.75.168.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857772/; classtype:trojan-activity;sid:83720872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857754)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.123.92.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857754/; classtype:trojan-activity;sid:83720854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857747)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857747/; classtype:trojan-activity;sid:83720847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857749)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857749/; classtype:trojan-activity;sid:83720849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857730)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857730/; classtype:trojan-activity;sid:83720830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857692)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.173.70.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857692/; classtype:trojan-activity;sid:83720792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857687)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.160.251.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857687/; classtype:trojan-activity;sid:83720787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857672)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857672/; classtype:trojan-activity;sid:83720772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857666)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857666/; classtype:trojan-activity;sid:83720766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857660)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.251.249.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857660/; classtype:trojan-activity;sid:83720760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857653)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.87.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857653/; classtype:trojan-activity;sid:83720753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857651)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857651/; classtype:trojan-activity;sid:83720751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857652)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.170.32.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857652/; classtype:trojan-activity;sid:83720752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857642)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857642/; classtype:trojan-activity;sid:83720742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857630)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857630/; classtype:trojan-activity;sid:83720730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857624)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857624/; classtype:trojan-activity;sid:83720724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857610)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857610/; classtype:trojan-activity;sid:83720710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857601)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.93.103.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857601/; classtype:trojan-activity;sid:83720701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857602)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857602/; classtype:trojan-activity;sid:83720702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857587)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857587/; classtype:trojan-activity;sid:83720687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857584)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857584/; classtype:trojan-activity;sid:83720684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857580)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857580/; classtype:trojan-activity;sid:83720680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857582)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857582/; classtype:trojan-activity;sid:83720682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857573)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.14.38.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857573/; classtype:trojan-activity;sid:83720673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857570)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857570/; classtype:trojan-activity;sid:83720670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857553)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857553/; classtype:trojan-activity;sid:83720653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857535)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.20.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857535/; classtype:trojan-activity;sid:83720635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857527)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857527/; classtype:trojan-activity;sid:83720627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857524)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857524/; classtype:trojan-activity;sid:83720624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857525)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857525/; classtype:trojan-activity;sid:83720625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857502)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857502/; classtype:trojan-activity;sid:83720602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857496)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857496/; classtype:trojan-activity;sid:83720596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857483)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857483/; classtype:trojan-activity;sid:83720583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857484)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857484/; classtype:trojan-activity;sid:83720584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857486)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857486/; classtype:trojan-activity;sid:83720586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857468)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.222.113.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857468/; classtype:trojan-activity;sid:83720568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857465)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857465/; classtype:trojan-activity;sid:83720565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857463)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857463/; classtype:trojan-activity;sid:83720563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857448)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857448/; classtype:trojan-activity;sid:83720548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2852772)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.30.12.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_17; reference:url, urlhaus.abuse.ch/url/2852772/; classtype:trojan-activity;sid:83715872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2846768)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/css/setup.msi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"zenglobalenerji.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_11; reference:url, urlhaus.abuse.ch/url/2846768/; classtype:trojan-activity;sid:83709868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845681)"; flow:established,from_client; content:"GET"; http_method; content:"/app/filesrc/android/apk/2023/zonghengxsandroid_7.5.6.63_zh-zhh5.apk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"static.zongheng.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845681/; classtype:trojan-activity;sid:83708781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842725)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842725/; classtype:trojan-activity;sid:83705825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842722)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.116.62.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842722/; classtype:trojan-activity;sid:83705822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842663)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"162.194.8.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842663/; classtype:trojan-activity;sid:83705763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842030)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"172.85.143.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842030/; classtype:trojan-activity;sid:83705130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842010)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.145.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842010/; classtype:trojan-activity;sid:83705110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842015)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.151.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842015/; classtype:trojan-activity;sid:83705115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842006)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.51.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842006/; classtype:trojan-activity;sid:83705106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841995)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841995/; classtype:trojan-activity;sid:83705095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841987)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.87.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841987/; classtype:trojan-activity;sid:83705087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841974)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"151.236.247.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841974/; classtype:trojan-activity;sid:83705074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841976)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841976/; classtype:trojan-activity;sid:83705076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841941)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841941/; classtype:trojan-activity;sid:83705041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841807)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptography_module_windows.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"122.170.110.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841807/; classtype:trojan-activity;sid:83704907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.148.5.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841714/; classtype:trojan-activity;sid:83704814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841712/; classtype:trojan-activity;sid:83704812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.87.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841705/; classtype:trojan-activity;sid:83704805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.236.247.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841650/; classtype:trojan-activity;sid:83704750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841631/; classtype:trojan-activity;sid:83704731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.151.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841621/; classtype:trojan-activity;sid:83704721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.51.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841602/; classtype:trojan-activity;sid:83704702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"172.85.143.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841586/; classtype:trojan-activity;sid:83704686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841576/; classtype:trojan-activity;sid:83704676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.145.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841570/; classtype:trojan-activity;sid:83704670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834467)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.249.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834467/; classtype:trojan-activity;sid:83697567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834459)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.76.122.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834459/; classtype:trojan-activity;sid:83697559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834442)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834442/; classtype:trojan-activity;sid:83697542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834400)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834400/; classtype:trojan-activity;sid:83697500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834387)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834387/; classtype:trojan-activity;sid:83697487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834372)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834372/; classtype:trojan-activity;sid:83697472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830963)"; flow:established,from_client; content:"GET"; http_method; content:"/kampfkarren/roblox/files/15001743/roexec.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830963/; classtype:trojan-activity;sid:83694063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830955)"; flow:established,from_client; content:"GET"; http_method; content:"/delta-io/delta/files/15016110/delta.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830955/; classtype:trojan-activity;sid:83694055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824078)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win64-setup-unsigned.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824078/; classtype:trojan-activity;sid:83687178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824079)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-osx-unsigned.dmg"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824079/; classtype:trojan-activity;sid:83687179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824077)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win32-setup-unsigned.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824077/; classtype:trojan-activity;sid:83687177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822907)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822907/; classtype:trojan-activity;sid:83686007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822888)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.69.219.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822888/; classtype:trojan-activity;sid:83685988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822882)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.141.135.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822882/; classtype:trojan-activity;sid:83685982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822862)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.128.195.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822862/; classtype:trojan-activity;sid:83685962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822794)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822794/; classtype:trojan-activity;sid:83685894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822792)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822792/; classtype:trojan-activity;sid:83685892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822751)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.42.201.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822751/; classtype:trojan-activity;sid:83685851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822744)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.184.231.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822744/; classtype:trojan-activity;sid:83685844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822732)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"179.51.168.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822732/; classtype:trojan-activity;sid:83685832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822724)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822724/; classtype:trojan-activity;sid:83685824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822726)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.41.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822726/; classtype:trojan-activity;sid:83685826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822619)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822619/; classtype:trojan-activity;sid:83685719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822620)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822620/; classtype:trojan-activity;sid:83685720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822613)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.245.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822613/; classtype:trojan-activity;sid:83685713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822616)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.109.201.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822616/; classtype:trojan-activity;sid:83685716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822583)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822583/; classtype:trojan-activity;sid:83685683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822548)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822548/; classtype:trojan-activity;sid:83685648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822544)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822544/; classtype:trojan-activity;sid:83685644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822543)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.119.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822543/; classtype:trojan-activity;sid:83685643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822488)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822488/; classtype:trojan-activity;sid:83685588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822478)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822478/; classtype:trojan-activity;sid:83685578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822468)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.144.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822468/; classtype:trojan-activity;sid:83685568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822471)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822471/; classtype:trojan-activity;sid:83685571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822477)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.5.50.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822477/; classtype:trojan-activity;sid:83685577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822396)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822396/; classtype:trojan-activity;sid:83685496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822385)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822385/; classtype:trojan-activity;sid:83685485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822371)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.108.84.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822371/; classtype:trojan-activity;sid:83685471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822372)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.84.212.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822372/; classtype:trojan-activity;sid:83685472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822353)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822353/; classtype:trojan-activity;sid:83685453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822325)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.193.62.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822325/; classtype:trojan-activity;sid:83685425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822321)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.175.42.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822321/; classtype:trojan-activity;sid:83685421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822287)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.236.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822287/; classtype:trojan-activity;sid:83685387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822280)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822280/; classtype:trojan-activity;sid:83685380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822259)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.90.207.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822259/; classtype:trojan-activity;sid:83685359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822249)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.215.23.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822249/; classtype:trojan-activity;sid:83685349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822192)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.255.164.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822192/; classtype:trojan-activity;sid:83685292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822189)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822189/; classtype:trojan-activity;sid:83685289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822173)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822173/; classtype:trojan-activity;sid:83685273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822165)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.186.82.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822165/; classtype:trojan-activity;sid:83685265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822167)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822167/; classtype:trojan-activity;sid:83685267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822169)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.34.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822169/; classtype:trojan-activity;sid:83685269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822151)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.218.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822151/; classtype:trojan-activity;sid:83685251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822132)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822132/; classtype:trojan-activity;sid:83685232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822121)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822121/; classtype:trojan-activity;sid:83685221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822123)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822123/; classtype:trojan-activity;sid:83685223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822102)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822102/; classtype:trojan-activity;sid:83685202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822107)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822107/; classtype:trojan-activity;sid:83685207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822070)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.26.180.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822070/; classtype:trojan-activity;sid:83685170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822050)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.164.18.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822050/; classtype:trojan-activity;sid:83685150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822039)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.48.119.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822039/; classtype:trojan-activity;sid:83685139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822006)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822006/; classtype:trojan-activity;sid:83685106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821976)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821976/; classtype:trojan-activity;sid:83685076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821967)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.73.75.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821967/; classtype:trojan-activity;sid:83685067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821963)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.204.154.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821963/; classtype:trojan-activity;sid:83685063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821959)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821959/; classtype:trojan-activity;sid:83685059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821942)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821942/; classtype:trojan-activity;sid:83685042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821928)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.109.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821928/; classtype:trojan-activity;sid:83685028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821934)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821934/; classtype:trojan-activity;sid:83685034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821939)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.193.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821939/; classtype:trojan-activity;sid:83685039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.219.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821841/; classtype:trojan-activity;sid:83684941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821836/; classtype:trojan-activity;sid:83684936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.41.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821800/; classtype:trojan-activity;sid:83684900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.193.62.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821801/; classtype:trojan-activity;sid:83684901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821802/; classtype:trojan-activity;sid:83684902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.185.119.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821804/; classtype:trojan-activity;sid:83684904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.236.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821772/; classtype:trojan-activity;sid:83684872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821760/; classtype:trojan-activity;sid:83684860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821754/; classtype:trojan-activity;sid:83684854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.151.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821740/; classtype:trojan-activity;sid:83684840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821729/; classtype:trojan-activity;sid:83684829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.245.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821715/; classtype:trojan-activity;sid:83684815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821711/; classtype:trojan-activity;sid:83684811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.50.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821693/; classtype:trojan-activity;sid:83684793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.186.82.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821699/; classtype:trojan-activity;sid:83684799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.184.231.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821677/; classtype:trojan-activity;sid:83684777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.109.201.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821659/; classtype:trojan-activity;sid:83684759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.193.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821639/; classtype:trojan-activity;sid:83684739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821619/; classtype:trojan-activity;sid:83684719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821616/; classtype:trojan-activity;sid:83684716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.208.56.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821617/; classtype:trojan-activity;sid:83684717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821597/; classtype:trojan-activity;sid:83684697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.71.250.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818974/; classtype:trojan-activity;sid:83682074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818963/; classtype:trojan-activity;sid:83682063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818931/; classtype:trojan-activity;sid:83682031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.202.49.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818899/; classtype:trojan-activity;sid:83681999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.215.23.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818865/; classtype:trojan-activity;sid:83681965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.194.46.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818833/; classtype:trojan-activity;sid:83681933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818838/; classtype:trojan-activity;sid:83681938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.237.25.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818816/; classtype:trojan-activity;sid:83681916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818798/; classtype:trojan-activity;sid:83681898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.26.180.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818781/; classtype:trojan-activity;sid:83681881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818778/; classtype:trojan-activity;sid:83681878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817357)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1w6j0xeptoliyrblijhnxbm_qnnoptzfw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817357/; classtype:trojan-activity;sid:83680457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817239)"; flow:established,from_client; content:"GET"; http_method; content:"/pbhhdf/12/raw/main/keepvid-pro_full2578.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817239/; classtype:trojan-activity;sid:83680339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814108/; classtype:trojan-activity;sid:83677208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.73.75.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814101/; classtype:trojan-activity;sid:83677201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.128.195.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814095/; classtype:trojan-activity;sid:83677195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.34.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814082/; classtype:trojan-activity;sid:83677182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813151/; classtype:trojan-activity;sid:83676251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813137/; classtype:trojan-activity;sid:83676237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.144.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813133/; classtype:trojan-activity;sid:83676233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813111/; classtype:trojan-activity;sid:83676211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813107/; classtype:trojan-activity;sid:83676207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.141.135.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813098/; classtype:trojan-activity;sid:83676198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813100/; classtype:trojan-activity;sid:83676200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.204.154.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813069/; classtype:trojan-activity;sid:83676169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813072/; classtype:trojan-activity;sid:83676172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.109.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813048/; classtype:trojan-activity;sid:83676148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813039/; classtype:trojan-activity;sid:83676139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.69.79.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809237/; classtype:trojan-activity;sid:83672337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.255.164.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809236/; classtype:trojan-activity;sid:83672336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809202/; classtype:trojan-activity;sid:83672302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809162/; classtype:trojan-activity;sid:83672262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.42.201.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809158/; classtype:trojan-activity;sid:83672258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809136/; classtype:trojan-activity;sid:83672236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809140/; classtype:trojan-activity;sid:83672240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809130/; classtype:trojan-activity;sid:83672230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809132/; classtype:trojan-activity;sid:83672232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.50.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809107/; classtype:trojan-activity;sid:83672207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.170.251.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808962/; classtype:trojan-activity;sid:83672062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.57.33.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808967/; classtype:trojan-activity;sid:83672067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808948/; classtype:trojan-activity;sid:83672048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808947/; classtype:trojan-activity;sid:83672047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808928/; classtype:trojan-activity;sid:83672028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.84.212.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808907/; classtype:trojan-activity;sid:83672007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.48.119.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808880/; classtype:trojan-activity;sid:83671980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.218.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808875/; classtype:trojan-activity;sid:83671975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.12.99.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808855/; classtype:trojan-activity;sid:83671955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808823/; classtype:trojan-activity;sid:83671923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808814/; classtype:trojan-activity;sid:83671914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808792/; classtype:trojan-activity;sid:83671892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.165.79.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808771/; classtype:trojan-activity;sid:83671871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.175.42.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808746/; classtype:trojan-activity;sid:83671846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.51.168.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808741/; classtype:trojan-activity;sid:83671841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808599/; classtype:trojan-activity;sid:83671699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.69.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808575/; classtype:trojan-activity;sid:83671675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808520/; classtype:trojan-activity;sid:83671620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808504/; classtype:trojan-activity;sid:83671604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.207.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808492/; classtype:trojan-activity;sid:83671592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808448/; classtype:trojan-activity;sid:83671548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.89.199.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808424/; classtype:trojan-activity;sid:83671524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.119.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808416/; classtype:trojan-activity;sid:83671516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.249.54.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808421/; classtype:trojan-activity;sid:83671521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808373/; classtype:trojan-activity;sid:83671473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"98.103.171.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808374/; classtype:trojan-activity;sid:83671474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808300)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808300/; classtype:trojan-activity;sid:83671400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808291)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808291/; classtype:trojan-activity;sid:83671391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808279)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808279/; classtype:trojan-activity;sid:83671379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808280)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808280/; classtype:trojan-activity;sid:83671380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808267)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808267/; classtype:trojan-activity;sid:83671367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808231)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808231/; classtype:trojan-activity;sid:83671331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808235)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808235/; classtype:trojan-activity;sid:83671335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808242/; classtype:trojan-activity;sid:83671342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808244/; classtype:trojan-activity;sid:83671344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808248)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808248/; classtype:trojan-activity;sid:83671348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808249)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808249/; classtype:trojan-activity;sid:83671349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808227/; classtype:trojan-activity;sid:83671327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808215)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808215/; classtype:trojan-activity;sid:83671315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808217)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808217/; classtype:trojan-activity;sid:83671317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808198/; classtype:trojan-activity;sid:83671298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808187/; classtype:trojan-activity;sid:83671287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808196/; classtype:trojan-activity;sid:83671296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808183/; classtype:trojan-activity;sid:83671283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808167/; classtype:trojan-activity;sid:83671267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808168/; classtype:trojan-activity;sid:83671268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807492)"; flow:established,from_client; content:"GET"; http_method; content:"/ping"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.57.122.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807492/; classtype:trojan-activity;sid:83670592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798325)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.119.134.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_01; reference:url, urlhaus.abuse.ch/url/2798325/; classtype:trojan-activity;sid:83661425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798324)"; flow:established,from_client; content:"GET"; http_method; content:"/i386"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"75.119.134.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_01; reference:url, urlhaus.abuse.ch/url/2798324/; classtype:trojan-activity;sid:83661424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795045)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"metrics.gocloudmaps.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2795045/; classtype:trojan-activity;sid:83658145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793603)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qxwff0k49bjdhwzotirkvqlqhebzgphg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793603/; classtype:trojan-activity;sid:83656703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790578)"; flow:established,from_client; content:"GET"; http_method; content:"/.index/scan.tar"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.216.207.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790578/; classtype:trojan-activity;sid:83653678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789249)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1aygcpsnow8esde5bkkuaj0bygkowvttd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2789249/; classtype:trojan-activity;sid:83652349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787791)"; flow:established,from_client; content:"GET"; http_method; content:"/ykwsyyt/help/hddrive1095_xinanplug3030_20230619_inno.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"60.22.23.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787791/; classtype:trojan-activity;sid:83650891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787399)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1stvkjdfiwxw79oezmc62wzmjjaeftyze"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787399/; classtype:trojan-activity;sid:83650499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787397)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hditwve1kadzeycbldxttxi4mmhddgyp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787397/; classtype:trojan-activity;sid:83650497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787024)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"65.49.44.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787024/; classtype:trojan-activity;sid:83650124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786829)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1re9cqjrafya6wcb5e0zcolwdorvsf9pi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786829/; classtype:trojan-activity;sid:83649929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786663)"; flow:established,from_client; content:"GET"; http_method; content:"/washywashy14/7zip-bin/master/win/er5thygfd.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786663/; classtype:trojan-activity;sid:83649763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786661)"; flow:established,from_client; content:"GET"; http_method; content:"/washywashy14/7zip-bin/master/win/uemlxaw.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786661/; classtype:trojan-activity;sid:83649761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785768)"; flow:established,from_client; content:"GET"; http_method; content:"/zev3n/ubuntu-gnome-privilege-escalation/main/cve-2020-1612%5b6_7%5d_exploit.sh"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785768/; classtype:trojan-activity;sid:83648868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785466)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/deployment/yellow%20pages%20scraper.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785466/; classtype:trojan-activity;sid:83648566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785447)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/updates/tinder%20bot.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785447/; classtype:trojan-activity;sid:83648547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782882)"; flow:established,from_client; content:"GET"; http_method; content:"/driveapplet.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"noithaticon.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_14; reference:url, urlhaus.abuse.ch/url/2782882/; classtype:trojan-activity;sid:83645982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782434)"; flow:established,from_client; content:"GET"; http_method; content:"/17c4755d1d45ed1bb454/8703634058188758823"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"f24-zfcloud.zdn.vn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782434/; classtype:trojan-activity;sid:83645534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780273)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ge6chcvywbep4kgx_odpxtvfi3vj-zwy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780273/; classtype:trojan-activity;sid:83643373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776130)"; flow:established,from_client; content:"GET"; http_method; content:"//pcs/click|3f|adurl=//bamautzky.de/red.php"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776130/; classtype:trojan-activity;sid:83639230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772697)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/x.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"106.254.250.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772697/; classtype:trojan-activity;sid:83635797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772689)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/met111.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.254.250.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772689/; classtype:trojan-activity;sid:83635789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769015)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/jeditor/jeditor.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"www.ojang.pe.kr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769015/; classtype:trojan-activity;sid:83632115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765933)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/e_r1.bmp"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"catbaparadisehotel.com.vn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765933/; classtype:trojan-activity;sid:83629033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765626)"; flow:established,from_client; content:"GET"; http_method; content:"/hitmanpro.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hitman-pro.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765626/; classtype:trojan-activity;sid:83628726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765602)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f||7c|26|7c|adurl=https://patricstoremegans2.com/"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765602/; classtype:trojan-activity;sid:83628702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765586)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/e_default.bmp"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"catbaparadisehotel.com.vn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765586/; classtype:trojan-activity;sid:83628686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764512)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764512/; classtype:trojan-activity;sid:83627612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764507)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764507/; classtype:trojan-activity;sid:83627607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764509)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764509/; classtype:trojan-activity;sid:83627609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764510)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764510/; classtype:trojan-activity;sid:83627610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764511)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764511/; classtype:trojan-activity;sid:83627611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2761815)"; flow:established,from_client; content:"GET"; http_method; content:"/dt9.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"delp-heizungsbau.de"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_02_15; reference:url, urlhaus.abuse.ch/url/2761815/; classtype:trojan-activity;sid:83624915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754788)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754788/; classtype:trojan-activity;sid:83617888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754787)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754787/; classtype:trojan-activity;sid:83617887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754786)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754786/; classtype:trojan-activity;sid:83617886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754784)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754784/; classtype:trojan-activity;sid:83617884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754785)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754785/; classtype:trojan-activity;sid:83617885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754783)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754783/; classtype:trojan-activity;sid:83617883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754299)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wuy2y3vbxibdfqcs6-kx96nocarzixfd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_31; reference:url, urlhaus.abuse.ch/url/2754299/; classtype:trojan-activity;sid:83617399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2753677)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//projetodegente.com"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_30; reference:url, urlhaus.abuse.ch/url/2753677/; classtype:trojan-activity;sid:83616777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751573)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//higreens.co.in"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_25; reference:url, urlhaus.abuse.ch/url/2751573/; classtype:trojan-activity;sid:83614673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751543)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//kavyasourcing.com/"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_25; reference:url, urlhaus.abuse.ch/url/2751543/; classtype:trojan-activity;sid:83614643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751237)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://cliffg.me"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751237/; classtype:trojan-activity;sid:83614337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751172)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"streammobs.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751172/; classtype:trojan-activity;sid:83614272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751171)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://streammobs.com/"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751171/; classtype:trojan-activity;sid:83614271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749355)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://redeamazoniaazul.org/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749355/; classtype:trojan-activity;sid:83612455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749356)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//www.jd-forever.com/"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749356/; classtype:trojan-activity;sid:83612456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749357)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//old.umcl.us/"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749357/; classtype:trojan-activity;sid:83612457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749182)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://wegrowcoaching.com/"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_17; reference:url, urlhaus.abuse.ch/url/2749182/; classtype:trojan-activity;sid:83612282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749177)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://dongyu.us/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_17; reference:url, urlhaus.abuse.ch/url/2749177/; classtype:trojan-activity;sid:83612277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749054)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lrviuk1wka4di3qh7ach-b7m1ics2hbp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_16; reference:url, urlhaus.abuse.ch/url/2749054/; classtype:trojan-activity;sid:83612154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748605)"; flow:established,from_client; content:"GET"; http_method; content:"/ssslllap1/asdasd/raw/main/crypted.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_13; reference:url, urlhaus.abuse.ch/url/2748605/; classtype:trojan-activity;sid:83611705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748365)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ifvzub1blhmwsirshbe2wu5b1tus3ls-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748365/; classtype:trojan-activity;sid:83611465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748363)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yydiodtw09banou13ro8ielf9rcmljxy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748363/; classtype:trojan-activity;sid:83611463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748360)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=11cbyky_wegqjut6afr8jannw7vub-xxf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748360/; classtype:trojan-activity;sid:83611460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748349)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gv5qahzp_toxgct3ezfvvy4q3a5vvh6s"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748349/; classtype:trojan-activity;sid:83611449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747896)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//vaibhavtripathi.in"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747896/; classtype:trojan-activity;sid:83610996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747890)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//procuratio.nu/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747890/; classtype:trojan-activity;sid:83610990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747826)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1u-vaalebjnomuhbyimsdjqctjqfyiwna"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747826/; classtype:trojan-activity;sid:83610926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743461)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12rmvuwgpj0dzbb3haoaww2lviavhvb4r"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743461/; classtype:trojan-activity;sid:83606561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743460)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rfsmrzeanvap2tnmtwrptlepwarwlkge"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743460/; classtype:trojan-activity;sid:83606560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742817)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://synergyconsulting.us"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_12_20; reference:url, urlhaus.abuse.ch/url/2742817/; classtype:trojan-activity;sid:83605917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742524)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//www.deltabehavioralhealth.org/"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742524/; classtype:trojan-activity;sid:83605624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742518)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1k0bqhrtnu4v1yexoni5p1utyjuohmfzm"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742518/; classtype:trojan-activity;sid:83605618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742516)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1fhqpevblkipshqumjmsbzeetdzhzxv-j"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742516/; classtype:trojan-activity;sid:83605616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2740202)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//balkarsoftware.cubistech.com"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_12_13; reference:url, urlhaus.abuse.ch/url/2740202/; classtype:trojan-activity;sid:83603302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734979)"; flow:established,from_client; content:"GET"; http_method; content:"/404"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.184.194.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734979/; classtype:trojan-activity;sid:83598079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733212)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//churchinmanila.org/"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_20; reference:url, urlhaus.abuse.ch/url/2733212/; classtype:trojan-activity;sid:83596312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730213)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sjm5t0ktlepibtv3kgaousspnw3zonom"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_13; reference:url, urlhaus.abuse.ch/url/2730213/; classtype:trojan-activity;sid:83593313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730069)"; flow:established,from_client; content:"GET"; http_method; content:"/cronusxd/update/releases/download/programa/universal.cheat.all.games.rar"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_11_12; reference:url, urlhaus.abuse.ch/url/2730069/; classtype:trojan-activity;sid:83593169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729736)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://posicionamientonatural.es/"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_10; reference:url, urlhaus.abuse.ch/url/2729736/; classtype:trojan-activity;sid:83592836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729405)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://namaacont.com/"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_09; reference:url, urlhaus.abuse.ch/url/2729405/; classtype:trojan-activity;sid:83592505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2727395)"; flow:established,from_client; content:"GET"; http_method; content:"/frankcastle2/0/main/0j"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_03; reference:url, urlhaus.abuse.ch/url/2727395/; classtype:trojan-activity;sid:83590495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726994)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lhnnwoydntgqibsykxwgd32s5xftxvfh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726994/; classtype:trojan-activity;sid:83590094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726921)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1oxpqeutyreby186exx4zeofyz0rjocsp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726921/; classtype:trojan-activity;sid:83590021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726920)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1e2y5yppu_zjj4o3wmuo-2j8n9lbthkzc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726920/; classtype:trojan-activity;sid:83590020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726917)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1heka7sgmbcessdhxtvmfwxownz7sipbb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726917/; classtype:trojan-activity;sid:83590017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726906)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_ldguopt2cg7fblntw3ltxgtxqtmlflc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726906/; classtype:trojan-activity;sid:83590006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726907)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10lygpyju_dlg3x6r9oslzgblshakstl-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726907/; classtype:trojan-activity;sid:83590007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726777)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sqvm1xsoranfnvqst_kkdmn8yhgulm4k"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726777/; classtype:trojan-activity;sid:83589877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726774)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cz1lqyxis4wvr7nlc71ukekxyhj5xu-l"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726774/; classtype:trojan-activity;sid:83589874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726592)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zqzivoxid6wgvjstzd0lg2vxnpnc-puf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_30; reference:url, urlhaus.abuse.ch/url/2726592/; classtype:trojan-activity;sid:83589692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726432)"; flow:established,from_client; content:"GET"; http_method; content:"/drakeo03/rbxfpsunlocker-x64-hotfix1/zip/refs/heads/main"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_10_28; reference:url, urlhaus.abuse.ch/url/2726432/; classtype:trojan-activity;sid:83589532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726089)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gfn3lqd1rvybut4ha-ldl92wt8ysrzfc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_26; reference:url, urlhaus.abuse.ch/url/2726089/; classtype:trojan-activity;sid:83589189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2722703)"; flow:established,from_client; content:"GET"; http_method; content:"/image.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ircftp.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_10_20; reference:url, urlhaus.abuse.ch/url/2722703/; classtype:trojan-activity;sid:83585803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2719389)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1satmexzn3qpvqzfxnc-5dtnnn8lihdxh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_12; reference:url, urlhaus.abuse.ch/url/2719389/; classtype:trojan-activity;sid:83582489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715548)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|confirm=no_antivirus|7c|26|7c|id=1-5tfbyc52tepabxjdszg1dcqgaizf0m6"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715548/; classtype:trojan-activity;sid:83578648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713056)"; flow:established,from_client; content:"GET"; http_method; content:"/rter/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"tanscarattorneys.co.tz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713056/; classtype:trojan-activity;sid:83576156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2708874)"; flow:established,from_client; content:"GET"; http_method; content:"/readme.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"svirtual.sanviatorperu.edu.pe"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_09_01; reference:url, urlhaus.abuse.ch/url/2708874/; classtype:trojan-activity;sid:83571974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2702776)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/scler.ttf"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"scainseto.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_08_08; reference:url, urlhaus.abuse.ch/url/2702776/; classtype:trojan-activity;sid:83565876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2694556)"; flow:established,from_client; content:"GET"; http_method; content:"/v2/plain-sunset-8e5d78/original/js.jpeg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"cdn.pixelbin.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_08_01; reference:url, urlhaus.abuse.ch/url/2694556/; classtype:trojan-activity;sid:83557656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2693150)"; flow:established,from_client; content:"GET"; http_method; content:"/housenetshare.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"stdown.dinju.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_31; reference:url, urlhaus.abuse.ch/url/2693150/; classtype:trojan-activity;sid:83556250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2692699)"; flow:established,from_client; content:"GET"; http_method; content:"/v2/long-glade-33dc08/original/rump_img.jpeg"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"cdn.pixelbin.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_07_30; reference:url, urlhaus.abuse.ch/url/2692699/; classtype:trojan-activity;sid:83555799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2689990)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.102.192.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_07_26; reference:url, urlhaus.abuse.ch/url/2689990/; classtype:trojan-activity;sid:83553090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2688262)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.194.46.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_07_23; reference:url, urlhaus.abuse.ch/url/2688262/; classtype:trojan-activity;sid:83551362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2629977)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|confirm=t|7c|26|7c|id=145b1fbjtyee3w1rjsazo7hzcoiiaxzum|7c|26|7c|uuid=eb581596-9566-4a21-b3b6-e6909eb42ff6|7c|26|7c|at=akkf8vzrltviqrn7wljfjcwisgcc:1683793107077"; http_uri; depth:193; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_05_11; reference:url, urlhaus.abuse.ch/url/2629977/; classtype:trojan-activity;sid:83493077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615314)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.208.56.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615314/; classtype:trojan-activity;sid:83478414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615310)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.227.118.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615310/; classtype:trojan-activity;sid:83478410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615307)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.129.177.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615307/; classtype:trojan-activity;sid:83478407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615287)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615287/; classtype:trojan-activity;sid:83478387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2589945)"; flow:established,from_client; content:"GET"; http_method; content:"/sk32.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.140.114.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_03_29; reference:url, urlhaus.abuse.ch/url/2589945/; classtype:trojan-activity;sid:83453045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2581006)"; flow:established,from_client; content:"GET"; http_method; content:"/salatikochen/salatapps/archive/refs/heads/main.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_03_22; reference:url, urlhaus.abuse.ch/url/2581006/; classtype:trojan-activity;sid:83444106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2573738)"; flow:established,from_client; content:"GET"; http_method; content:"/it/it.js"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dreamapp.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_16; reference:url, urlhaus.abuse.ch/url/2573738/; classtype:trojan-activity;sid:83436838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2573712)"; flow:established,from_client; content:"GET"; http_method; content:"/cor/cor.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"swiftfusion.tech"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_16; reference:url, urlhaus.abuse.ch/url/2573712/; classtype:trojan-activity;sid:83436812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572493)"; flow:established,from_client; content:"GET"; http_method; content:"/nti/nti.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"shaderm.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572493/; classtype:trojan-activity;sid:83435593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571484)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gabyagozetim.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571484/; classtype:trojan-activity;sid:83434584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571476)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"riderspin.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571476/; classtype:trojan-activity;sid:83434576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571457)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"estudio.ythan.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571457/; classtype:trojan-activity;sid:83434557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571417)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"admin.byte.in.ua"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571417/; classtype:trojan-activity;sid:83434517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571410)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"riderspin.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571410/; classtype:trojan-activity;sid:83434510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571398)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"records.dennisign.se"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571398/; classtype:trojan-activity;sid:83434498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571387)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"donkeytourscroatia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571387/; classtype:trojan-activity;sid:83434487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571356)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"estudio.ythan.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571356/; classtype:trojan-activity;sid:83434456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571323)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gabyagozetim.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571323/; classtype:trojan-activity;sid:83434423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571282)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gabyagozetim.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571282/; classtype:trojan-activity;sid:83434382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571162)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"admin.byte.in.ua"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571162/; classtype:trojan-activity;sid:83434262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571158)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"records.dennisign.se"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571158/; classtype:trojan-activity;sid:83434258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571135)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"donkeytourscroatia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571135/; classtype:trojan-activity;sid:83434235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571043)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"donkeytourscroatia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571043/; classtype:trojan-activity;sid:83434143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571034)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"estudio.ythan.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571034/; classtype:trojan-activity;sid:83434134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570990)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"riderspin.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570990/; classtype:trojan-activity;sid:83434090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570844)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"derekludlow.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570844/; classtype:trojan-activity;sid:83433944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570642)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"admin.byte.in.ua"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570642/; classtype:trojan-activity;sid:83433742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570563)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"embedone.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570563/; classtype:trojan-activity;sid:83433663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570545)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"derekludlow.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570545/; classtype:trojan-activity;sid:83433645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570501)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"records.dennisign.se"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570501/; classtype:trojan-activity;sid:83433601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570386)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"derekludlow.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570386/; classtype:trojan-activity;sid:83433486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570115)"; flow:established,from_client; content:"GET"; http_method; content:"/almr/almr.js"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"abdulahad.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570115/; classtype:trojan-activity;sid:83433215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2568876)"; flow:established,from_client; content:"GET"; http_method; content:"/teev/teev.js"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"nusatoyota.co.id"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_13; reference:url, urlhaus.abuse.ch/url/2568876/; classtype:trojan-activity;sid:83431976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2568823)"; flow:established,from_client; content:"GET"; http_method; content:"/gcn/gcn.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"spoar.org.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_13; reference:url, urlhaus.abuse.ch/url/2568823/; classtype:trojan-activity;sid:83431923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2545788)"; flow:established,from_client; content:"GET"; http_method; content:"/tedburke/commandcam/archive/refs/heads/master.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_20; reference:url, urlhaus.abuse.ch/url/2545788/; classtype:trojan-activity;sid:83408888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2540034)"; flow:established,from_client; content:"GET"; http_method; content:"/unlockteame/unlimited/zip/refs/heads/main"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_14; reference:url, urlhaus.abuse.ch/url/2540034/; classtype:trojan-activity;sid:83403134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2532808)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/index.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"gabyagozetim.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_07; reference:url, urlhaus.abuse.ch/url/2532808/; classtype:trojan-activity;sid:83395908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440082)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/token%20grabber.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440082/; classtype:trojan-activity;sid:83303182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440081)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/passwordstealer.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440081/; classtype:trojan-activity;sid:83303181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2425972)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|confirm=no_antivirus|7c|26|7c|id=1cpaqimeblbmxrxoli6d3cczgkrbzpy8_"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_11_18; reference:url, urlhaus.abuse.ch/url/2425972/; classtype:trojan-activity;sid:83289072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2408069)"; flow:established,from_client; content:"GET"; http_method; content:"/analytics/zy5ntk/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fromthetrenchesworldreport.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2022_11_11; reference:url, urlhaus.abuse.ch/url/2408069/; classtype:trojan-activity;sid:83271169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2406761)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/wpoxoxqe2in4fju/doc7november00065.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_11_10; reference:url, urlhaus.abuse.ch/url/2406761/; classtype:trojan-activity;sid:83269861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2302899)"; flow:established,from_client; content:"GET"; http_method; content:"/janchuk/voidrat/raw/master/voidrat.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_09_14; reference:url, urlhaus.abuse.ch/url/2302899/; classtype:trojan-activity;sid:83165999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2252574)"; flow:established,from_client; content:"GET"; http_method; content:"/updates1/up.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1717.1000uc.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_30; reference:url, urlhaus.abuse.ch/url/2252574/; classtype:trojan-activity;sid:83115674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250908)"; flow:established,from_client; content:"GET"; http_method; content:"/ema_kvcebm137.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mersped.mycpanel.rs"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_27; reference:url, urlhaus.abuse.ch/url/2250908/; classtype:trojan-activity;sid:83114008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248664)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"147.235.55.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248664/; classtype:trojan-activity;sid:83111764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2237175)"; flow:established,from_client; content:"GET"; http_method; content:"/cg100/cg100.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_14; reference:url, urlhaus.abuse.ch/url/2237175/; classtype:trojan-activity;sid:83100275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2237174)"; flow:established,from_client; content:"GET"; http_method; content:"/cgmb/benzmonster.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_14; reference:url, urlhaus.abuse.ch/url/2237174/; classtype:trojan-activity;sid:83100274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2230406)"; flow:established,from_client; content:"GET"; http_method; content:"/down/newsales/adm_atu.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"palharesinformatica.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_08; reference:url, urlhaus.abuse.ch/url/2230406/; classtype:trojan-activity;sid:83093506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2171312)"; flow:established,from_client; content:"GET"; http_method; content:"/verkaufsberater_service/ozrw36a2y1ch2cluzy/"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"farschid.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_04_29; reference:url, urlhaus.abuse.ch/url/2171312/; classtype:trojan-activity;sid:83034412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2164668)"; flow:established,from_client; content:"GET"; http_method; content:"/verkaufsberater_service/uadjw/"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"farschid.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_04_26; reference:url, urlhaus.abuse.ch/url/2164668/; classtype:trojan-activity;sid:83027768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2124302)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.10.0/xmrig-6.10.0-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_03_31; reference:url, urlhaus.abuse.ch/url/2124302/; classtype:trojan-activity;sid:82987402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2119354)"; flow:established,from_client; content:"GET"; http_method; content:"/verkaufsberater_service/3cxmq4uaxy/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"farschid.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2119354/; classtype:trojan-activity;sid:82982454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2119353)"; flow:established,from_client; content:"GET"; http_method; content:"/verkaufsberater_service/3cxmq4uaxy/|3f|i=1"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"farschid.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2119353/; classtype:trojan-activity;sid:82982453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2114263)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/yjmqxmidki/a/hyehwggs.ps1"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"trtmyanmar.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_03_24; reference:url, urlhaus.abuse.ch/url/2114263/; classtype:trojan-activity;sid:82977363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2109541)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/23"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"182.52.51.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_03_21; reference:url, urlhaus.abuse.ch/url/2109541/; classtype:trojan-activity;sid:82972641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2109542)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/23s"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"182.52.51.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_03_21; reference:url, urlhaus.abuse.ch/url/2109542/; classtype:trojan-activity;sid:82972642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2106048)"; flow:established,from_client; content:"GET"; http_method; content:"/.new/.b.jpg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.asterglobal.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_03_19; reference:url, urlhaus.abuse.ch/url/2106048/; classtype:trojan-activity;sid:82969148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gvnzexvvs3vpv0-ihflwnmzmhij3qqly"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086235/; classtype:trojan-activity;sid:82949335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2053942)"; flow:established,from_client; content:"GET"; http_method; content:"/zp-user/protected%20client.js"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"dreamwatchevent.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_02_22; reference:url, urlhaus.abuse.ch/url/2053942/; classtype:trojan-activity;sid:82917042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2048755)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_02_19; reference:url, urlhaus.abuse.ch/url/2048755/; classtype:trojan-activity;sid:82911855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021785)"; flow:established,from_client; content:"GET"; http_method; content:"/hksweep/vendor/font-awesome/svgs/brands/subtraction.php"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"rxquickpay.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021785/; classtype:trojan-activity;sid:82884885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021799)"; flow:established,from_client; content:"GET"; http_method; content:"/src/js/scripts/gallery/photo-swipe/retraction.php"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"acms.saleseos.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021799/; classtype:trojan-activity;sid:82884899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021757)"; flow:established,from_client; content:"GET"; http_method; content:"/src/js/scripts/gallery/photo-swipe/highlight.php"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"acms.saleseos.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021757/; classtype:trojan-activity;sid:82884857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021704)"; flow:established,from_client; content:"GET"; http_method; content:"/src/js/scripts/gallery/photo-swipe/zany.php"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"acms.saleseos.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021704/; classtype:trojan-activity;sid:82884804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2019377)"; flow:established,from_client; content:"GET"; http_method; content:"/public/userbackend/plugins/dropzone/min/assents.php"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"theholidayroads.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_01_31; reference:url, urlhaus.abuse.ch/url/2019377/; classtype:trojan-activity;sid:82882477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2019378)"; flow:established,from_client; content:"GET"; http_method; content:"/public/userbackend/plugins/dropzone/min/tautly.php"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"theholidayroads.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_01_31; reference:url, urlhaus.abuse.ch/url/2019378/; classtype:trojan-activity;sid:82882478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2019365)"; flow:established,from_client; content:"GET"; http_method; content:"/public/userbackend/plugins/dropzone/min/knave.php"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"theholidayroads.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_01_31; reference:url, urlhaus.abuse.ch/url/2019365/; classtype:trojan-activity;sid:82882465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2019358)"; flow:established,from_client; content:"GET"; http_method; content:"/public/userbackend/plugins/dropzone/min/stare.php"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"theholidayroads.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_01_31; reference:url, urlhaus.abuse.ch/url/2019358/; classtype:trojan-activity;sid:82882458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008183)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ngg/modules/photocrati-nextgen_addgallery_page/templates/suicide.php"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"primaflor-sby.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008183/; classtype:trojan-activity;sid:82871283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008178)"; flow:established,from_client; content:"GET"; http_method; content:"/comply.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.crazywickedaddiction.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008178/; classtype:trojan-activity;sid:82871278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008138)"; flow:established,from_client; content:"GET"; http_method; content:"/squalid.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"continentalgroup.net.in"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008138/; classtype:trojan-activity;sid:82871238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008130)"; flow:established,from_client; content:"GET"; http_method; content:"/development/public/uploads/images/categories/beirut.php"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"www.crazywickedaddiction.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008130/; classtype:trojan-activity;sid:82871230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008131)"; flow:established,from_client; content:"GET"; http_method; content:"/belt.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"forms.saurashtrauniversity.edu"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008131/; classtype:trojan-activity;sid:82871231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1891112)"; flow:established,from_client; content:"GET"; http_method; content:"/honduras.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"xenon.studio"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1891112/; classtype:trojan-activity;sid:82754212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1891095)"; flow:established,from_client; content:"GET"; http_method; content:"/assets2/theme/css/gluttonous.php"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"xenon.studio"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1891095/; classtype:trojan-activity;sid:82754195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1891066)"; flow:established,from_client; content:"GET"; http_method; content:"/searching.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xenon.studio"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1891066/; classtype:trojan-activity;sid:82754166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1891070)"; flow:established,from_client; content:"GET"; http_method; content:"/assets2/theme/css/linearization.php"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"xenon.studio"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1891070/; classtype:trojan-activity;sid:82754170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1891071)"; flow:established,from_client; content:"GET"; http_method; content:"/wrongdoer.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xenon.studio"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1891071/; classtype:trojan-activity;sid:82754171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1890257)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/crypta.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"reauthenticator.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1890257/; classtype:trojan-activity;sid:82753357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888166)"; flow:established,from_client; content:"GET"; http_method; content:"/actionably.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888166/; classtype:trojan-activity;sid:82751266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888149)"; flow:established,from_client; content:"GET"; http_method; content:"/roughness.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888149/; classtype:trojan-activity;sid:82751249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888139)"; flow:established,from_client; content:"GET"; http_method; content:"/intermission.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888139/; classtype:trojan-activity;sid:82751239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888114)"; flow:established,from_client; content:"GET"; http_method; content:"/redesign.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888114/; classtype:trojan-activity;sid:82751214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888115)"; flow:established,from_client; content:"GET"; http_method; content:"/antienuretic.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888115/; classtype:trojan-activity;sid:82751215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888106)"; flow:established,from_client; content:"GET"; http_method; content:"/fizz.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888106/; classtype:trojan-activity;sid:82751206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888086)"; flow:established,from_client; content:"GET"; http_method; content:"/designer.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888086/; classtype:trojan-activity;sid:82751186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888092)"; flow:established,from_client; content:"GET"; http_method; content:"/frustrating.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888092/; classtype:trojan-activity;sid:82751192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888081)"; flow:established,from_client; content:"GET"; http_method; content:"/conditioner.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888081/; classtype:trojan-activity;sid:82751181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888082)"; flow:established,from_client; content:"GET"; http_method; content:"/unthinkably.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888082/; classtype:trojan-activity;sid:82751182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888084)"; flow:established,from_client; content:"GET"; http_method; content:"/unexplainable.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888084/; classtype:trojan-activity;sid:82751184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888085)"; flow:established,from_client; content:"GET"; http_method; content:"/whiz.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888085/; classtype:trojan-activity;sid:82751185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1839258)"; flow:established,from_client; content:"GET"; http_method; content:"/shopped.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"greenf.alexion.rs"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1839258/; classtype:trojan-activity;sid:82702358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1839238)"; flow:established,from_client; content:"GET"; http_method; content:"/accumulation.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"greenf.alexion.rs"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1839238/; classtype:trojan-activity;sid:82702338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1839240)"; flow:established,from_client; content:"GET"; http_method; content:"/scuffler.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"greenf.alexion.rs"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1839240/; classtype:trojan-activity;sid:82702340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1839228)"; flow:established,from_client; content:"GET"; http_method; content:"/sublimely.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"muledo.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1839228/; classtype:trojan-activity;sid:82702328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838316)"; flow:established,from_client; content:"GET"; http_method; content:"/ticketing.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"beoauto.alexion.rs"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838316/; classtype:trojan-activity;sid:82701416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838317)"; flow:established,from_client; content:"GET"; http_method; content:"/complicate.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"beoauto.alexion.rs"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838317/; classtype:trojan-activity;sid:82701417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838306)"; flow:established,from_client; content:"GET"; http_method; content:"/blend.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"greenf.alexion.rs"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838306/; classtype:trojan-activity;sid:82701406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838289)"; flow:established,from_client; content:"GET"; http_method; content:"/gastric.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"beoauto.alexion.rs"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838289/; classtype:trojan-activity;sid:82701389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838275)"; flow:established,from_client; content:"GET"; http_method; content:"/flyer.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"greenf.alexion.rs"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838275/; classtype:trojan-activity;sid:82701375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838263)"; flow:established,from_client; content:"GET"; http_method; content:"/acclimated.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"beoauto.alexion.rs"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838263/; classtype:trojan-activity;sid:82701363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838242)"; flow:established,from_client; content:"GET"; http_method; content:"/warmhearted.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"greenf.alexion.rs"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838242/; classtype:trojan-activity;sid:82701342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838244)"; flow:established,from_client; content:"GET"; http_method; content:"/daydream.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"greenf.alexion.rs"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838244/; classtype:trojan-activity;sid:82701344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1837873)"; flow:established,from_client; content:"GET"; http_method; content:"/investigative.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"muledo.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1837873/; classtype:trojan-activity;sid:82700973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1773622)"; flow:established,from_client; content:"GET"; http_method; content:"/semitrailer.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"muledo.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_11_10; reference:url, urlhaus.abuse.ch/url/1773622/; classtype:trojan-activity;sid:82636722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1773603)"; flow:established,from_client; content:"GET"; http_method; content:"/donkey.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"muledo.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_11_10; reference:url, urlhaus.abuse.ch/url/1773603/; classtype:trojan-activity;sid:82636703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1761107)"; flow:established,from_client; content:"GET"; http_method; content:"/svr_netchecker/server.asp|3f|v_command=3002|7c|26|7c|v_progname=sjptmanagerlauncher.exe"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"server.toeicswt.co.kr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_11_07; reference:url, urlhaus.abuse.ch/url/1761107/; classtype:trojan-activity;sid:82624207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1744285)"; flow:established,from_client; content:"GET"; http_method; content:"/chimney.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"lawfirm.paperbirdtech.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1744285/; classtype:trojan-activity;sid:82607385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743733)"; flow:established,from_client; content:"GET"; http_method; content:"/zoologies.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743733/; classtype:trojan-activity;sid:82606833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743713)"; flow:established,from_client; content:"GET"; http_method; content:"/whacked.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743713/; classtype:trojan-activity;sid:82606813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743650)"; flow:established,from_client; content:"GET"; http_method; content:"/toggle.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"lawfirm.paperbirdtech.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743650/; classtype:trojan-activity;sid:82606750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743660)"; flow:established,from_client; content:"GET"; http_method; content:"/unplug.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743660/; classtype:trojan-activity;sid:82606760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1720728)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/medialibrary/012/fucking.php"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"shop.mediasova.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_27; reference:url, urlhaus.abuse.ch/url/1720728/; classtype:trojan-activity;sid:82583828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1720508)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/medialibrary/012/chaperon.php"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"shop.mediasova.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_27; reference:url, urlhaus.abuse.ch/url/1720508/; classtype:trojan-activity;sid:82583608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1704978)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=04a3894062e7d373|7c|26|7c|resid=4a3894062e7d373%21192|7c|26|7c|authkey=ab7i1w77n6tsb3m"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_21; reference:url, urlhaus.abuse.ch/url/1704978/; classtype:trojan-activity;sid:82568078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1698617)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=75ea534baf13442d|7c|26|7c|resid=75ea534baf13442d%21128|7c|26|7c|authkey=akd4vmzywc14zgq|7c|26|7c|em=2"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_20; reference:url, urlhaus.abuse.ch/url/1698617/; classtype:trojan-activity;sid:82561717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1695302)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=07e7986a5bf9243c|7c|26|7c|resid=7e7986a5bf9243c%21490|7c|26|7c|authkey=abhawhbvtpoyc2a"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_19; reference:url, urlhaus.abuse.ch/url/1695302/; classtype:trojan-activity;sid:82558402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1678523)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/vltktanthutn.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kimyen.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_10_14; reference:url, urlhaus.abuse.ch/url/1678523/; classtype:trojan-activity;sid:82541623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1658131)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=539bd593e9568c65|7c|26|7c|resid=539bd593e9568c65%21136|7c|26|7c|authkey=aepr2tr-q36tt8u|7c|26|7c|em=2"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1658131/; classtype:trojan-activity;sid:82521231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1658066)"; flow:established,from_client; content:"GET"; http_method; content:"/secure.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"deagroup-ks.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1658066/; classtype:trojan-activity;sid:82521166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1658054)"; flow:established,from_client; content:"GET"; http_method; content:"/approx.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"deagroup-ks.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1658054/; classtype:trojan-activity;sid:82521154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1658038)"; flow:established,from_client; content:"GET"; http_method; content:"/converting.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"deagroup-ks.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1658038/; classtype:trojan-activity;sid:82521138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1657096)"; flow:established,from_client; content:"GET"; http_method; content:"/update/ana/update.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.teknoarge.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1657096/; classtype:trojan-activity;sid:82520196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1647561)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12ma_yvbmprts6e_vkfnmwikrnwsarqbw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_29; reference:url, urlhaus.abuse.ch/url/1647561/; classtype:trojan-activity;sid:82510661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1641492)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2021/01/spell.php"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"easybrand.vn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1641492/; classtype:trojan-activity;sid:82504592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1641460)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2021/01/stored.php"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"easybrand.vn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1641460/; classtype:trojan-activity;sid:82504560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1640507)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=2cc133e5e8e9b372|7c|26|7c|resid=2cc133e5e8e9b372%21113|7c|26|7c|authkey=agftuffxlpqkaz8|7c|26|7c|em=2"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1640507/; classtype:trojan-activity;sid:82503607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1624890)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1o9jg3oqyewncoptigwscdbtfmvtfqygj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_16; reference:url, urlhaus.abuse.ch/url/1624890/; classtype:trojan-activity;sid:82487990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1619497)"; flow:established,from_client; content:"GET"; http_method; content:"/decapitate.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tiacreation.club"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_14; reference:url, urlhaus.abuse.ch/url/1619497/; classtype:trojan-activity;sid:82482597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1604292)"; flow:established,from_client; content:"GET"; http_method; content:"/promethium.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"lawfirm.paperbirdtech.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2021_09_09; reference:url, urlhaus.abuse.ch/url/1604292/; classtype:trojan-activity;sid:82467392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1602881)"; flow:established,from_client; content:"GET"; http_method; content:"/photon.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"lawfirm.paperbirdtech.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2021_09_08; reference:url, urlhaus.abuse.ch/url/1602881/; classtype:trojan-activity;sid:82465981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1602867)"; flow:established,from_client; content:"GET"; http_method; content:"/philanthropic.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"lawfirm.paperbirdtech.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2021_09_08; reference:url, urlhaus.abuse.ch/url/1602867/; classtype:trojan-activity;sid:82465967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1602778)"; flow:established,from_client; content:"GET"; http_method; content:"/wash.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lawfirm.paperbirdtech.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2021_09_08; reference:url, urlhaus.abuse.ch/url/1602778/; classtype:trojan-activity;sid:82465878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582138)"; flow:established,from_client; content:"GET"; http_method; content:"/coon.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"allendostmen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582138/; classtype:trojan-activity;sid:82445238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582118)"; flow:established,from_client; content:"GET"; http_method; content:"/manly.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"allendostmen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582118/; classtype:trojan-activity;sid:82445218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582106)"; flow:established,from_client; content:"GET"; http_method; content:"/lecher.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"allendostmen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582106/; classtype:trojan-activity;sid:82445206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582015)"; flow:established,from_client; content:"GET"; http_method; content:"/strobing.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"allendostmen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582015/; classtype:trojan-activity;sid:82445115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1560761)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/safmanager/safman_setup.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"www.saf-oil.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_08_24; reference:url, urlhaus.abuse.ch/url/1560761/; classtype:trojan-activity;sid:82423861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503427)"; flow:established,from_client; content:"GET"; http_method; content:"/teachable.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"chat-server.maverickpreviews.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503427/; classtype:trojan-activity;sid:82366527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503410)"; flow:established,from_client; content:"GET"; http_method; content:"/aggressive.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"chat-server.maverickpreviews.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503410/; classtype:trojan-activity;sid:82366510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503377)"; flow:established,from_client; content:"GET"; http_method; content:"/belt.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503377/; classtype:trojan-activity;sid:82366477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503368)"; flow:established,from_client; content:"GET"; http_method; content:"/anarchical.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503368/; classtype:trojan-activity;sid:82366468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503361)"; flow:established,from_client; content:"GET"; http_method; content:"/newborn.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"chat-server.maverickpreviews.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503361/; classtype:trojan-activity;sid:82366461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503351)"; flow:established,from_client; content:"GET"; http_method; content:"/ruckus.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.cutting-edge.in"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503351/; classtype:trojan-activity;sid:82366451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503338)"; flow:established,from_client; content:"GET"; http_method; content:"/unanswerable.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"chat-server.maverickpreviews.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503338/; classtype:trojan-activity;sid:82366438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503341)"; flow:established,from_client; content:"GET"; http_method; content:"/harass.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.cutting-edge.in"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503341/; classtype:trojan-activity;sid:82366441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1497688)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_08_01; reference:url, urlhaus.abuse.ch/url/1497688/; classtype:trojan-activity;sid:82360788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1473823)"; flow:established,from_client; content:"GET"; http_method; content:"/sweat.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.cutting-edge.in"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_07_22; reference:url, urlhaus.abuse.ch/url/1473823/; classtype:trojan-activity;sid:82336923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1470181)"; flow:established,from_client; content:"GET"; http_method; content:"/power.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.106.250.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_21; reference:url, urlhaus.abuse.ch/url/1470181/; classtype:trojan-activity;sid:82333281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1469946)"; flow:established,from_client; content:"GET"; http_method; content:"/hajime"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_21; reference:url, urlhaus.abuse.ch/url/1469946/; classtype:trojan-activity;sid:82333046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1434520)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_07; reference:url, urlhaus.abuse.ch/url/1434520/; classtype:trojan-activity;sid:82297620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422022)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1n8_s6gijerearczwh74blkygodig64eo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422022/; classtype:trojan-activity;sid:82285122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422010)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yfqtugahqhqrulwugdekeavffktsl8ci"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422010/; classtype:trojan-activity;sid:82285110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1391235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sbd1rnw8luztjmsh6gdlzupvyupbopa0|7c|26|7c|revid=0b3yyjts_woklr2vnyxvqohlidxbxn1l2wwjntxfnwvi5v0h3pq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_23; reference:url, urlhaus.abuse.ch/url/1391235/; classtype:trojan-activity;sid:82254335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1378480)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ctmywlj5wouiug1wgizy3ke7yj1u0yor|7c|26|7c|revid=0b_t0-zked1mgagxwmxcwywq5q0q1uk1uoxcwaup6l2ovmtdjpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_19; reference:url, urlhaus.abuse.ch/url/1378480/; classtype:trojan-activity;sid:82241580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1372338)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1alq8r5tnr6wwiftqa3l6d9fymv7y0g9m"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_17; reference:url, urlhaus.abuse.ch/url/1372338/; classtype:trojan-activity;sid:82235438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1371786)"; flow:established,from_client; content:"GET"; http_method; content:"/watercress.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.playtown.co.za"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_06_16; reference:url, urlhaus.abuse.ch/url/1371786/; classtype:trojan-activity;sid:82234886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1371739)"; flow:established,from_client; content:"GET"; http_method; content:"/lining.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.playtown.co.za"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_06_16; reference:url, urlhaus.abuse.ch/url/1371739/; classtype:trojan-activity;sid:82234839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1371719)"; flow:established,from_client; content:"GET"; http_method; content:"/scroungy.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.playtown.co.za"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_06_16; reference:url, urlhaus.abuse.ch/url/1371719/; classtype:trojan-activity;sid:82234819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1369570)"; flow:established,from_client; content:"GET"; http_method; content:"/pinout.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_15; reference:url, urlhaus.abuse.ch/url/1369570/; classtype:trojan-activity;sid:82232670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1369536)"; flow:established,from_client; content:"GET"; http_method; content:"/steeplechases.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_15; reference:url, urlhaus.abuse.ch/url/1369536/; classtype:trojan-activity;sid:82232636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1369533)"; flow:established,from_client; content:"GET"; http_method; content:"/familial.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_15; reference:url, urlhaus.abuse.ch/url/1369533/; classtype:trojan-activity;sid:82232633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1364815)"; flow:established,from_client; content:"GET"; http_method; content:"/update_vbase/voklight.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"visam.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_06_14; reference:url, urlhaus.abuse.ch/url/1364815/; classtype:trojan-activity;sid:82227915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1364597)"; flow:established,from_client; content:"GET"; http_method; content:"/update_vbase/voklightd.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"visam.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_06_14; reference:url, urlhaus.abuse.ch/url/1364597/; classtype:trojan-activity;sid:82227697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1352974)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_06_11; reference:url, urlhaus.abuse.ch/url/1352974/; classtype:trojan-activity;sid:82216074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350653)"; flow:established,from_client; content:"GET"; http_method; content:"/habitual.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350653/; classtype:trojan-activity;sid:82213753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350619)"; flow:established,from_client; content:"GET"; http_method; content:"/ruleless.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350619/; classtype:trojan-activity;sid:82213719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350517)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1tilqozot07vylvdmmsfs7ia452jwhktj|7c|26|7c|revid=0b7gsmqzks4xkcdjcwhuvatj2qvlvchnmnnovu2ldzstek2jzpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350517/; classtype:trojan-activity;sid:82213617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1348672)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1etpmpb2shvuny5dxj5awfpxklxqpbzgx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1348672/; classtype:trojan-activity;sid:82211772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346907)"; flow:established,from_client; content:"GET"; http_method; content:"/toothy.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346907/; classtype:trojan-activity;sid:82210007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346883)"; flow:established,from_client; content:"GET"; http_method; content:"/unpunished.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346883/; classtype:trojan-activity;sid:82209983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346885)"; flow:established,from_client; content:"GET"; http_method; content:"/jordan.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346885/; classtype:trojan-activity;sid:82209985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346871)"; flow:established,from_client; content:"GET"; http_method; content:"/defended.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346871/; classtype:trojan-activity;sid:82209971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1343323)"; flow:established,from_client; content:"GET"; http_method; content:"/hoopoe.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"thementordirectory.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1343323/; classtype:trojan-activity;sid:82206423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1343296)"; flow:established,from_client; content:"GET"; http_method; content:"/donate.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"thementordirectory.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1343296/; classtype:trojan-activity;sid:82206396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1331376)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1b6t1mjnjcvndcy-mdqq0neqrbocqyju4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_06; reference:url, urlhaus.abuse.ch/url/1331376/; classtype:trojan-activity;sid:82194476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1327898)"; flow:established,from_client; content:"GET"; http_method; content:"/inst77player/inst77player_1.0.0.1.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"softdl.360tpcdn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_06_05; reference:url, urlhaus.abuse.ch/url/1327898/; classtype:trojan-activity;sid:82190998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1319551)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nw1gmzg6lwtuhs0tte969xcfpp9_dc5q"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_03; reference:url, urlhaus.abuse.ch/url/1319551/; classtype:trojan-activity;sid:82182651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314584)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqofspqgo4lhe7xt4ky-gkjbc9rgwzgw9rksc_azpw2gotdlnhx9oxc_rgk1zz9mgxxwqoixey0eajp/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314584/; classtype:trojan-activity;sid:82177684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314578)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vszvhw0lywviz_dpqozkdip0orjsf7411ucirwqegcgfxwqqb3nqpbn3d7orqqxnatypulra_ssggie/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314578/; classtype:trojan-activity;sid:82177678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314581)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vr-asdhfa85lnhp1g6rll18x2htnflvy5zggxzrfveecvbhjiwaes9o9w3dn49od7lplixl3u59icjr/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314581/; classtype:trojan-activity;sid:82177681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314569)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqb__8qdiraoo-s_qrzkk8o_8brsuwaeje3ivcd5efhddlux4gw5otilj5ezfenwjzaha-zojj_7srj/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314569/; classtype:trojan-activity;sid:82177669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314562)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqha4kutkvbpn1c9r1jolub-v1dyh36itza-2zhojxuluskoxk6iogpy8b8iscqqjskaf3wduc6oykt/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314562/; classtype:trojan-activity;sid:82177662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314563)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqm_l1o1djktv6pcfwixdz1gjaqrg26rpb3n3uqpk0jqvif91b_irdew7mo34hhhoffbjohoztlmdtp/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314563/; classtype:trojan-activity;sid:82177663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314556)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrxkt9v4qcom-0wjceb6bexufgpr_vdebkc-kra8h7gutbblset1veguumqxs3npiv4qw-7_1kiy3jm/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314556/; classtype:trojan-activity;sid:82177656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314548)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vspnrqtfaftwpvbd8o61fbvozlhc3z0x8jy4glnji-v80xrxnlemgt89l5imnr_7kxst0gn9ydkjj0q/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314548/; classtype:trojan-activity;sid:82177648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314549)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vsftpbjz498ict3ab9-tehopymacl8ygytkgufxpnwlfphfxyyh5jmfj_2llrrddsiu8vypu1ksvp5p/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314549/; classtype:trojan-activity;sid:82177649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314543)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vs1h7txewarzqve-jwxnwcgzibofoz58qrk8kerhmfz8mpippgfjeoijthgmm-tw7lwcipr8acup_ft/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314543/; classtype:trojan-activity;sid:82177643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314544)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vr92cz6z4uh71ogqyzgn6vtdc54xoa0iovizmkmogvekyix648nysfipvt4qto6uvtrp9jsatoeuhk3/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314544/; classtype:trojan-activity;sid:82177644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314545)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtuc-a7s7ylxnfwqp8oxz6no5uwdmabudx-6glkwrnzjwqwgdtcpdvwp0x0l03qdarzrzonj_adevlw/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314545/; classtype:trojan-activity;sid:82177645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314534)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqe1vc-nlfenfgigyaugmmg1dq4l0-haikp9qxkacc32ig0xtg6go8lejdoogo0vfeoie4tcyy4_bn4/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314534/; classtype:trojan-activity;sid:82177634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314535)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vsrvkllojuhzbqokettk0u2b1whglldp35-o1zgt_jlem2z2odwedj0z9sgtukvikdowcuan-0fj5wn/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314535/; classtype:trojan-activity;sid:82177635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314537)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqvbpr6y2jjnkxfpcwt9uv7pqycg6vdoowr-xnakhtl9ns4tk44rpa91em8usoc992uqyrpn6ucy5ep/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314537/; classtype:trojan-activity;sid:82177637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314526)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vq8kqm4rsobvbpga8ncnzs-1xulwuezfri9x1ktowpiijctqe1uq0iged6iq7sa5zuhnh56egsebkoj/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314526/; classtype:trojan-activity;sid:82177626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287391)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtecbrofm9hcrdmzz8g7ktneypnrpr1s7bvyoit3r8jd7rjanmysk9yyuhvzmdp3dmkd-xss7kpyffa/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287391/; classtype:trojan-activity;sid:82150491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287387)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vt544w_wvxhvfskbx2zio7pht-jzhb1nvr7y1qhtxccjopcfxzhm1mottjhjsdudpgs9lfrjcqzoi8n/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287387/; classtype:trojan-activity;sid:82150487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287378)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtcfdv_0srlqbmtfzi6hivmikknsfqd5bubuem-s-mzpzfsva62zyncoy-phkzysuhuddl0yhlyajye/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287378/; classtype:trojan-activity;sid:82150478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287373)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrtnhy8ipm82egefg7zhukj5qwbit31-jlhdsxovff8rcefw2uhpndpuclv_ffrqqdjhxyxympj3ame/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287373/; classtype:trojan-activity;sid:82150473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287333)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vt4iy9nlwuov8hsmpykbfkn1fh1ydp7ms8dudg2ldfjgxf8rumdtzgiw7ukoifo3ap-pb7ybzlcdfqi/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287333/; classtype:trojan-activity;sid:82150433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278913)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtyg409rjv4omi3oujyjsc6ajzflluuz37ofzbpjjihmrewoh2ehp2pwbfllgyy_yzqdrldwcaejvd5/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278913/; classtype:trojan-activity;sid:82142013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278910)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vr1e4kzyqneoh2tjc5rh_unlfwjdo31gedrveg0wdyrprmm3yfdxjqxdvyy535adzu5p9m4mrvdau9v/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278910/; classtype:trojan-activity;sid:82142010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278905)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrvmutaxfc2ewkvy_l_cewfjwv4md_uadqlv4onmlyc0frnp7jod3ru93sm6y-tmoj0nrvbfylt739z/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278905/; classtype:trojan-activity;sid:82142005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278895)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtpholmraa4dir0lg8z5yhqljwbzp0qkypc3jax6d3l0hs6n23kpm2iqgccjvbvug5th443jjbzs2uv/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278895/; classtype:trojan-activity;sid:82141995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278896)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vq6nr-yg49vldzzxliqvpupbajoss2nfxsnsk3khaixmvqydl20mxhttp-qa7mojkwa4osepa76nnbl/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278896/; classtype:trojan-activity;sid:82141996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278899)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqyowyoxata2couqa6uc3gwi59sq5maualr7yfmq6luzvtefqopogncbli8hx6vubkt2b65qerqhzy8/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278899/; classtype:trojan-activity;sid:82141999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1237690)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1m8jszvq-ztfrul7vgsb6q-n3ftgnkbdj|7c|26|7c|revid=0bxrhybf9__wnmgjlnmxmunzznlu0v204azc4edmzcep6a0hzpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_15; reference:url, urlhaus.abuse.ch/url/1237690/; classtype:trojan-activity;sid:82100790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1233306)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gv_nk9llqw4fxudo-khja7nuuj1kevvw|7c|26|7c|revid=0b7zefp-g6n7vm0zhowo4be9pvus4mmh0ymxvd3r6zlu3ylznpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_14; reference:url, urlhaus.abuse.ch/url/1233306/; classtype:trojan-activity;sid:82096406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1228819)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=140vkyfrfhbqkukc2hnw-gsvi5wjw6iyi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_13; reference:url, urlhaus.abuse.ch/url/1228819/; classtype:trojan-activity;sid:82091919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1220349)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1h_dyp_d5lst4akyf2qezxl7j1scvbtvs|7c|26|7c|revid=0b5thckui5i0mdk5moelbnm9vuhnydvjnvwpyq01vrg5xvwhrpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_11; reference:url, urlhaus.abuse.ch/url/1220349/; classtype:trojan-activity;sid:82083449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1199812)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uygnpwzzyzn2rodsrimg0-sloxy_letg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_06; reference:url, urlhaus.abuse.ch/url/1199812/; classtype:trojan-activity;sid:82062912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1198558)"; flow:established,from_client; content:"GET"; http_method; content:"/view/59bmj3vj18vh2/drive/storage/a/files/download|3f|id=625899581658508733"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"sites.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_06; reference:url, urlhaus.abuse.ch/url/1198558/; classtype:trojan-activity;sid:82061658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1184754)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ygn4gkmy9musdp_lgnpyjjh6rskt39vp|7c|26|7c|revid=0b8rbgp2bpeofmk5ta3n3mgjtefbzdevwtk5wwhpjd3yruejjpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_30; reference:url, urlhaus.abuse.ch/url/1184754/; classtype:trojan-activity;sid:82047854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1182816)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zxejnkdwqezrbgani5vjk2y2nhmpkg0z|7c|26|7c|revid=0b-bo0wgwxcblsui1mehkbhrlu01rwxnyrxzxanbdendmbndnpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1182816/; classtype:trojan-activity;sid:82045916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181763)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=mep5euraznm5lmjsb2cuzgf1bs5uzxq6l0lnqudflzavns5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8.exe"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"cfs9.blog.daum.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181763/; classtype:trojan-activity;sid:82044863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181758)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%bf%c0%b7%f9%c7%d8%b0%e1%c7%cf%b1%e2.exe"; http_uri; depth:184; isdataat:!1,relative; nocase; content:"cfs13.tistory.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181758/; classtype:trojan-activity;sid:82044858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181756)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=mdczafhaznmxmc5ibg9nlmrhdw0ubmv0oi9jtufhrs8wlzkwlmv4zq==|7c|26|7c|filename=xp_sp3_%ed%85%8c%eb%a7%88%ed%8c%a8%ec%b9%98.exe"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"cfs10.blog.daum.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181756/; classtype:trojan-activity;sid:82044856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181754)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%d8%b0%ef%bf%bd%ef%bf%bd%cf%b1%ef%bf%bd.exe"; http_uri; depth:232; isdataat:!1,relative; nocase; content:"cfs13.tistory.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181754/; classtype:trojan-activity;sid:82044854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181755)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=metnwe5aznm3lmjsb2cuzgf1bs5uzxq6l0lnqudflzavmc5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe/%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe"; http_uri; depth:303; isdataat:!1,relative; nocase; content:"cfs7.blog.daum.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181755/; classtype:trojan-activity;sid:82044855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1152444)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jpl-uouydm5hypqm67uokyddrblbpxvw|7c|26|7c|revid=0b7zpiprmoc5ubhpwclq0cxdyte5vwtrbymnidznhtgm3bzvrpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_22; reference:url, urlhaus.abuse.ch/url/1152444/; classtype:trojan-activity;sid:82015544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (981797)"; flow:established,from_client; content:"GET"; http_method; content:"/jlbmvdewvq/595265.jpg"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"finpremium.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_28; reference:url, urlhaus.abuse.ch/url/981797/; classtype:trojan-activity;sid:81844897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (957784)"; flow:established,from_client; content:"GET"; http_method; content:"/gamewd/yhdl.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"download.caihong.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_13; reference:url, urlhaus.abuse.ch/url/957784/; classtype:trojan-activity;sid:81820884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (936427)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/bxjesdj7w3meuh7iatiurbsgh/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/936427/; classtype:trojan-activity;sid:81799527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (933461)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.237.25.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_12_20; reference:url, urlhaus.abuse.ch/url/933461/; classtype:trojan-activity;sid:81796561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (765703)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/lm/7cfvaaa9jo/"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ncxps.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_29; reference:url, urlhaus.abuse.ch/url/765703/; classtype:trojan-activity;sid:81628803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (763354)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/hkhchyzdynzpebzcre0lq3l2ddjizwk4f7/"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"xuezha.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_29; reference:url, urlhaus.abuse.ch/url/763354/; classtype:trojan-activity;sid:81626454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (756747)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/rrrv7ilgm2dzpohaklkhewb8rkju15bmqeewccglap/"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"ncxps.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_27; reference:url, urlhaus.abuse.ch/url/756747/; classtype:trojan-activity;sid:81619847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (756736)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/4ld2g8w3rrmhtgvvvpeq2orlcqm71yyxveriw5rzitvii3/"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"ncxps.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_27; reference:url, urlhaus.abuse.ch/url/756736/; classtype:trojan-activity;sid:81619836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (734911)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/esp/"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.steamrub.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_22; reference:url, urlhaus.abuse.ch/url/734911/; classtype:trojan-activity;sid:81598011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (723755)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sites/ci6p05scnuonqslqmehm/"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/723755/; classtype:trojan-activity;sid:81586855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (637433)"; flow:established,from_client; content:"GET"; http_method; content:"/paetools.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"soft.110route.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_01; reference:url, urlhaus.abuse.ch/url/637433/; classtype:trojan-activity;sid:81500533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (613088)"; flow:established,from_client; content:"GET"; http_method; content:"/mikf/gallery-dl/releases/download/v1.15.0/gallery-dl.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_26; reference:url, urlhaus.abuse.ch/url/613088/; classtype:trojan-activity;sid:81476188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (593578)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/jquery/jquery.js"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"chuguadventures.co.tz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_09_22; reference:url, urlhaus.abuse.ch/url/593578/; classtype:trojan-activity;sid:81456678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (554647)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/x7z9wbk77tt6v9/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/554647/; classtype:trojan-activity;sid:81417747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (490516)"; flow:established,from_client; content:"GET"; http_method; content:"/hmatrix/data/hack1226.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cd.textfiles.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_14; reference:url, urlhaus.abuse.ch/url/490516/; classtype:trojan-activity;sid:81353616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (453216)"; flow:established,from_client; content:"GET"; http_method; content:"/enteihacking/mt/master/asycivic.jpg"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_09_04; reference:url, urlhaus.abuse.ch/url/453216/; classtype:trojan-activity;sid:81316316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (453035)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1g_x0a_gnyxai5glsipkq1b2mqknanuw8"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_04; reference:url, urlhaus.abuse.ch/url/453035/; classtype:trojan-activity;sid:81316135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (452177)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=14muad9cmj6mxsd9lrccuo1egxyf5f-ty"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_03; reference:url, urlhaus.abuse.ch/url/452177/; classtype:trojan-activity;sid:81315277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (451466)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yrmkzxf4rmy9utrikbh6rgvsokehbmeo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_02; reference:url, urlhaus.abuse.ch/url/451466/; classtype:trojan-activity;sid:81314566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (447394)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sm7b9902i8v4yitepf6gzomqc84ltloi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_31; reference:url, urlhaus.abuse.ch/url/447394/; classtype:trojan-activity;sid:81310494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (446803)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gavcby-nhlq22ohbgm530exffsrg1aub"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_30; reference:url, urlhaus.abuse.ch/url/446803/; classtype:trojan-activity;sid:81309903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439389)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439389/; classtype:trojan-activity;sid:81302489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438705)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/file/21mnqlvi/oz88535657v7rbazasyth9x8i/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438705/; classtype:trojan-activity;sid:81301805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (436727)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_19; reference:url, urlhaus.abuse.ch/url/436727/; classtype:trojan-activity;sid:81299827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434592)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434592/; classtype:trojan-activity;sid:81297692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434320)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434320/; classtype:trojan-activity;sid:81297420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426974)"; flow:established,from_client; content:"GET"; http_method; content:"/images/t55prjrdcx/0y8615606244201084438n0kq7whr/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"seismophonic.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426974/; classtype:trojan-activity;sid:81290074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426834)"; flow:established,from_client; content:"GET"; http_method; content:"/mail/multifunctional-opqwr-ufzclgypmqdyqd/test-gwcsoulkfmk-ty8impu6it9twbp/lr5ypupy-zotrdjgebh/"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"www.massiv.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426834/; classtype:trojan-activity;sid:81289934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426390)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/open-0627720493640-azq24pffjrm/guarded-space/gxkx9t42ra6yf-6x7uyx330389w/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426390/; classtype:trojan-activity;sid:81289490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426129)"; flow:established,from_client; content:"GET"; http_method; content:"/mail/balance/"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.massiv.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426129/; classtype:trojan-activity;sid:81289229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422458)"; flow:established,from_client; content:"GET"; http_method; content:"/invoice/aog-3515110/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"lindnerelektroanlagen.de"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422458/; classtype:trojan-activity;sid:81285558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (420521)"; flow:established,from_client; content:"GET"; http_method; content:"/css/parts_service/ly944myw/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"hitstation.nl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_28; reference:url, urlhaus.abuse.ch/url/420521/; classtype:trojan-activity;sid:81283621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (419868)"; flow:established,from_client; content:"GET"; http_method; content:"/paradiselost/statement/s7nr8p8ut/"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"damiancollier.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_27; reference:url, urlhaus.abuse.ch/url/419868/; classtype:trojan-activity;sid:81282968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (410755)"; flow:established,from_client; content:"GET"; http_method; content:"/d35ha/processhide/master/bins/processhide32.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_07_10; reference:url, urlhaus.abuse.ch/url/410755/; classtype:trojan-activity;sid:81273855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (390013)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1am1ztjjhswzwdbvue5tke5mbkwjud0w5"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_06_15; reference:url, urlhaus.abuse.ch/url/390013/; classtype:trojan-activity;sid:81253113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (390009)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hd7ffgig6btbzuy2_2kds_t4u637qxjn"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_06_15; reference:url, urlhaus.abuse.ch/url/390009/; classtype:trojan-activity;sid:81253109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (368318)"; flow:established,from_client; content:"GET"; http_method; content:"/threatsim/exe/pdf.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"0022a601.pphost.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_25; reference:url, urlhaus.abuse.ch/url/368318/; classtype:trojan-activity;sid:81231418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (368317)"; flow:established,from_client; content:"GET"; http_method; content:"/threatsim/doc/774d0427cd607b1c09131cc277a68c9edd7cf01499d356bcb1ef4a08e6fc322a.doc"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"0022a601.pphost.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_25; reference:url, urlhaus.abuse.ch/url/368317/; classtype:trojan-activity;sid:81231417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (368315)"; flow:established,from_client; content:"GET"; http_method; content:"/threatsim/exe/xerox01_pdf.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"0022a601.pphost.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_25; reference:url, urlhaus.abuse.ch/url/368315/; classtype:trojan-activity;sid:81231415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (368312)"; flow:established,from_client; content:"GET"; http_method; content:"/threatsim/doc/46cad0e0ca3b2d6d9d3ce691ca2887b18abc80acf0e81799fbb290cce104c8eb.doc"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"0022a601.pphost.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_25; reference:url, urlhaus.abuse.ch/url/368312/; classtype:trojan-activity;sid:81231412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (368311)"; flow:established,from_client; content:"GET"; http_method; content:"/threatsim/exe/njrat.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0022a601.pphost.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_25; reference:url, urlhaus.abuse.ch/url/368311/; classtype:trojan-activity;sid:81231411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (368309)"; flow:established,from_client; content:"GET"; http_method; content:"/threatsim/exe/order_pdf.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"0022a601.pphost.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_25; reference:url, urlhaus.abuse.ch/url/368309/; classtype:trojan-activity;sid:81231409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (368303)"; flow:established,from_client; content:"GET"; http_method; content:"/threatsim/exe/640.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"0022a601.pphost.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_25; reference:url, urlhaus.abuse.ch/url/368303/; classtype:trojan-activity;sid:81231403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (366549)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1pyl4hq8sbp5qatm1zz9vmsze1cuy2uzw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_22; reference:url, urlhaus.abuse.ch/url/366549/; classtype:trojan-activity;sid:81229649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (358751)"; flow:established,from_client; content:"GET"; http_method; content:"/utnl/attack.jpg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"85.204.116.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_06; reference:url, urlhaus.abuse.ch/url/358751/; classtype:trojan-activity;sid:81221851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (355363)"; flow:established,from_client; content:"GET"; http_method; content:"/u/0/uc|3f|id=1osjrfvjdy1vblk4fya98jp5jlnk7rutv|7c|26|7c|export=download"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_01; reference:url, urlhaus.abuse.ch/url/355363/; classtype:trojan-activity;sid:81218463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (351490)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nndvq_2_7doyyuqvcvwmory_4lyrplb7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_04_26; reference:url, urlhaus.abuse.ch/url/351490/; classtype:trojan-activity;sid:81214590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (326350)"; flow:established,from_client; content:"GET"; http_method; content:"/builds/offers/12.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"softcatalog.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_18; reference:url, urlhaus.abuse.ch/url/326350/; classtype:trojan-activity;sid:81189450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322758)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzzcxmzyyqgzzns50axn0b3j5lmnvbtovyxr0ywnolzavmtqwmdawmdawmdawlmv4zq%3d%3d|7c|26|7c|filename=crack-pro20.exe"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"cfs5.tistory.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_08; reference:url, urlhaus.abuse.ch/url/322758/; classtype:trojan-activity;sid:81185858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (318948)"; flow:established,from_client; content:"GET"; http_method; content:"/fuzzbunch/fuzzbunch/master/payloads/doublepulsar-1.3.1.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_02_26; reference:url, urlhaus.abuse.ch/url/318948/; classtype:trojan-activity;sid:81182048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (318947)"; flow:established,from_client; content:"GET"; http_method; content:"/bero1985/berotinypascal/e34bd4164f4b7c27e7cf667dffd9274d33d6dfbe/bin/btpc.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_02_26; reference:url, urlhaus.abuse.ch/url/318947/; classtype:trojan-activity;sid:81182047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (314465)"; flow:established,from_client; content:"GET"; http_method; content:"/fta.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vincentdemiero.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_14; reference:url, urlhaus.abuse.ch/url/314465/; classtype:trojan-activity;sid:81177565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (314464)"; flow:established,from_client; content:"GET"; http_method; content:"/documeynt9897.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"vincentdemiero.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_14; reference:url, urlhaus.abuse.ch/url/314464/; classtype:trojan-activity;sid:81177564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (314463)"; flow:established,from_client; content:"GET"; http_method; content:"/fvs.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vincentdemiero.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_14; reference:url, urlhaus.abuse.ch/url/314463/; classtype:trojan-activity;sid:81177563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (308942)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/wp-lm9-32/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.chenwangqiao.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_02_05; reference:url, urlhaus.abuse.ch/url/308942/; classtype:trojan-activity;sid:81172042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (306649)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/3waa9-ke38h-15/"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.chenwangqiao.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_02_03; reference:url, urlhaus.abuse.ch/url/306649/; classtype:trojan-activity;sid:81169749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (304070)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/file/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.chenwangqiao.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_31; reference:url, urlhaus.abuse.ch/url/304070/; classtype:trojan-activity;sid:81167170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (295821)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/9jsd-lb2-09/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"gsx.life"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_23; reference:url, urlhaus.abuse.ch/url/295821/; classtype:trojan-activity;sid:81158921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (273997)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-snapshots/sites/gxagnw43b99/"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"embalageral.hospedagemdesites.ws"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2019_12_20; reference:url, urlhaus.abuse.ch/url/273997/; classtype:trojan-activity;sid:81137097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (272221)"; flow:established,from_client; content:"GET"; http_method; content:"/about/lm/5oj0ss1de/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dezcom.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_12_19; reference:url, urlhaus.abuse.ch/url/272221/; classtype:trojan-activity;sid:81135321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (267913)"; flow:established,from_client; content:"GET"; http_method; content:"/index_soubory/common_sector/external_area/61551354147_t4d0ky73jjywffgy/"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"oknoplastik.sk"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_12_12; reference:url, urlhaus.abuse.ch/url/267913/; classtype:trojan-activity;sid:81131013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (254738)"; flow:established,from_client; content:"GET"; http_method; content:"/cvd/dist/fileupload/1571723382710/9.915787746614242.jpg"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"cdn.xiaoduoai.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254738/; classtype:trojan-activity;sid:81117838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (254737)"; flow:established,from_client; content:"GET"; http_method; content:"/cvd/dist/fileupload/1571723350789/0.25579108623802416.jpg"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"cdn.xiaoduoai.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254737/; classtype:trojan-activity;sid:81117837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (250781)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/cfvi8aejp75ekq0swtl31sx3jti/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"www.rbcfort.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_01; reference:url, urlhaus.abuse.ch/url/250781/; classtype:trojan-activity;sid:81113881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (247651)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/rd62/"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.rbcfort.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_10_22; reference:url, urlhaus.abuse.ch/url/247651/; classtype:trojan-activity;sid:81110751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240568)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.244.113.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240568/; classtype:trojan-activity;sid:81103668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240403)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.114.191.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240403/; classtype:trojan-activity;sid:81103503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240036)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.151.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240036/; classtype:trojan-activity;sid:81103136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (238008)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.12.99.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/238008/; classtype:trojan-activity;sid:81101108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (237890)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/237890/; classtype:trojan-activity;sid:81100990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222263)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.konsor.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_08_04; reference:url, urlhaus.abuse.ch/url/222263/; classtype:trojan-activity;sid:81085363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222259)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"konsor.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_08_04; reference:url, urlhaus.abuse.ch/url/222259/; classtype:trojan-activity;sid:81085359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222056)"; flow:established,from_client; content:"GET"; http_method; content:"/kaobeitu/news/v1.0.7.31/news_01.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"download.kaobeitu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_08_04; reference:url, urlhaus.abuse.ch/url/222056/; classtype:trojan-activity;sid:81085156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222026)"; flow:established,from_client; content:"GET"; http_method; content:"/kaobeitu/mini/v1.0.7.16/mini_04.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"download.kaobeitu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_08_03; reference:url, urlhaus.abuse.ch/url/222026/; classtype:trojan-activity;sid:81085126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (221598)"; flow:established,from_client; content:"GET"; http_method; content:"/kszip/mini/v1.0.7.31/mini_04.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_01; reference:url, urlhaus.abuse.ch/url/221598/; classtype:trojan-activity;sid:81084698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (221595)"; flow:established,from_client; content:"GET"; http_method; content:"/kszip/news2/v1.0.7.31/news2_02.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_01; reference:url, urlhaus.abuse.ch/url/221595/; classtype:trojan-activity;sid:81084695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (220541)"; flow:established,from_client; content:"GET"; http_method; content:"/25072019_0963.xls"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fakers.co.jp"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_07_29; reference:url, urlhaus.abuse.ch/url/220541/; classtype:trojan-activity;sid:81083641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (219275)"; flow:established,from_client; content:"GET"; http_method; content:"/0996938c001/6e8a2a4f-40ac-464f-9a70-7c67f0a0da19.pdf"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"files.constantcontact.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_07_24; reference:url, urlhaus.abuse.ch/url/219275/; classtype:trojan-activity;sid:81082375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (217486)"; flow:established,from_client; content:"GET"; http_method; content:"/meteoradminz/hidden-tear/zip/master"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_07_17; reference:url, urlhaus.abuse.ch/url/217486/; classtype:trojan-activity;sid:81080586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (210525)"; flow:established,from_client; content:"GET"; http_method; content:"/20.06.2019_130.22.doc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"fakers.co.jp"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_06_20; reference:url, urlhaus.abuse.ch/url/210525/; classtype:trojan-activity;sid:81073625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (208009)"; flow:established,from_client; content:"GET"; http_method; content:"/domains/updateagent/application%20files/upagent.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"old.bullydog.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_06_12; reference:url, urlhaus.abuse.ch/url/208009/; classtype:trojan-activity;sid:81071109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203280)"; flow:established,from_client; content:"GET"; http_method; content:"/download/qt51crk.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.hseda.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_29; reference:url, urlhaus.abuse.ch/url/203280/; classtype:trojan-activity;sid:81066380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203157)"; flow:established,from_client; content:"GET"; http_method; content:"/download/qt51crk.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"hseda.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_28; reference:url, urlhaus.abuse.ch/url/203157/; classtype:trojan-activity;sid:81066257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (202114)"; flow:established,from_client; content:"GET"; http_method; content:"/screenmate/cute/sm1302.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.starcountry.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_26; reference:url, urlhaus.abuse.ch/url/202114/; classtype:trojan-activity;sid:81065214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (201513)"; flow:established,from_client; content:"GET"; http_method; content:"/wj1bsetup.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dl.dzqzd.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_24; reference:url, urlhaus.abuse.ch/url/201513/; classtype:trojan-activity;sid:81064613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200800)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/zorke_release/zorke_asciiverter_v1.00/zke-ascv.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200800/; classtype:trojan-activity;sid:81063900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200798)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/12.2013/nrv-ppwr.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200798/; classtype:trojan-activity;sid:81063898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200771)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/rzr-winner_intro.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"chiptune.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200771/; classtype:trojan-activity;sid:81063871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200770)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/zorke_release/zorke_nfo_file_viewer_v1.00/zke-nfoview.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200770/; classtype:trojan-activity;sid:81063870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (195172)"; flow:established,from_client; content:"GET"; http_method; content:"/eypipe/pipefile/adpopup/adpopup_1382523956.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"goto.stnts.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_13; reference:url, urlhaus.abuse.ch/url/195172/; classtype:trojan-activity;sid:81058272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (185713)"; flow:established,from_client; content:"GET"; http_method; content:"/qrtb.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"xiaoma-10021647.file.myqcloud.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2019_04_26; reference:url, urlhaus.abuse.ch/url/185713/; classtype:trojan-activity;sid:81048813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (184801)"; flow:established,from_client; content:"GET"; http_method; content:"/tqpjo/scan/uftruaemi2h/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"redlk.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_04_25; reference:url, urlhaus.abuse.ch/url/184801/; classtype:trojan-activity;sid:81047901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (176091)"; flow:established,from_client; content:"GET"; http_method; content:"/templates/theme261/css/msg.jpg"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"sk-comtel.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_12; reference:url, urlhaus.abuse.ch/url/176091/; classtype:trojan-activity;sid:81039191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (175833)"; flow:established,from_client; content:"GET"; http_method; content:"/templates/theme261/html/com_contact/category/hp.gf"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"sk-comtel.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_11; reference:url, urlhaus.abuse.ch/url/175833/; classtype:trojan-activity;sid:81038933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (173971)"; flow:established,from_client; content:"GET"; http_method; content:"/file/support/trust/en/042019/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"brightworks.cz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_04_09; reference:url, urlhaus.abuse.ch/url/173971/; classtype:trojan-activity;sid:81037071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (173380)"; flow:established,from_client; content:"GET"; http_method; content:"/programas1/uldqi-i7q4vmdrqzvbbg_qjuhgzkb-vr2/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"aftelecom.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_04_08; reference:url, urlhaus.abuse.ch/url/173380/; classtype:trojan-activity;sid:81036480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (165554)"; flow:established,from_client; content:"GET"; http_method; content:"/secure.myacc.resourses.com/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165554/; classtype:trojan-activity;sid:81028654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (165504)"; flow:established,from_client; content:"GET"; http_method; content:"/i203611254b019514581.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"programandojuntos.us.tempcloudsite.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165504/; classtype:trojan-activity;sid:81028604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (164277)"; flow:established,from_client; content:"GET"; http_method; content:"/corporation/new_invoice/1033530/hijmq-jo_uqgwdlyf-8e/"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164277/; classtype:trojan-activity;sid:81027377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (162770)"; flow:established,from_client; content:"GET"; http_method; content:"/artluz/produtos/sendincsec/support/sec/en_en/03-2019/"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"alarmline.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_20; reference:url, urlhaus.abuse.ch/url/162770/; classtype:trojan-activity;sid:81025870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (161757)"; flow:established,from_client; content:"GET"; http_method; content:"/tomatoleizhutizy/tomatoleizhutizy.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"softdl2.360tpcdn.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_19; reference:url, urlhaus.abuse.ch/url/161757/; classtype:trojan-activity;sid:81024857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (157610)"; flow:established,from_client; content:"GET"; http_method; content:"/stats/f06bn-kgh24-ncoviajp/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_12; reference:url, urlhaus.abuse.ch/url/157610/; classtype:trojan-activity;sid:81020710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (155567)"; flow:established,from_client; content:"GET"; http_method; content:"/rawabijob.hta"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"local-update.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_10; reference:url, urlhaus.abuse.ch/url/155567/; classtype:trojan-activity;sid:81018667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (154627)"; flow:established,from_client; content:"GET"; http_method; content:"/za.ebali"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mitreart.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_07; reference:url, urlhaus.abuse.ch/url/154627/; classtype:trojan-activity;sid:81017727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143834)"; flow:established,from_client; content:"GET"; http_method; content:"/hl2dm/hl2dm_updater.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"update.bruss.org.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_02_23; reference:url, urlhaus.abuse.ch/url/143834/; classtype:trojan-activity;sid:81006934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143833)"; flow:established,from_client; content:"GET"; http_method; content:"/hl2dm/hl2dm%5fupdater.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"update.bruss.org.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_02_23; reference:url, urlhaus.abuse.ch/url/143833/; classtype:trojan-activity;sid:81006933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143333)"; flow:established,from_client; content:"GET"; http_method; content:"/css/out-1773725897.hta"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"globalbank.us"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_02_23; reference:url, urlhaus.abuse.ch/url/143333/; classtype:trojan-activity;sid:81006433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143301)"; flow:established,from_client; content:"GET"; http_method; content:"/pistacchietto/win-python-backdoor/raw/master/win.bat"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_02_23; reference:url, urlhaus.abuse.ch/url/143301/; classtype:trojan-activity;sid:81006401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140156)"; flow:established,from_client; content:"GET"; http_method; content:"/1465810408079_502.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"static.topxgun.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_02_19; reference:url, urlhaus.abuse.ch/url/140156/; classtype:trojan-activity;sid:81003256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (122975)"; flow:established,from_client; content:"GET"; http_method; content:"/data/box.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dusttv.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_02_13; reference:url, urlhaus.abuse.ch/url/122975/; classtype:trojan-activity;sid:80986075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (121029)"; flow:established,from_client; content:"GET"; http_method; content:"/active/pcclear_eng_mini.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"down.pcclear.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_02_10; reference:url, urlhaus.abuse.ch/url/121029/; classtype:trojan-activity;sid:80984129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (116990)"; flow:established,from_client; content:"GET"; http_method; content:"/ltbx_h3dtc-obppcj/maj/messages/2019-02/"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"airlife.bget.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_02_04; reference:url, urlhaus.abuse.ch/url/116990/; classtype:trojan-activity;sid:80980090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (115233)"; flow:established,from_client; content:"GET"; http_method; content:"/files/sanghyun-guest.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sanghyun.nfile.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_02_01; reference:url, urlhaus.abuse.ch/url/115233/; classtype:trojan-activity;sid:80978333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (115231)"; flow:established,from_client; content:"GET"; http_method; content:"/files/sanghyun.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sanghyun.nfile.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_02_01; reference:url, urlhaus.abuse.ch/url/115231/; classtype:trojan-activity;sid:80978331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112779)"; flow:established,from_client; content:"GET"; http_method; content:"/files/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"sg123.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112779/; classtype:trojan-activity;sid:80975879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112648)"; flow:established,from_client; content:"GET"; http_method; content:"/files/install.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sg123.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112648/; classtype:trojan-activity;sid:80975748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112647)"; flow:established,from_client; content:"GET"; http_method; content:"/files/install.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"igra123.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112647/; classtype:trojan-activity;sid:80975747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112642)"; flow:established,from_client; content:"GET"; http_method; content:"/files/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"igra123.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112642/; classtype:trojan-activity;sid:80975742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (111691)"; flow:established,from_client; content:"GET"; http_method; content:"/files/haeum.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"haeum.nfile.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_01_28; reference:url, urlhaus.abuse.ch/url/111691/; classtype:trojan-activity;sid:80974791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (110142)"; flow:established,from_client; content:"GET"; http_method; content:"/%d3%b2%bc%fe%d0%c5%cf%a2%b2%e9%bf%b4%c6%f7.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"down.54nb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_01_25; reference:url, urlhaus.abuse.ch/url/110142/; classtype:trojan-activity;sid:80973242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (109220)"; flow:established,from_client; content:"GET"; http_method; content:"/de_de/tejqsyf3366492/ger/rechnungszahlung/"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"blogs.sokun.jp"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_01_24; reference:url, urlhaus.abuse.ch/url/109220/; classtype:trojan-activity;sid:80972320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (108283)"; flow:established,from_client; content:"GET"; http_method; content:"/bigfile/v1/urls/d/4qnwtdd-4xsuuy1xlrmzcibqjfu/ihdzyo55cus7ds4lmmkxpa"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"attach.mail.daum.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_01_23; reference:url, urlhaus.abuse.ch/url/108283/; classtype:trojan-activity;sid:80971383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106006)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin128.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106006/; classtype:trojan-activity;sid:80969106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106003)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin133.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106003/; classtype:trojan-activity;sid:80969103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106002)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd156.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106002/; classtype:trojan-activity;sid:80969102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106000)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin130.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106000/; classtype:trojan-activity;sid:80969100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105999)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin142.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105999/; classtype:trojan-activity;sid:80969099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105998)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd124.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105998/; classtype:trojan-activity;sid:80969098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105997)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin141.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105997/; classtype:trojan-activity;sid:80969097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105996)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd127.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105996/; classtype:trojan-activity;sid:80969096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105992)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd145.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105992/; classtype:trojan-activity;sid:80969092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105991)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin140.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105991/; classtype:trojan-activity;sid:80969091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105988)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd144.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105988/; classtype:trojan-activity;sid:80969088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105985)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd136.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105985/; classtype:trojan-activity;sid:80969085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105976)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin139.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105976/; classtype:trojan-activity;sid:80969076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105975)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd137.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105975/; classtype:trojan-activity;sid:80969075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105558)"; flow:established,from_client; content:"GET"; http_method; content:"/n/tui/ciqinmishi/6/cqms.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"bundle.kpzip.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_01_18; reference:url, urlhaus.abuse.ch/url/105558/; classtype:trojan-activity;sid:80968658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105407)"; flow:established,from_client; content:"GET"; http_method; content:"/hkhe3fktc/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"atkcgnew.evgeni7e.beget.tech"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_01_18; reference:url, urlhaus.abuse.ch/url/105407/; classtype:trojan-activity;sid:80968507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (104016)"; flow:established,from_client; content:"GET"; http_method; content:"/drop/css/obr.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.myvcart.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_01_16; reference:url, urlhaus.abuse.ch/url/104016/; classtype:trojan-activity;sid:80967116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (102706)"; flow:established,from_client; content:"GET"; http_method; content:"/autoguarder/autoguarder_2.3.7.350.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"softdl4.360.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_01_12; reference:url, urlhaus.abuse.ch/url/102706/; classtype:trojan-activity;sid:80965806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (102548)"; flow:established,from_client; content:"GET"; http_method; content:"/doumai/tips/v1.0.1.11/tips_01.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"download.doumaibiji.cn"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_01_11; reference:url, urlhaus.abuse.ch/url/102548/; classtype:trojan-activity;sid:80965648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (102545)"; flow:established,from_client; content:"GET"; http_method; content:"/doumai/fmt/v1.0.1.11/fmt_01.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"download.doumaibiji.cn"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_01_11; reference:url, urlhaus.abuse.ch/url/102545/; classtype:trojan-activity;sid:80965645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (98628)"; flow:established,from_client; content:"GET"; http_method; content:"/6nqq.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.hostingcloud.science"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2018_12_21; reference:url, urlhaus.abuse.ch/url/98628/; classtype:trojan-activity;sid:80961728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (96625)"; flow:established,from_client; content:"GET"; http_method; content:"/iuia-qgkdtq2rfbxd7z_ljiaengvq-4cy/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.ardguisser.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2018_12_17; reference:url, urlhaus.abuse.ch/url/96625/; classtype:trojan-activity;sid:80959725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95728)"; flow:established,from_client; content:"GET"; http_method; content:"/game/download/zip/waigua/shiqi/2003/06/20030620.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"veryboys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95728/; classtype:trojan-activity;sid:80958828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95727)"; flow:established,from_client; content:"GET"; http_method; content:"/game/download/zip/waigua/mir2/2003/05/200305252.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"veryboys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95727/; classtype:trojan-activity;sid:80958827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95726)"; flow:established,from_client; content:"GET"; http_method; content:"/game/download/zip/waigua/mu/2003/07/20030721.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"veryboys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95726/; classtype:trojan-activity;sid:80958826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95634)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/guochang/setup_tvplayer.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.okhan.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95634/; classtype:trojan-activity;sid:80958734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95633)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/youxi/okhan.net-2wn.rar"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.okhan.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95633/; classtype:trojan-activity;sid:80958733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95550)"; flow:established,from_client; content:"GET"; http_method; content:"/game/download/zip/waigua/mir2/2003/05/20030520.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"veryboys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95550/; classtype:trojan-activity;sid:80958650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95509)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/anquan/pjbingdianhuanyuan.rar"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"www.okhan.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95509/; classtype:trojan-activity;sid:80958609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95209)"; flow:established,from_client; content:"GET"; http_method; content:"/us/information/122018/"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_14; reference:url, urlhaus.abuse.ch/url/95209/; classtype:trojan-activity;sid:80958309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95078)"; flow:established,from_client; content:"GET"; http_method; content:"/us/information/122018"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_14; reference:url, urlhaus.abuse.ch/url/95078/; classtype:trojan-activity;sid:80958178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94279)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/20140812/14078161556897.rar"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"static.3001.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94279/; classtype:trojan-activity;sid:80957379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94199)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/youxi/okhan.net-2wn.rar"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"okhan.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94199/; classtype:trojan-activity;sid:80957299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94194)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/anquan/pjbingdianhuanyuan.rar"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"okhan.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94194/; classtype:trojan-activity;sid:80957294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (92354)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/3"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"itssprout.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_10; reference:url, urlhaus.abuse.ch/url/92354/; classtype:trojan-activity;sid:80955454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (92351)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/2"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"itssprout.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_10; reference:url, urlhaus.abuse.ch/url/92351/; classtype:trojan-activity;sid:80955451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (92344)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"itssprout.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_10; reference:url, urlhaus.abuse.ch/url/92344/; classtype:trojan-activity;sid:80955444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (86730)"; flow:established,from_client; content:"GET"; http_method; content:"/076360tad/oamo/business/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_11_29; reference:url, urlhaus.abuse.ch/url/86730/; classtype:trojan-activity;sid:80949830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (86203)"; flow:established,from_client; content:"GET"; http_method; content:"/076360tad/oamo/business"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/86203/; classtype:trojan-activity;sid:80949303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85967)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/rc1veeex.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/85967/; classtype:trojan-activity;sid:80949067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85901)"; flow:established,from_client; content:"GET"; http_method; content:"/tekiwanatain/installer.rar"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/85901/; classtype:trojan-activity;sid:80949001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85881)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/5fg9yjwr.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85881/; classtype:trojan-activity;sid:80948981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85879)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/a9to40e7.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85879/; classtype:trojan-activity;sid:80948979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85878)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/e6i8pdc0.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85878/; classtype:trojan-activity;sid:80948978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85877)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-07/28/117228/4wtjdjio.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85877/; classtype:trojan-activity;sid:80948977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85876)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/zwy1q6k0.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85876/; classtype:trojan-activity;sid:80948976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85874)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/06/98428/07c9mfhe.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85874/; classtype:trojan-activity;sid:80948974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (82382)"; flow:established,from_client; content:"GET"; http_method; content:"/download/%e8%99%9a%e6%8b%9f%e5%85%89%e9%a9%b1_11@10349.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"cl.ssouy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_11_19; reference:url, urlhaus.abuse.ch/url/82382/; classtype:trojan-activity;sid:80945482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (79342)"; flow:established,from_client; content:"GET"; http_method; content:"/bigfile/v1/urls/d/1gpusd8uwnakepjjehixnayfekq/kbdjubux_j-nvjot1z-mdw"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"attach.mail.daum.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2018_11_13; reference:url, urlhaus.abuse.ch/url/79342/; classtype:trojan-activity;sid:80942442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (71185)"; flow:established,from_client; content:"GET"; http_method; content:"/nykol16/kepek.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_26; reference:url, urlhaus.abuse.ch/url/71185/; classtype:trojan-activity;sid:80934285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (67517)"; flow:established,from_client; content:"GET"; http_method; content:"/bbs/attachment/forum/201106/03/153053ki5kbisfbc8316i3.rar"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"attach.66rpg.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_10_13; reference:url, urlhaus.abuse.ch/url/67517/; classtype:trojan-activity;sid:80930617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (67516)"; flow:established,from_client; content:"GET"; http_method; content:"/bbs/attachment/forum/201403/02/104411hqzp4rto4ro94qpz.rar"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"attach.66rpg.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_10_13; reference:url, urlhaus.abuse.ch/url/67516/; classtype:trojan-activity;sid:80930616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (67474)"; flow:established,from_client; content:"GET"; http_method; content:"/bbs/attachment/forum/201108/22/215335elkpi66piz56eii9.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"attach.66rpg.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_10_12; reference:url, urlhaus.abuse.ch/url/67474/; classtype:trojan-activity;sid:80930574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (67439)"; flow:established,from_client; content:"GET"; http_method; content:"/zoolatogato/xruhbmzvlaghfnqcerrv.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_12; reference:url, urlhaus.abuse.ch/url/67439/; classtype:trojan-activity;sid:80930539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (66694)"; flow:established,from_client; content:"GET"; http_method; content:"/autoup/client/aqclient.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"pay.aqiu6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_10_11; reference:url, urlhaus.abuse.ch/url/66694/; classtype:trojan-activity;sid:80929794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (66274)"; flow:established,from_client; content:"GET"; http_method; content:"/toneraruhaz/wp-admin/network/installer.rar"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_09; reference:url, urlhaus.abuse.ch/url/66274/; classtype:trojan-activity;sid:80929374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (66164)"; flow:established,from_client; content:"GET"; http_method; content:"/fvlmodell/letoltes/files/scalecalc.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_09; reference:url, urlhaus.abuse.ch/url/66164/; classtype:trojan-activity;sid:80929264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (59247)"; flow:established,from_client; content:"GET"; http_method; content:"/vqd0d5/"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"robertrowe.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_09_23; reference:url, urlhaus.abuse.ch/url/59247/; classtype:trojan-activity;sid:80922347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (57935)"; flow:established,from_client; content:"GET"; http_method; content:"/factures-09-2018/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hasalltalent.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_09_19; reference:url, urlhaus.abuse.ch/url/57935/; classtype:trojan-activity;sid:80921035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (57059)"; flow:established,from_client; content:"GET"; http_method; content:"/document/en/need-to-send-the-attachment"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"vgd.vg"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2018_09_17; reference:url, urlhaus.abuse.ch/url/57059/; classtype:trojan-activity;sid:80920159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (56449)"; flow:established,from_client; content:"GET"; http_method; content:"/7mn5zo8d/"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vgd.vg"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2018_09_14; reference:url, urlhaus.abuse.ch/url/56449/; classtype:trojan-activity;sid:80919549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (38013)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/gxfqfem5m813nva/firefox_67.3.39.js"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_02; reference:url, urlhaus.abuse.ch/url/38013/; classtype:trojan-activity;sid:80901113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (38011)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/dqrsgzlf8jeefw0/firefox_67.3.45.js"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_02; reference:url, urlhaus.abuse.ch/url/38011/; classtype:trojan-activity;sid:80901111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (38009)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/g4is5u674v6l2yy/firefox_67.3.16.js"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_02; reference:url, urlhaus.abuse.ch/url/38009/; classtype:trojan-activity;sid:80901109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (28277)"; flow:established,from_client; content:"GET"; http_method; content:"/mc_setup.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"crimefreesoftware.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2018_07_04; reference:url, urlhaus.abuse.ch/url/28277/; classtype:trojan-activity;sid:80891377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (16630)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/past-due-invoice/"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"robertrowe.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_06_07; reference:url, urlhaus.abuse.ch/url/16630/; classtype:trojan-activity;sid:80879730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (15711)"; flow:established,from_client; content:"GET"; http_method; content:"/status/auditor-of-state-notification-of-eft-deposit/"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"robertrowe.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_06_05; reference:url, urlhaus.abuse.ch/url/15711/; classtype:trojan-activity;sid:80878811; rev:1;) # Number of entries: 19777